imp.js tracker.tradedoubler trotz virenprogramm und malwarebytes

ryder · 06.03.2013, 16:18

Wir müssen das Problem eben einkreisen

Frankee111 · 07.03.2013, 10:32

Lieber Ryder, einkreisen ist gut! Und dann direkt standrechtlich erschießen, die Sau!!!

Anbei die Ergebnisse des Junkware Removal Tools & des OTL-Scans!

P.S.:

1.Firefox habe ich jetzt mal installiert, aber bislang hat sich das Problem darüber "noch nicht" zu Wort gemeldet (was aber erstmal noch nix heißt, da das beim Explorer auch nicht immer sofort erscheint).

2.Regulär schütze ich meinen Rechner ja mit der Gratis-Software von AVIRA (die mir bislang immer gute Dienste geleistet hat) Natürlich habe ich (nach Auftreten des Problems) den Avira-Antiviren-Scan nun schon mehrfach drüber laufen lassen - bislang grundsätzlich IMMER mit dem Ergebnis, dass auf meinem Rechner nichts bedrohliches gefunden wurde (0 Funde).

Heute Morgen allerdings, kurz nach der Installation (oder sogar schon währenddessen) von Firefox, meldete sich plötzlich Avira und sagte mir, dass es nun wohl doch einen Trojaner auf meinem Rechner entdeckt und direkt weiter in Quarantäne verschoben hat. Obwohl das Problem nun schon seit >14 Tagen besteht, hat Avira das bisher noch nie angezeigt. Jetzt allerdings schon

So viel erstmal für den Moment von meiner Seite und wie immer: Vorab ein liebes Dankeschön für all die Mühe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Samsung on 07.03.2013 at 9:03:09,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] sprotection
Successfully deleted: [Service] sprotection

