Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Avazutracking virus

Avazutracking virus


Plagegeister aller Art und deren Bekämpfung: Avazutracking virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 03.03.2013, 16:24   #1
Avog
 
Avazutracking virus - Standard

Avazutracking virus


Hallo,

als ich vorhin am surfen war ging aufeinmal die Seite seth.avazutracking.net auf.
Vor 2-3 tagen hatte ich bei der installation von Winamp einen misteriösen schwarzen Kasten (rote schrift) an der oberen Bildschirmkante, wo irdenwas stand mit linksklick bestätigen.

Hier die OTL und GMER Ergebnise:

OTL:
Zitat:
OTL logfile created on: 03.03.2013 15:41:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Finn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

6,00 Gb Total Physical Memory | 4,56 Gb Available Physical Memory | 76,02% Memory free
12,00 Gb Paging File | 10,37 Gb Available in Paging File | 86,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,95 Gb Total Space | 338,92 Gb Free Space | 73,85% Space Free | Partition Type: NTFS
Drive D: | 459,46 Gb Total Space | 459,36 Gb Free Space | 99,98% Space Free | Partition Type: NTFS

Computer Name: FINN-PC | User Name: Finn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.03 15:40:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Finn\Desktop\OTL.exe
PRC - [2013.02.12 16:43:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 16:42:51 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.02.12 16:42:50 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.12 16:42:50 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.10 14:46:31 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2010.11.20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.06.11 12:24:40 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.05.10 13:06:56 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razertra.exe
PRC - [2010.05.10 13:04:08 | 000,223,744 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razerhid.exe
PRC - [2009.08.25 15:56:40 | 000,323,658 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Abyssus\razerofa.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.10 14:46:31 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2010.05.10 13:06:56 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razertra.exe
MOD - [2010.05.10 13:04:08 | 000,223,744 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razerhid.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009.09.28 08:22:00 | 000,496,128 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\SysNative\yk62x64.dll -- (yksvc)
SRV - [2013.02.27 17:24:15 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.20 14:44:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.12 16:43:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 16:42:51 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.02.12 16:42:50 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.13 12:26:38 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.10.03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.25 09:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.12 13:49:25 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.12 13:49:25 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.06.11 14:17:44 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012.06.11 14:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.06.11 14:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.06.11 14:17:44 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012.06.11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.06.11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.12.21 20:50:00 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.30 09:53:50 | 000,010,880 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Abyssus.sys -- (Abyssus)
DRV:64bit: - [2009.09.28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5120&r=173610129816p0405v125y4401930o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5120&r=173610129816p0405v125y4401930o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5120&r=173610129816p0405v125y4401930o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5120&r=173610129816p0405v125y4401930o
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5120&r=173610129816p0405v125y4401930o
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{81792261-02E6-45D4-BBB0-2BEBC07D43B3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VL^DE&apn_uid=7ccc3baf-e948-4ad8-85f1-bd1fb54f8e60&apn_sauid=F1603774-FF71-40B3-A26E-6B8D70A2DC39
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: mail%40shopping-preise.de:1.1
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.05 15:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 14:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.24 09:25:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\jhsm0u7i.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\jhsm0u7i.default\extensions\mail@shopping-preise.de [2012.10.08 14:45:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\jhsm0u7i.default\extensions\firejump@firejump.net [2012.10.08 14:45:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 14:44:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.24 09:25:46 | 000,000,000 | ---D | M]