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\browser infrastructure helper
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminent
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminentmessenger
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\smartbarbackup
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\iminent.webbooster.internetexplorer.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.downloadargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.linktopromoteargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.rawdataargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.tinyurlargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.virallinkargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.clientcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.contractbase
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.addtousercontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.checkloginstatuscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.cleancachecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.gameovercallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getcreditcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getinstallationcontextcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getloginstatuscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getloginstatusresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getvariablecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getvariableresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.installationcontextresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loadcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loadcontentcommandresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.logincommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loginstatuschangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.logoutcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.mergeidentitycommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.myaccountcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.playcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.postcontentcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.recycleviewscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.setvariablecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showbrowserwindowcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showcontrolcentercommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showpluginwindowcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.usercontentchangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.variablechangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.warmupcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.welcomecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.servercommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.serverresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.lightcontent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.lighturi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.mediatorserviceproxy
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.activecontenthandle.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.activecontenthandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.browserhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.browserhelperobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.scriptextender
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.scriptextender.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.tinyurlhandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.tinyurlhandler.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{31ad400d-1b06-4e33-a59a-90c2c140cba0}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a09ab6eb-31b5-454c-97ec-9b294d92ee2a}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a09ab6eb-31b5-454c-97ec-9b294d92ee2a}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\iminent"
Failed to delete: [Folder] "C:\Users\Samsung\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Users\Samsung\appdata\locallow\smartbar"
Failed to delete: [Folder] "C:\Program Files (x86)\iminent"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\umbrella"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.03.2013 at 9:18:22,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 3/7/2013 9:55:09 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Samsung\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.98 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 64.02% Memory free
7.96 Gb Paging File | 6.37 Gb Available in Paging File | 80.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 178.00 Gb Total Space | 96.79 Gb Free Space | 54.38% Space Free | Partition Type: NTFS
Drive D: | 265.39 Gb Total Space | 265.29 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-PC | User Name: Samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/07 09:55:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samsung\Downloads\OTL (1).exe
PRC - [2013/03/04 16:23:20 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/03/04 16:22:53 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013/03/04 16:22:48 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/03/04 16:22:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/02/10 16:00:14 | 000,013,824 | ---- | M] (Smartbar) -- C:\Users\Samsung\AppData\Local\Smartbar\Application\QuickShare.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/04 11:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2011/01/04 14:06:42 | 007,060,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
PRC - [2010/12/23 07:07:58 | 000,945,232 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/11/29 06:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
PRC - [2010/11/17 09:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/11/10 00:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2010/08/27 02:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/07 08:49:11 | 000,911,432 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013/03/07 08:49:10 | 008,013,664 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013/03/07 08:49:10 | 000,139,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013/03/07 08:49:10 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
MOD - [2013/02/14 10:42:36 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/14 10:42:32 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/14 10:42:00 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/10 16:00:12 | 000,023,040 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013/02/10 16:00:10 | 001,575,424 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013/02/10 16:00:10 | 000,037,888 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013/02/10 16:00:08 | 000,007,680 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013/02/10 15:57:20 | 000,650,240 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013/02/10 15:57:16 | 000,040,960 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013/02/10 15:57:12 | 000,044,032 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013/02/10 15:57:12 | 000,018,944 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2013/02/10 15:57:10 | 000,051,200 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013/02/10 15:57:08 | 000,073,728 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013/02/10 15:57:06 | 000,062,976 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013/02/10 15:57:06 | 000,018,944 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013/02/10 15:57:06 | 000,013,312 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013/02/10 15:57:06 | 000,006,144 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013/02/10 15:57:04 | 000,012,800 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013/02/10 15:57:02 | 000,074,752 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013/02/10 15:57:02 | 000,012,288 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013/02/10 15:57:02 | 000,009,728 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013/02/10 15:57:02 | 000,007,168 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013/02/10 15:57:02 | 000,007,168 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013/01/11 14:05:29 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013/01/10 13:34:50 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/10 13:34:49 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/10 13:34:48 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 13:33:40 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 13:32:58 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 13:32:50 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 13:32:48 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 13:32:32 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/21 04:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/21 04:24:01 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/11/13 00:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/10/25 13:44:50 | 001,973,760 | ---- | M] () -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
MOD - [2010/07/05 11:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011/02/27 20:48:28 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/03/04 16:23:20 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/04 16:22:53 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/03/04 16:22:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/27 15:13:09 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/05 04:45:32 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/03/04 16:23:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/03/04 16:23:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/03/04 16:23:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/25 03:42:16 | 000,258,896 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/27 22:07:40 | 009,079,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/27 20:11:30 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/27 06:35:26 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/16 21:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/23 08:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/18 06:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/12 15:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/12 15:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/11/10 00:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/10/07 03:59:00 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\SearchScopes,DefaultScope = {5FA16B80-F9C6-407C-9FCD-673E15BE08B3}