[2012.10.01 20:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Finn\AppData\Roaming\mozilla\Extensions
[2012.10.23 19:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Finn\AppData\Roaming\mozilla\Firefox\Profiles\jhsm0u7i.default\extensions
[2012.10.08 14:45:07 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Finn\AppData\Roaming\mozilla\Firefox\Profiles\jhsm0u7i.default\extensions\firejump@firejump.net
[2012.10.08 14:45:02 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Finn\AppData\Roaming\mozilla\Firefox\Profiles\jhsm0u7i.default\extensions\mail@shopping-preise.de
[2012.10.09 19:26:23 | 000,110,795 | ---- | M] () (No name found) -- C:\Users\Finn\AppData\Roaming\mozilla\firefox\profiles\jhsm0u7i.default\extensions\extension@preispilot.com.xpi
[2012.10.12 13:09:48 | 000,000,950 | ---- | M] () -- C:\Users\Finn\AppData\Roaming\mozilla\firefox\profiles\jhsm0u7i.default\searchplugins\icqplugin-1.xml
[2012.10.09 19:24:22 | 000,001,056 | ---- | M] () -- C:\Users\Finn\AppData\Roaming\mozilla\firefox\profiles\jhsm0u7i.default\searchplugins\icqplugin.xml
[2013.02.20 14:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.05 15:12:01 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES (X86)\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
[2013.02.20 14:44:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: Erster Nutzer = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Erster Nutzer = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Erster Nutzer = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Abyssus] C:\Program Files (x86)\Razer\Abyssus\razerhid.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Finn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Finn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07C97313-5EFA-4E53-9BB2-80664554DEDA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.03 15:40:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Finn\Desktop\OTL.exe
[2013.03.03 15:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.03 15:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.03.03 15:05:47 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.03.03 15:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.03.03 15:04:06 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Local\Programs
[2013.02.28 13:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.20 14:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.15 14:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013.02.10 20:22:50 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\TS3Client
[2013.02.10 20:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.02.10 20:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client

========== Files - Modified Within 30 Days ==========

[2013.03.03 15:40:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Finn\Desktop\OTL.exe
[2013.03.03 15:35:33 | 000,000,000 | ---- | M] () -- C:\Users\Finn\defogger_reenable
[2013.03.03 15:32:24 | 000,050,477 | ---- | M] () -- C:\Users\Finn\Desktop\Defogger.exe
[2013.03.03 15:30:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Packard Bell Registration Reminder.job
[2013.03.03 15:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.03 15:05:52 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Spybot.lnk
[2013.03.03 14:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.02 20:31:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 20:31:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 20:24:10 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.02 20:22:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.02 20:22:37 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 14:52:46 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013.02.14 17:36:41 | 000,350,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 16:39:34 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 16:39:34 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 16:39:34 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 16:39:34 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 16:39:34 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.10 20:22:07 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak3.lnk

========== Files Created - No Company Name ==========

[2013.03.03 15:35:33 | 000,000,000 | ---- | C] () -- C:\Users\Finn\defogger_reenable
[2013.03.03 15:32:23 | 000,050,477 | ---- | C] () -- C:\Users\Finn\Desktop\Defogger.exe
[2013.03.03 15:05:52 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.03.03 15:05:52 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Spybot.lnk
[2013.02.10 20:22:07 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak3.lnk
[2013.01.20 02:47:31 | 942,397,502 | ---- | C] () -- C:\Users\Finn\Hardcore RELOADEDv3_9_2.rar
[2012.10.08 14:45:02 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2009.10.27 19:57:10 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.01.22 19:28:13 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Amazon
[2012.10.08 14:45:01 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\DesktopIconForAmazon
[2013.01.05 15:11:55 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\DVDVideoSoft
[2012.10.01 21:17:42 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.11 14:43:13 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\ICQ
[2012.10.01 21:09:40 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\ICQ Search
[2012.12.10 16:03:08 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\LolClient
[2012.11.29 23:00:20 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Nokia
[2012.11.29 23:00:20 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Nokia Suite
[2013.01.05 15:11:55 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\OpenCandy
[2012.11.20 14:17:52 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Opera
[2012.11.29 22:56:39 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\PC Suite
[2013.02.03 17:40:02 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Trillian
[2013.03.03 15:32:43 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\TS3Client

========== Purity Check ==========



< End of report >
Extras:
Zitat:
OTL Extras logfile created on: 03.03.2013 15:41:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Finn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

6,00 Gb Total Physical Memory | 4,56 Gb Available Physical Memory | 76,02% Memory free
12,00 Gb Paging File | 10,37 Gb Available in Paging File | 86,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,95 Gb Total Space | 338,92 Gb Free Space | 73,85% Space Free | Partition Type: NTFS
Drive D: | 459,46 Gb Total Space | 459,36 Gb Free Space | 99,98% Space Free | Partition Type: NTFS