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\SearchScopes\{5FA16B80-F9C6-407C-9FCD-673E15BE08B3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=74e9a338-0b46-4000-b0ee-002749ea17c7&apn_sauid=B6328AEC-C8DE-40C7-988E-5AA3CB4A9344
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 08:50:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/03/07 08:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/01/05 04:45:48 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/05 04:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/05 04:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/02/22 16:02:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012/12/13 09:01:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple [2012/08/04 14:56:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2012/08/04 14:57:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Atheros [2011/07/17 06:27:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ATI [2011/07/17 06:25:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Avira [2013/03/04 16:28:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2011/07/17 06:42:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Google [2012/11/14 09:00:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2013/03/02 16:45:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/08/08 13:52:24 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Mozilla [2013/03/07 08:50:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2012/08/04 13:04:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2011/07/17 07:04:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SAMSUNG [2011/07/17 08:05:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012/09/13 22:27:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/07/17 07:04:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Temp [2013/03/03 13:35:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\VirtualizedApplications [2012/08/09 08:04:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2011/07/17 07:13:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WinClon [2012/08/01 00:48:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log ()
O4 - Startup: C:\Users\All Users\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log ()
O4 - Startup: C:\Users\All Users\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log ()
O4 - Startup: C:\Users\All Users\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log ()
O4 - Startup: C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/08/04 14:58:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log ()
O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2013/03/07 08:51:11 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009/07/14 05:54:24 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011/07/17 21:23:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Anwendungsdaten [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\AppData [2012/07/31 14:58:38 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Samsung\Contacts [2012/08/06 09:10:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Cookies [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Desktop [2013/03/07 09:18:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Documents [2013/03/06 18:26:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Downloads [2013/03/07 09:55:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Druckumgebung [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Eigene Dateien [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Favorites [2013/02/26 15:04:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Links [2012/08/06 09:10:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Lokale Einstellungen [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Music [2012/08/06 09:10:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Netzwerkumgebung [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\NTUSER.DAT ()
O4 - Startup: C:\Users\Samsung\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Samsung\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Samsung\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Samsung\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Samsung\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Samsung\ntuser.ini ()
O4 - Startup: C:\Users\Samsung\Pictures [2013/02/01 13:22:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Recent [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Saved Games [2013/01/18 19:32:09 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Searches [2012/08/06 09:10:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\SendTo [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Startmenü [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Videos [2012/08/06 09:10:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Vorlagen [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{455CEDC0-0519-4ECA-94BD-4AD1E6A9536B}: DhcpNameServer = 192.168.220.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/07 09:54:47 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\%LOCALAPPDATA%
[2013/03/07 09:03:07 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/03/07 09:02:53 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/07 09:02:53 | 000,000,000 | ---D | C] -- \JRT
[2013/03/07 08:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/07 08:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/07 08:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/07 08:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013/03/07 08:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013/03/04 16:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/04 16:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/03/04 16:28:17 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013/03/04 16:28:17 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013/03/04 16:28:17 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013/03/04 16:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/03/02 16:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/22 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/22 16:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/22 16:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/22 16:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/22 16:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/07 09:15:02 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/07 09:12:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/07 09:07:09 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/07 09:07:09 | 000,654,610 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/03/07 09:07:09 | 000,616,452 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/07 09:07:09 | 000,130,192 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/03/07 09:07:09 | 000,106,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/07 08:48:04 | 000,000,635 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013/03/07 08:48:03 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 08:48:03 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 08:39:47 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/07 08:39:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/07 08:39:31 | 4273,917,952 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/04 16:23:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013/03/04 16:23:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013/03/04 16:23:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013/02/22 16:03:00 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/14 10:33:42 | 000,277,648 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/03/07 08:50:35 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/07 08:47:52 | 000,000,635 | ---- | C] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013/02/22 16:03:00 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/08 13:51:53 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/17 22:14:41 | 4273,917,952 | -HS- | C] () -- \hiberfil.sys
[2011/07/17 21:08:55 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/07/17 21:07:31 | 000,003,143 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/07/17 08:05:55 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/07/17 07:54:47 | 000,000,918 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/07/17 07:18:04 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/07/17 06:30:26 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/22 16:02:57 | 000,000,000 | ---D | M] -- C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/07/17 08:05:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\SAMSUNG
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2013/03/03 13:35:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2012/08/09 08:04:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\VirtualizedApplications
[2011/07/17 07:13:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
[2012/08/01 00:48:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\WinClon