Computer Name: FINN-PC | User Name: Finn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0746C93F-C29E-48A2-BF04-8A8DA099B2C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{111E208B-79C8-4B50-8FF6-70AD3A67122D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28803A1C-A177-4868-B7F7-68A35EBD0030}" = rport=137 | protocol=17 | dir=out | app=system |
"{2954EE96-D1B5-4D6D-B4E2-AC6745333FBC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{357B3436-F81A-4A65-9346-F1C332FD28B0}" = rport=445 | protocol=6 | dir=out | app=system |
"{3C9DA826-768B-4990-BBD4-166C97C1ADFD}" = lport=139 | protocol=6 | dir=in | app=system |
"{42A154CF-AEC9-4C53-A218-E8CEA50900F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57682AE7-8AAB-4E20-B240-6D984FB566E2}" = lport=137 | protocol=17 | dir=in | app=system |
"{5F6DD3BB-DCD5-4622-940C-038EE3194BD5}" = rport=139 | protocol=6 | dir=out | app=system |
"{61C5D65D-D8F6-4662-B609-D9FE9160CE30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68792EC9-5C05-448F-ABAD-4547076091D7}" = lport=445 | protocol=6 | dir=in | app=system |
"{69888542-39EA-4D94-9AC0-8430B5FC784A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B8D925F-858E-4390-99C2-1E7ABC517A07}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7388861B-DF54-4554-8097-80B95C264CE5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{818F7D6A-8A2D-4F3D-B8C1-8CE267AFDE29}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{827CC85D-E6EC-42E7-BE47-ECF07CCED9E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8C4F85C4-A1A2-4B4B-B1CF-0A1D711D1EEF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96BA603C-FA22-496A-8170-F4F5EDD73B0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A4025185-F7DA-48E6-BFF9-0C4CD39E5277}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A6B77D35-798A-4DF2-8D50-484D9AC2C22C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6360C25-F305-47E5-96EA-9F7E2783F392}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E7D6DF4B-6756-4441-9488-0A4712B4025B}" = lport=138 | protocol=17 | dir=in | app=system |
"{F8889A15-9646-474D-BDD1-596B46E5B1CC}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C28822-E8EC-4928-92E9-9198FAA6F54D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{077E5E55-FC91-48F4-B76D-C91D4150BCBC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{07E329B1-B741-4BF4-ACCE-02C2C7EBAFD3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0FCAD227-6A75-4611-808F-B3E844B3BA98}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{106B054E-143C-4AAD-A893-3FE42E824E55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{10B8160D-0E1B-47DF-B754-7582AE324186}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{15CC0A8A-12A6-40B9-9342-B81B7EE281AD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17719E3F-5AC6-4AEE-A694-4D3E06037E1D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{18C68327-3579-4552-A654-E513E86DDCBE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C0ACE1B-DBAE-47BE-91D7-04E763CA7B04}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2C3E3575-81C5-4F77-A654-9B3F33C284DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2DDAA272-F6C7-41EE-87A6-DD9A15532878}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{342E1C7D-9646-4A55-871A-D44377EE10BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35C1B844-61A5-4449-B63D-ADFDFCFC7C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3FDC106D-4221-4248-AF9E-59EA5F2C8F3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{488D1335-89AF-4B08-87B2-473F138D9894}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{4AA5CD33-80C3-4392-B618-FE48B19B96CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D673A10-13B1-4D31-8330-A8FE06F14B26}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{505E0227-C684-499F-AD46-63D5AF07D924}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{524AFF95-2FD1-4B68-A66D-81924055D1A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53CF3AAB-3C9E-4C25-96CB-6DD7B4CE7E32}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{634C5963-7F61-4841-9035-885803A9A69A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{66FBE6DE-859B-4A72-9975-E7EFF9C823ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{691AA540-6A91-4A98-94AC-0C403AD7570E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6A722DFC-BEB4-440D-860C-E44BD6FA6F1E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6AB1BB53-77F0-46BC-84E3-48C440A5B1D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71AE19B9-4CCE-418F-8346-E18D18111CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{730F8DD4-2163-4881-9C77-512012F9F1A9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7999FEFD-F4C3-4971-AA4C-8C2A76DF90C9}" = protocol=6 | dir=out | app=system |