[2012/08/04 14:58:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2009/07/14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2013/03/07 08:51:11 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009/07/14 05:54:24 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2011/07/17 21:23:00 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Anwendungsdaten
[2012/07/31 14:58:38 | 000,000,000 | -H-D | M] -- C:\Users\Samsung\AppData
[2012/08/06 09:10:12 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Contacts
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Cookies
[2013/03/07 09:18:22 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Desktop
[2013/03/06 18:26:59 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Documents
[2013/03/07 09:55:00 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Downloads
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Druckumgebung
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Eigene Dateien
[2013/02/26 15:04:20 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Favorites
[2012/08/06 09:10:12 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Links
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Lokale Einstellungen
[2012/08/06 09:10:12 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Music
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Netzwerkumgebung
[2013/02/01 13:22:35 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Pictures
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Recent
[2013/01/18 19:32:09 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Saved Games
[2012/08/06 09:10:12 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Searches
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\SendTo
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Startmenü
[2012/08/06 09:10:12 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Videos
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Vorlagen
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 3/7/2013 9:55:09 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Samsung\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.98 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 64.02% Memory free
7.96 Gb Paging File | 6.37 Gb Available in Paging File | 80.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 178.00 Gb Total Space | 96.79 Gb Free Space | 54.38% Space Free | Partition Type: NTFS
Drive D: | 265.39 Gb Total Space | 265.29 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-PC | User Name: Samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/07 09:55:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samsung\Downloads\OTL (1).exe
PRC - [2013/03/04 16:23:20 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/03/04 16:22:53 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013/03/04 16:22:48 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/03/04 16:22:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/02/10 16:00:14 | 000,013,824 | ---- | M] (Smartbar) -- C:\Users\Samsung\AppData\Local\Smartbar\Application\QuickShare.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/04 11:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2011/01/04 14:06:42 | 007,060,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
PRC - [2010/12/23 07:07:58 | 000,945,232 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/11/29 06:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
PRC - [2010/11/17 09:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/11/10 00:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2010/08/27 02:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/07 08:49:11 | 000,911,432 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013/03/07 08:49:10 | 008,013,664 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013/03/07 08:49:10 | 000,139,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013/03/07 08:49:10 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
MOD - [2013/02/14 10:42:36 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/14 10:42:32 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/14 10:42:00 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/10 16:00:12 | 000,023,040 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013/02/10 16:00:10 | 001,575,424 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013/02/10 16:00:10 | 000,037,888 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013/02/10 16:00:08 | 000,007,680 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013/02/10 15:57:20 | 000,650,240 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013/02/10 15:57:16 | 000,040,960 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013/02/10 15:57:12 | 000,044,032 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013/02/10 15:57:12 | 000,018,944 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2013/02/10 15:57:10 | 000,051,200 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013/02/10 15:57:08 | 000,073,728 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013/02/10 15:57:06 | 000,062,976 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013/02/10 15:57:06 | 000,018,944 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013/02/10 15:57:06 | 000,013,312 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013/02/10 15:57:06 | 000,006,144 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013/02/10 15:57:04 | 000,012,800 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013/02/10 15:57:02 | 000,074,752 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013/02/10 15:57:02 | 000,012,288 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013/02/10 15:57:02 | 000,009,728 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013/02/10 15:57:02 | 000,007,168 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013/02/10 15:57:02 | 000,007,168 | ---- | M] () -- C:\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013/01/11 14:05:29 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013/01/10 13:34:50 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/10 13:34:49 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/10 13:34:48 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 13:33:40 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 13:32:58 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 13:32:50 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 13:32:48 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 13:32:32 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/21 04:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/21 04:24:01 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/11/13 00:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/10/25 13:44:50 | 001,973,760 | ---- | M] () -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
MOD - [2010/07/05 11:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011/02/27 20:48:28 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/03/04 16:23:20 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/04 16:22:53 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/03/04 16:22:48 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/27 15:13:09 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/05 04:45:32 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/03/04 16:23:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/03/04 16:23:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/03/04 16:23:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/25 03:42:16 | 000,258,896 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/27 22:07:40 | 009,079,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/27 20:11:30 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/27 06:35:26 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/16 21:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/23 08:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/18 06:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/12 15:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/12 15:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/11/10 00:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/10/07 03:59:00 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\SearchScopes,DefaultScope = {5FA16B80-F9C6-407C-9FCD-673E15BE08B3}
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\SearchScopes\{5FA16B80-F9C6-407C-9FCD-673E15BE08B3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=74e9a338-0b46-4000-b0ee-002749ea17c7&apn_sauid=B6328AEC-C8DE-40C7-988E-5AA3CB4A9344
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 08:50:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/03/07 08:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/01/05 04:45:48 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/05 04:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/05 04:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/02/22 16:02:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012/12/13 09:01:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple [2012/08/04 14:56:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2012/08/04 14:57:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Atheros [2011/07/17 06:27:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ATI [2011/07/17 06:25:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Avira [2013/03/04 16:28:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2011/07/17 06:42:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Google [2012/11/14 09:00:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2013/03/02 16:45:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2012/08/08 13:52:24 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Mozilla [2013/03/07 08:50:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2012/08/04 13:04:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2011/07/17 07:04:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SAMSUNG [2011/07/17 08:05:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012/09/13 22:27:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Symantec [2011/07/17 07:04:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Temp [2013/03/03 13:35:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\VirtualizedApplications [2012/08/09 08:04:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WildTangent [2011/07/17 07:13:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WinClon [2012/08/01 00:48:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log ()