"{79B6C9E6-CBBD-447F-B5AB-58D6FC2009D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7D3AB260-296C-4906-9F37-C66825580970}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{80F879F5-BAF8-4C1D-9A88-B90BA7BB956A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{93D57C43-75F7-4F02-ABAD-B9C36FD63CDB}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{98672C1A-208D-42B5-BC01-69C112AFE883}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A25DF2B7-F47E-4D52-A5FB-B167150A48FC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{A4657489-1063-420C-BD3D-A6004E93F66D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAF18822-A753-41B4-B0EE-AD58F821373C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{AB58E84B-7210-40AD-8DB0-97D1467F72ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B19B4F8A-9546-4A9E-A502-28720AD24094}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{C588C82A-684F-4BB7-8E5D-B0501991A4F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DBEB598B-184D-40E7-B7A4-FB40AFB08B01}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DCAF1A19-2C41-4ACD-B712-85E771DD34D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{DDDF758A-6D15-4A4C-B21F-530FCF63D2E0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E04328EC-2482-4A44-9298-5116A8ABB390}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E24FE3C4-BB6A-4303-A207-E895788A4282}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{F0AD6FD5-DC62-4223-B15A-4CA2300932E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F0D6CB38-D01C-43AD-A2BE-A5A4519F6AAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC3C400E-0B6C-4F25-AB8B-73A0CCB470CA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FCD60B8A-F0FD-482E-9FC3-AE7E2A0E21D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1314B47C-2AC7-419C-8CB0-743F54863FC3}C:\users\finn\hardcore-reloaded\metin2client.bin" = protocol=6 | dir=in | app=c:\users\finn\hardcore-reloaded\metin2client.bin |
"TCP Query User{6F44A64D-F9FB-4D9D-A3F8-FAC04AE01085}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{774F517D-11F5-4EBC-B702-54819392FC13}C:\users\finn\hardcore-reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\finn\hardcore-reloaded\.hardcore reloaded.exe |
"TCP Query User{AD30EB14-3702-4DB9-8A10-AA7339F7C487}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{B0F33321-C7F9-44A1-94B4-10D423649E3C}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe |
"UDP Query User{2527E6FD-EA87-447A-8710-DD4E26F01D91}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe |
"UDP Query User{2A22E918-99C1-4E1F-BE73-9E8218B6392B}C:\users\finn\hardcore-reloaded\metin2client.bin" = protocol=17 | dir=in | app=c:\users\finn\hardcore-reloaded\metin2client.bin |
"UDP Query User{35B7CE06-B8A7-4211-BA81-AFB4CCBBE098}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{8A37901E-48FD-40EC-A47E-C1E6A272B6EB}C:\users\finn\hardcore-reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\finn\hardcore-reloaded\.hardcore reloaded.exe |
"UDP Query User{B5C54E12-F34F-47B2-A48C-86E9D89987E9}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{307C4A74-AB2D-3213-ABBC-EC4DE77BEFE6}" = ATI Catalyst Install Manager
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BF9FD124-1112-4C8D-8F79-779A11C6287D}" = Logitech GamePanel Software 3.05.151
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.1 Build #2096 Banner Remover 1.0
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{210aad36-b5a4-48e1-b724-38d430732d6f}" = Nero 9 Essentials
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de AddOn Firefox
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.9
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CBD6B23A-B54F-476A-9527-C262F469CACF}" = Razer Abyssus
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diablo III" = Diablo III
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Opera 12.11.1661" = Opera 12.11
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Software Suite SE" = Packard Bell Software Suite SE
"Packard Bell Welcome Center" = Welcome Center
"Steam App 730" = Counter-Strike: Global Offensive
"Trillian" = Trillian
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11.02.2013 07:45:41 | Computer Name = Finn-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.02.2013 05:59:30 | Computer Name = Finn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 12.02.2013 06:00:22 | Computer Name = Finn-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error - 12.02.2013 06:00:39 | Computer Name = Finn-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.02.2013 06:00:40 | Computer Name = Finn-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.02.2013 06:00:40 | Computer Name = Finn-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.02.2013 06:00:40 | Computer Name = Finn-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.02.2013 20:30:48 | Computer Name = Finn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Diablo III.exe, Version: 1.0.6.13644,
Zeitstempel: 0x50bd66b3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000222b2 ID des fehlerhaften
Prozesses: 0x12ac Startzeit der fehlerhaften Anwendung: 0x01ce09086a75dc87 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Diablo III\Diablo III.exe Pfad des
fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 9c5f9d70-7574-11e2-af04-90fba64be354

Error - 14.02.2013 22:01:03 | Computer Name = Finn-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 14.02.2013 22:01:04 | Computer Name = Finn-PC | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 26.02.2013 08:42:47 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 26.02.2013 08:42:47 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 27.02.2013 08:40:34 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 27.02.2013 08:40:34 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 27.02.2013 14:00:49 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.

Error - 27.02.2013 14:00:49 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.

Error - 27.02.2013 14:02:49 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 27.02.2013 14:02:49 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 28.02.2013 08:45:53 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 28.02.2013 08:45:53 | Computer Name = Finn-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069


< End of report >
Gmer:
Zitat:
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-03 16:05:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EADS-22M2B0 rev.01.00A01 931,51GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Finn\AppData\Local\Temp\kxldypog.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[164] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000758987b1 5 bytes [33, C0, C2, 04, 00]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[10712] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075a71465 2 bytes [A7, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[10712] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075a714bb 2 bytes [A7, 75]
.text ... * 2

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----
Danke schonmal

Gruß Finn

Alt 03.03.2013, 18:13   #2
markusg
/// Malware-holic
 
Avazutracking virus - Standard

Avazutracking virus


Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
IE - HKCU\..\URLSearchHook: - No CLSID value found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [] File not found
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________

__________________
Alt 03.03.2013, 18:52   #3
Avog
 
Avazutracking virus - Standard

Avazutracking virus


Habe die schritte wie angewiesen durchgeführt.

Hier der OTL eitrag:
Zitat:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Finn
->Temp folder emptied: 23595 bytes
->Temporary Internet Files folder emptied: 2325721 bytes
->Java cache emptied: 7489466 bytes
->FireFox cache emptied: 435966507 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 4397 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46427401 bytes
RecycleBin emptied: 1511 bytes

Total Files Cleaned = 469,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03032013_184232
als ich gerade eben die antwort posten wollte hatte ich ein Bluescreen mit fehlermelden direkt nanach neustart. Auf meinen desktop sind jetzt 2 datein "desktop.ini" (versteckt angezeigt)

Gruß Finn
__________________
Alt 03.03.2013, 19:41   #4
markusg
/// Malware-holic
 
Avazutracking virus - Standard

Avazutracking virus


Hi
die beiden inis löschen.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2013, 19:53   #5
Avog
 