O4 - Startup: C:\Users\All Users\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log ()
O4 - Startup: C:\Users\All Users\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log ()
O4 - Startup: C:\Users\All Users\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log ()
O4 - Startup: C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/08/04 14:58:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log ()
O4 - Startup: C:\Users\Default\AppData [2009/07/14 04:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009/07/14 03:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009/07/14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009/07/14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2013/03/07 08:51:11 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2009/07/14 06:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009/07/14 03:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009/07/14 05:54:24 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011/07/17 21:23:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009/07/14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Anwendungsdaten [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\AppData [2012/07/31 14:58:38 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Samsung\Contacts [2012/08/06 09:10:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Cookies [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Desktop [2013/03/07 09:18:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Documents [2013/03/06 18:26:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Downloads [2013/03/07 09:55:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Druckumgebung [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Eigene Dateien [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Favorites [2013/02/26 15:04:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Links [2012/08/06 09:10:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Lokale Einstellungen [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Music [2012/08/06 09:10:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Netzwerkumgebung [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\NTUSER.DAT ()
O4 - Startup: C:\Users\Samsung\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Samsung\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Samsung\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Samsung\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Samsung\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Samsung\ntuser.ini ()
O4 - Startup: C:\Users\Samsung\Pictures [2013/02/01 13:22:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Recent [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Saved Games [2013/01/18 19:32:09 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Searches [2012/08/06 09:10:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\SendTo [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Startmenü [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Samsung\Videos [2012/08/06 09:10:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Samsung\Vorlagen [2012/07/31 14:58:38 | 000,000,000 | -HSD | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{455CEDC0-0519-4ECA-94BD-4AD1E6A9536B}: DhcpNameServer = 192.168.220.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/07 09:54:47 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\%LOCALAPPDATA%
[2013/03/07 09:03:07 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/03/07 09:02:53 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/07 09:02:53 | 000,000,000 | ---D | C] -- \JRT
[2013/03/07 08:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/07 08:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/07 08:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/07 08:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013/03/07 08:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013/03/04 16:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/04 16:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/03/04 16:28:17 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013/03/04 16:28:17 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013/03/04 16:28:17 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013/03/04 16:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/03/02 16:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/22 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/22 16:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/22 16:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/22 16:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/02/22 16:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/07 09:15:02 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/07 09:12:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/07 09:07:09 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/07 09:07:09 | 000,654,610 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/03/07 09:07:09 | 000,616,452 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/07 09:07:09 | 000,130,192 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/03/07 09:07:09 | 000,106,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/07 08:48:04 | 000,000,635 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013/03/07 08:48:03 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 08:48:03 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 08:39:47 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/07 08:39:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/07 08:39:31 | 4273,917,952 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/04 16:23:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013/03/04 16:23:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013/03/04 16:23:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013/02/22 16:03:00 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/14 10:33:42 | 000,277,648 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/03/07 08:50:35 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/07 08:47:52 | 000,000,635 | ---- | C] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013/02/22 16:03:00 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/08 13:51:53 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/17 22:14:41 | 4273,917,952 | -HS- | C] () -- \hiberfil.sys
[2011/07/17 21:08:55 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/07/17 21:07:31 | 000,003,143 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/07/17 08:05:55 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/07/17 07:54:47 | 000,000,918 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/07/17 07:18:04 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/07/17 06:30:26 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/22 16:02:57 | 000,000,000 | ---D | M] -- C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/07/17 08:05:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\SAMSUNG
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2013/03/03 13:35:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2012/08/09 08:04:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\VirtualizedApplications
[2011/07/17 07:13:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
[2012/08/01 00:48:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\WinClon
[2012/08/04 14:58:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2009/07/14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2013/03/07 08:51:11 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 06:08:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009/07/14 05:54:24 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2011/07/17 21:23:00 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2009/07/14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Anwendungsdaten
[2012/07/31 14:58:38 | 000,000,000 | -H-D | M] -- C:\Users\Samsung\AppData
[2012/08/06 09:10:12 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Contacts
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Cookies
[2013/03/07 09:18:22 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Desktop
[2013/03/06 18:26:59 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Documents
[2013/03/07 09:55:00 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Downloads
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Druckumgebung
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Eigene Dateien
[2013/02/26 15:04:20 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Favorites
[2012/08/06 09:10:12 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Links
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Lokale Einstellungen
[2012/08/06 09:10:12 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Music
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Netzwerkumgebung
[2013/02/01 13:22:35 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Pictures
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Recent
[2013/01/18 19:32:09 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Saved Games
[2012/08/06 09:10:12 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Searches
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\SendTo
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Startmenü
[2012/08/06 09:10:12 | 000,000,000 | R--D | M] -- C:\Users\Samsung\Videos
[2012/07/31 14:58:38 | 000,000,000 | -HSD | M] -- C:\Users\Samsung\Vorlagen
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