Avazutracking virus - Standard

Avazutracking virus


tdsskiller:
Zitat:
19:51:48.0752 3716 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:51:48.0924 3716 ============================================================
19:51:48.0924 3716 Current date / time: 2013/03/03 19:51:48.0924
19:51:48.0924 3716 SystemInfo:
19:51:48.0924 3716
19:51:48.0924 3716 OS Version: 6.1.7601 ServicePack: 1.0
19:51:48.0924 3716 Product type: Workstation
19:51:48.0924 3716 ComputerName: FINN-PC
19:51:48.0924 3716 UserName: Finn
19:51:48.0924 3716 Windows directory: C:\Windows
19:51:48.0924 3716 System windows directory: C:\Windows
19:51:48.0924 3716 Running under WOW64
19:51:48.0924 3716 Processor architecture: Intel x64
19:51:48.0924 3716 Number of processors: 4
19:51:48.0924 3716 Page size: 0x1000
19:51:48.0924 3716 Boot type: Normal boot
19:51:48.0924 3716 ============================================================
19:51:49.0829 3716 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:51:49.0860 3716 ============================================================
19:51:49.0860 3716 \Device\Harddisk0\DR0:
19:51:49.0860 3716 MBR partitions:
19:51:49.0860 3716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
19:51:49.0860 3716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x395E7000
19:51:49.0860 3716 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B019800, BlocksNum 0x396EC800
19:51:49.0860 3716 ============================================================
19:51:49.0891 3716 C: <-> \Device\Harddisk0\DR0\Partition2
19:51:49.0938 3716 D: <-> \Device\Harddisk0\DR0\Partition3
19:51:49.0938 3716 ============================================================
19:51:49.0938 3716 Initialize success
19:51:49.0938 3716 ============================================================
19:51:55.0523 2636 ============================================================
19:51:55.0523 2636 Scan started
19:51:55.0523 2636 Mode: Manual; SigCheck; TDLFS;
19:51:55.0523 2636 ============================================================
19:51:56.0084 2636 ================ Scan system memory ========================
19:51:56.0084 2636 System memory - ok
19:51:56.0084 2636 ================ Scan services =============================
19:51:56.0225 2636 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:51:56.0271 2636 1394ohci - ok
19:51:56.0287 2636 [ CDF91E688D456B9702B2EA72C85F840C ] Abyssus C:\Windows\system32\drivers\Abyssus.sys
19:51:56.0303 2636 Abyssus - ok
19:51:56.0318 2636 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:51:56.0334 2636 ACPI - ok
19:51:56.0349 2636 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:51:56.0365 2636 AcpiPmi - ok
19:51:56.0459 2636 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:51:56.0474 2636 AdobeFlashPlayerUpdateSvc - ok
19:51:56.0521 2636 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:51:56.0537 2636 adp94xx - ok
19:51:56.0552 2636 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:51:56.0568 2636 adpahci - ok
19:51:56.0568 2636 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:51:56.0583 2636 adpu320 - ok
19:51:56.0599 2636 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:51:56.0646 2636 AeLookupSvc - ok
19:51:56.0693 2636 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:51:56.0708 2636 AFD - ok
19:51:56.0724 2636 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:51:56.0739 2636 agp440 - ok
19:51:56.0755 2636 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:51:56.0771 2636 ALG - ok
19:51:56.0786 2636 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:51:56.0802 2636 aliide - ok
19:51:56.0817 2636 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:51:56.0817 2636 amdide - ok
19:51:56.0849 2636 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:51:56.0849 2636 AmdK8 - ok
19:51:56.0864 2636 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:51:56.0880 2636 AmdPPM - ok
19:51:56.0911 2636 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:51:56.0927 2636 amdsata - ok
19:51:56.0942 2636 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:51:56.0958 2636 amdsbs - ok
19:51:56.0973 2636 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:51:56.0973 2636 amdxata - ok
19:51:57.0051 2636 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:51:57.0051 2636 AntiVirSchedulerService - ok
19:51:57.0098 2636 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:51:57.0098 2636 AntiVirService - ok
19:51:57.0114 2636 [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:51:57.0145 2636 AntiVirWebService - ok
19:51:57.0161 2636 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:51:57.0192 2636 AppID - ok
19:51:57.0223 2636 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:51:57.0254 2636 AppIDSvc - ok
19:51:57.0285 2636 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:51:57.0317 2636 Appinfo - ok
19:51:57.0348 2636 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:51:57.0363 2636 arc - ok
19:51:57.0379 2636 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:51:57.0379 2636 arcsas - ok
19:51:57.0426 2636 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:57.0457 2636 AsyncMac - ok
19:51:57.0473 2636 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:51:57.0488 2636 atapi - ok
19:51:57.0707 2636 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
19:51:57.0769 2636 atikmdag - ok
19:51:57.0800 2636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:51:57.0847 2636 AudioEndpointBuilder - ok
19:51:57.0863 2636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:51:57.0894 2636 AudioSrv - ok
19:51:57.0909 2636 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:51:57.0925 2636 avgntflt - ok
19:51:57.0956 2636 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:51:57.0972 2636 avipbb - ok
19:51:57.0987 2636 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:51:58.0003 2636 avkmgr - ok
19:51:58.0050 2636 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:51:58.0065 2636 AxInstSV - ok
19:51:58.0097 2636 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:51:58.0112 2636 b06bdrv - ok
19:51:58.0159 2636 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:51:58.0175 2636 b57nd60a - ok
19:51:58.0206 2636 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:51:58.0221 2636 BDESVC - ok
19:51:58.0253 2636 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:51:58.0284 2636 Beep - ok
19:51:58.0331 2636 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:51:58.0377 2636 BFE - ok
19:51:58.0409 2636 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:51:58.0440 2636 BITS - ok
19:51:58.0455 2636 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:51:58.0471 2636 blbdrive - ok
19:51:58.0502 2636 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:51:58.0502 2636 bowser - ok
19:51:58.0518 2636 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:51:58.0533 2636 BrFiltLo - ok
19:51:58.0549 2636 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:51:58.0565 2636 BrFiltUp - ok
19:51:58.0580 2636 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:51:58.0596 2636 Browser - ok
19:51:58.0611 2636 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:51:58.0627 2636 Brserid - ok
19:51:58.0627 2636 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:51:58.0643 2636 BrSerWdm - ok
19:51:58.0658 2636 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:51:58.0674 2636 BrUsbMdm - ok
19:51:58.0689 2636 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:51:58.0705 2636 BrUsbSer - ok
19:51:58.0705 2636 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:51:58.0721 2636 BTHMODEM - ok
19:51:58.0752 2636 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:51:58.0783 2636 bthserv - ok
19:51:58.0799 2636 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:51:58.0830 2636 cdfs - ok
19:51:58.0861 2636 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:51:58.0877 2636 cdrom - ok
19:51:58.0923 2636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:51:58.0955 2636 CertPropSvc - ok
19:51:58.0986 2636 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:51:59.0001 2636 circlass - ok
19:51:59.0017 2636 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:51:59.0033 2636 CLFS - ok
19:51:59.0111 2636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:51:59.0126 2636 clr_optimization_v2.0.50727_32 - ok
19:51:59.0189 2636 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:51:59.0204 2636 clr_optimization_v2.0.50727_64 - ok
19:51:59.0267 2636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:51:59.0282 2636 clr_optimization_v4.0.30319_32 - ok
19:51:59.0313 2636 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:51:59.0329 2636 clr_optimization_v4.0.30319_64 - ok
19:51:59.0360 2636 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:51:59.0360 2636 CmBatt - ok
19:51:59.0391 2636 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:51:59.0391 2636 cmdide - ok
19:51:59.0423 2636 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:51:59.0454 2636 CNG - ok
19:51:59.0469 2636 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:51:59.0485 2636 Compbatt - ok
19:51:59.0516 2636 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:51:59.0532 2636 CompositeBus - ok
19:51:59.0547 2636 COMSysApp - ok
19:51:59.0563 2636 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:51:59.0579 2636 crcdisk - ok
19:51:59.0610 2636 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:51:59.0625 2636 CryptSvc - ok
19:51:59.0657 2636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:51:59.0688 2636 DcomLaunch - ok
19:51:59.0719 2636 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:51:59.0766 2636 defragsvc - ok
19:51:59.0781 2636 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:51:59.0813 2636 DfsC - ok
19:51:59.0828 2636 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:51:59.0844 2636 Dhcp - ok
19:51:59.0844 2636 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:51:59.0875 2636 discache - ok
19:51:59.0906 2636 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:51:59.0906 2636 Disk - ok
19:51:59.0953 2636 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:51:59.0969 2636 Dnscache - ok
19:52:00.0000 2636 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:52:00.0031 2636 dot3svc - ok
19:52:00.0062 2636 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:52:00.0093 2636 DPS - ok
19:52:00.0125 2636 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:52:00.0125 2636 drmkaud - ok
19:52:00.0171 2636 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:52:00.0187 2636 DXGKrnl - ok
19:52:00.0203 2636 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:52:00.0234 2636 EapHost - ok
19:52:00.0296 2636 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:52:00.0343 2636 ebdrv - ok
19:52:00.0374 2636 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:52:00.0390 2636 EFS - ok
19:52:00.0452 2636 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:52:00.0468 2636 ehRecvr - ok
19:52:00.0483 2636 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:52:00.0483 2636 ehSched - ok
19:52:00.0515 2636 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:52:00.0530 2636 elxstor - ok
19:52:00.0561 2636 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:52:00.0577 2636 ErrDev - ok
19:52:00.0608 2636 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:52:00.0655 2636 EventSystem - ok
19:52:00.0655 2636 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:52:00.0702 2636 exfat - ok
19:52:00.0717 2636 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:52:00.0749 2636 fastfat - ok