ryder · 07.03.2013, 12:43

Hm also ich halte von Avira ja so gar nichts ... wir probieren das jetzt einfach mal:

Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstalliere Avira mit Haut und Haaren.

Schritt 2:
Fix mit OTL

Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.
Starte bitte die OTL.exe.

Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\SearchScopes,DefaultScope = {5FA16B80-F9C6-407C-9FCD-673E15BE08B3}
IE - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\SearchScopes\{5FA16B80-F9C6-407C-9FCD-673E15BE08B3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1233034886-2771921467-1450124296-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com
O4 - HKLM..\Run: []  File not found

:commands
[Emptytemp]
         
Schliesse bitte nun alle Programme.

Klicke nun bitte auf den Fix Button.

OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.

Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)

Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!

Schritt 3:
Installiere Avast.

Lade dir den Scanner und installiere ihn nach dieser Anleitung.

Schritt 4:
Kontrollscan mit OTL

Starte bitte OTL.exe - falls noch nicht vorhanden: LINK

Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!

Drücke den Quick Scan Button.

Poste die OTL.txt hier in deinen Thread.

ryder · 09.03.2013, 09:59

Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Frankee111 · 10.03.2013, 12:08

Moin und schönen Sonntag aus Hamburg erstmal!

Tut mir leid, dass ich mich jetzt erst wieder melde, aber die letzten beiden Tage hatte ich kaum Zeit für irgendetwas! Ich war demnach auch nicht groß online (sodass es mir momentan auch wirklich schwer fällt mit Gewissheit zu sagen, ob das Problem weiterhin besteht oder nicht)!

Fakt ist allerdings, dass - seit Avira die Tage zwar spät aber offensichtlich nun dennoch einen Trojaner erkannt und diesen in Quarantäne verschoben hat - die tracker.tradedoubler Meldung nicht mehr aufgetreten ist. Auch nicht auf den einschlägigen Seiten, auf denen das sonst immer ausgeprägt der Fall gewesen ist!

Nun schreibst Du ja, dass das nicht gleich bedeuten muss, dass das Problem damit behoben ist!

Die letzten der von dir empfohlenen Schritte, habe ich bislang (einfach aus Zeitgründen) noch nicht absolviert! Das muss ich zugeben! Empfiehlst Du mir das aber dennoch zu tun?

Falls ja, muss ich allerdings darum bitten, mir dafür 2-3 Tage Zeit einzuräumen, denn von heute bis Mittwoch werde ich dafür kaum Zeit finden!

Soll ich das also denn noch tun und wenn ja, wäre das ok, wenn es ein bisschen dauert!

Ich will nicht immer sofort den Eindruck erwecken als würde ich mich urplötzlich nicht mehr melden!

ryder · 10.03.2013, 12:25

Ist in Ordnung. Dann Mittwoch.

Frankee111 · 10.03.2013, 12:44

Ja, danke, dann bin ich ja beruhigt, dass meine Antwort gerade noch rechtzeitig kam!

Ich werde also bis Mittwoch versuchen die noch offenen Schritte zu absolvieren und mich bis spätestens Donnerstag Vormittag mit den Ergebnissen zu melden. Wer weiß, vielleicht gelingt mir das ja auch schon eher!

Hauptsache wir haben erstmal geklärt, dass ich nicht immer direkt Zeit zum antworten finde!

Trotzdem nochmal danke fürs Verständnis & einen schönen Rest-Sonntag!

Frankee111 · 11.03.2013, 19:13

Hallo Ryder,

gleich mal vorab: Ich habe heute meine WG-Mitbewohnerin damit beauftragt, sich an meiner Stelle um die Abarbeitung der mir von dir übersendeten Liste zu kümmern!

Dafür gab´s mehrere gute Gründe:

1. War sie es auch, die sich in den letzten Tagen zwischendurch (wenn ich keine Zeit hatte) immer wieder mal um die von dir empfohlenen Schritte zur Fehlerbehebung gekümmert hat.

2. Hat sie - anders als ich - die Zeit/Muse dafür und

3. zugegeben auch mehr Ahnung von Rechnern als ich!

Problem (und das konnte ich heute Nachmittag persönlich beobachten):

Nachdem Avira zuerst komplett vom Rechner entfernt (deinstalliert) und anschliessend alle Schritte bis einschließlich Punkt 3 (Installieren von Avast nach Anleitung) erledigt wurden, kam es direkt im Anschluß daran immer wieder zu dem Problem, dass sich keinerlei Einstellungen bei Avast (trotz Befolgen der Anleitung) vornehmen liessen.

Noch schlimmer: Statt mit Avast wie vorgegeben weiter verfahren zu können, hat sich jedesmal der Rechner komplett aufgehängt! Mehrmals (6-8 Mal) hintereinander und jedesmal so, dass nichts mehr vor und nichts mehr zurück ging!

Es blieb dann jedesmal nur noch die Möglichkeit, den Rechner durch drücken des Netzschalters auszuschalten und neu zu starten: Allerdings auch hier jedesmal mit dem Ergebnis, dass er sich direkt nach dem Neustart sofort wieder aufgehängt und kein Weiterarbeiten möglich gemacht hat.

Ergebnis: So liess sich mit dem Rechner heute jedenfalls ÜBERHAUPT nicht arbeiten bzw. nichts erledigen. Soll heißen: Da der Computer nach der Installation von Avast bei jedem einzelnen Versuch mit Aufhängen reagiert hat und überhaupt gar nichts mehr ging, liessen sich fortan auch die weiteren Schritte zur Fehlerbehebung nicht umsetzen.

Zwischenzeitlich gab es (unter erschwerten Bedingungen) noch den Versuch der Systemwiederherstellung, doch auch dieser wurde nach mehreren Stunden erfolglos abgebrochen.

Der Rechner läuft erst wieder halbwegs normal, seit mit Mühe und Not & im wirklich allerletzten Anlauf Avast vorübergehend wieder deinstalliert werden konnte!

Bestimmt überrascht es dich nicht, wenn ich sage, dass ich total gespannt bin, was Du dazu sagen wirst!

In diesem Sinn verbleibe ich erstmal mit lieben Grüßen

ryder · 12.03.2013, 15:33

Hm da muss irgendwas ziemlich verbogen an deinem System sein. Wirklich ein komisches Verhalten, das du da bescheibst.

Ich möchte gerne eine Sache überprüfen.

Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Scan mit Farbar's Service Scanner

Downloade dir bitte Farbar's Service Scanner
Starte das Tool mit Doppelklick auf die FSS.exe

Gehe sicher, dass folgende Optionen angehakt sind.
Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Other Services

Klicke auf Scan.

Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Schritt 2:
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Frankee111 · 13.03.2013, 10:11

Komisch - das trifft´s zu 1.000%! Und nervig ist es auch! Unter anderem auch deswegen, weil der Rechner auch sonst - neben diesem tracker.tradedoubler-Ding (das übrigens seit Samstag, offensichtlich seit es von Avira enteckt und in Quarantäne verschoben wurde, nicht wieder aufgetreten ist) - komische Sachen macht!

So ist er zur Zeit z.B. ungeheuer verlangsamt und hängt sich auch so gerne mal auf!

Zu deinen neuen Anweisungen (das mit dem Avast war übrigens wirklich so, dass sich der Rechner damit mehrfach von der ersten Sekunde an aufgehängt hat und keine Befehle mehr zuliess), also zu deinen neuen Anweisungen:

Die werden selbstverständlich erledigt! Allerdings muss ich diesmal wirklich um etwas zeitlichen Aufschub (mind. bis nach dem WE) bitten!

Auf Grund von Terminen, die wir beide (meine Mitbewohnerin & ich) haben, wird keiner von uns vor dem WE die Zeit finden, sich darum zu kümmern!

Das einzig Gute daran: So lange bleibt der Rechner auch aus!

Mit der großen Bitte um dein Verständnis und bis allerspätestens Mo.

Liebe Grüße!

ryder · 13.03.2013, 12:03

Gar kein Problem.

Frankee111 · 16.03.2013, 16:29

So, gestern war es nun also endlich so weit! Gestern Morgen verweigerte mir mein Rechner (direkt nach dem Hochfahren) plötzlich jeden Dienst!

Hochfahren liess er sich zwar noch mit Mühe und Not, aber danach war Schicht, danach nahm er keinen einzigen Befehl mehr an!

Lediglich nach einem Neustart (einem von mind. 25 am gestrigen Tag) im abgesicherten Modus mit Netzwerktreibern (was immer das bedeuten mag) war es möglich ihm einige wenige Befehle zu erteilen.

Darüber haben wir dann u.a. versucht das System auf Wiederherstellen zu setzen.

Allerdings ging auch das so schnell, dass man in der Zwischenzeit 3 Mal Weihnachten, Ostern und Geburtstag hätte feiern können. Und vor allem mit dem Ergebnis, dass er uns nach zig Stunden irgendwann mal mitteilte, dass der Versuch der Systemwiederherstellung an einem nicht-zu-definierenden Fehler gescheitert sei.

Das alles, obwohl er in den Tagen zuvor (auch Freitag noch) eigentlich wieder ganz ordentlich gelaufen ist. Man kann sagen, so gut wie schon seit Ewigkeiten nicht mehr und auch dieser verd.....tracker.tradedoubler, der ja eigentlich die Probleme erst richtig losgetreten hatte, war davor über eine Woche nicht mehr aufgetreten.

Fazit: Irgendwann blieb uns gestern nur noch der Ausweg aller Auswege, d.h., den Rechner komplett platt zu machen (unter zahlreichen, schmerzhaften Verlusten) und Windows einmal komplett neu aufzuspielen.

Seitdem läuft er zwar wieder (einigermaßen) und im Augenblick befinden sich auch nur die nötigsten Programme drauf, aber irgendwie macht er mir den Eindruck (sofern das nun überhaupt noch sein kann) als habe er immer noch irgendein versch.... Problem!

Mir kommt´s auf jeden Fall so vor als wäre er trotz der vorgenommen Maßnahmen noch immer ungeheuer langsam.

Und nu????? Bin gespannt, was Du dazu sagst!

Erstmal liebe Grüße aus HH

ryder · 16.03.2013, 17:55

Ich glaube mittlerweile nicht mehr, dass es sich um ein Malwareproblem handelt, wenn er sich auch nach einer Neuinstallation nicht mehr richtig verhält.

Lesestoff:
So geht es weiter:
Wir haben jetzt deinen Rechner bereinigt. Da dein Problem aber so nicht gelöst worden ist möchte ich dich gerne an unsere Kollegen weiterreichen.

Bitte öffne ein neues Thema in diesem Unterforum: Alles rund um Windows
Beschreibe dein noch verbleibendes Problem so genau wie möglich.
Teile dem Helfer dort mit, dass wir deinen Rechner bereits nach Malware überprüft haben, am besten unter Angabe eines Links zu diesem Thema hier.

Wenn du keine weiteren Fragen hast, wäre für mich das Thema an der Stelle beendet.

Frankee111 · 19.03.2013, 19:43

Ja, entweder probier ich das auch noch oder ich schmeiß´den Scheiß demnächst einfach gegen die nächste Wand! Aus meiner Sicht ist Technik gemacht, um dem Menschen zu dienen und nicht umgekehrt!

Trotzdem tausend Dank für die ganze Unterstützung!

06.03.2013, 16:18	#16
ryder /// TB-Ausbilder	imp.js tracker.tradedoubler trotz virenprogramm und malwarebytes Wir müssen das Problem eben einkreisen __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

10.03.2013, 12:25	#21
ryder /// TB-Ausbilder	imp.js tracker.tradedoubler trotz virenprogramm und malwarebytes Ist in Ordnung. Dann Mittwoch. __________________ --> imp.js tracker.tradedoubler trotz virenprogramm und malwarebytes

13.03.2013, 12:03	#26
ryder /// TB-Ausbilder	imp.js tracker.tradedoubler trotz virenprogramm und malwarebytes Gar kein Problem. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

imp.js tracker.tradedoubler trotz virenprogramm und malwarebytes

Log-Analyse und Auswertung: imp.js tracker.tradedoubler trotz virenprogramm und malwarebytes