19:52:00.0780 2636 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:52:00.0795 2636 Fax - ok
19:52:00.0811 2636 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:52:00.0827 2636 fdc - ok
19:52:00.0842 2636 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:52:00.0873 2636 fdPHost - ok
19:52:00.0873 2636 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:52:00.0905 2636 FDResPub - ok
19:52:00.0920 2636 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:52:00.0936 2636 FileInfo - ok
19:52:00.0936 2636 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:52:00.0967 2636 Filetrace - ok
19:52:00.0983 2636 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:52:00.0998 2636 flpydisk - ok
19:52:01.0014 2636 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:52:01.0029 2636 FltMgr - ok
19:52:01.0076 2636 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:52:01.0107 2636 FontCache - ok
19:52:01.0154 2636 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:52:01.0154 2636 FontCache3.0.0.0 - ok
19:52:01.0154 2636 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:52:01.0170 2636 FsDepends - ok
19:52:01.0201 2636 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:52:01.0201 2636 Fs_Rec - ok
19:52:01.0248 2636 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:52:01.0263 2636 fvevol - ok
19:52:01.0279 2636 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:52:01.0279 2636 gagp30kx - ok
19:52:01.0310 2636 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:52:01.0341 2636 gpsvc - ok
19:52:01.0388 2636 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:52:01.0404 2636 gupdate - ok
19:52:01.0404 2636 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:52:01.0419 2636 gupdatem - ok
19:52:01.0435 2636 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:52:01.0451 2636 hcw85cir - ok
19:52:01.0482 2636 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:52:01.0497 2636 HdAudAddService - ok
19:52:01.0513 2636 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:52:01.0529 2636 HDAudBus - ok
19:52:01.0544 2636 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:52:01.0560 2636 HidBatt - ok
19:52:01.0560 2636 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:52:01.0575 2636 HidBth - ok
19:52:01.0591 2636 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:52:01.0607 2636 HidIr - ok
19:52:01.0622 2636 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:52:01.0653 2636 hidserv - ok
19:52:01.0700 2636 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:52:01.0700 2636 HidUsb - ok
19:52:01.0716 2636 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:52:01.0747 2636 hkmsvc - ok
19:52:01.0763 2636 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:52:01.0778 2636 HomeGroupListener - ok
19:52:01.0794 2636 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:52:01.0809 2636 HomeGroupProvider - ok
19:52:01.0825 2636 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:52:01.0825 2636 HpSAMD - ok
19:52:01.0887 2636 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:52:01.0919 2636 HTTP - ok
19:52:01.0919 2636 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:52:01.0934 2636 hwpolicy - ok
19:52:01.0950 2636 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:52:01.0965 2636 i8042prt - ok
19:52:01.0997 2636 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:52:02.0012 2636 iaStorV - ok
19:52:02.0043 2636 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:52:02.0059 2636 idsvc - ok
19:52:02.0090 2636 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:52:02.0106 2636 iirsp - ok
19:52:02.0137 2636 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:52:02.0184 2636 IKEEXT - ok
19:52:02.0215 2636 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:52:02.0246 2636 IntcAzAudAddService - ok
19:52:02.0262 2636 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:52:02.0277 2636 intelide - ok
19:52:02.0293 2636 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:52:02.0309 2636 intelppm - ok
19:52:02.0340 2636 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:52:02.0371 2636 IPBusEnum - ok
19:52:02.0387 2636 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:52:02.0418 2636 IpFilterDriver - ok
19:52:02.0449 2636 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:52:02.0465 2636 iphlpsvc - ok
19:52:02.0480 2636 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:52:02.0496 2636 IPMIDRV - ok
19:52:02.0511 2636 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:52:02.0543 2636 IPNAT - ok
19:52:02.0558 2636 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:52:02.0574 2636 IRENUM - ok
19:52:02.0589 2636 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:52:02.0589 2636 isapnp - ok
19:52:02.0621 2636 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:52:02.0636 2636 iScsiPrt - ok
19:52:02.0683 2636 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:52:02.0699 2636 kbdclass - ok
19:52:02.0730 2636 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:52:02.0730 2636 kbdhid - ok
19:52:02.0745 2636 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:52:02.0761 2636 KeyIso - ok
19:52:02.0792 2636 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:52:02.0808 2636 KSecDD - ok
19:52:02.0823 2636 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:52:02.0823 2636 KSecPkg - ok
19:52:02.0839 2636 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:52:02.0870 2636 ksthunk - ok
19:52:02.0901 2636 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:52:02.0933 2636 KtmRm - ok
19:52:02.0964 2636 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:52:02.0995 2636 LanmanServer - ok
19:52:03.0026 2636 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:52:03.0057 2636 LanmanWorkstation - ok
19:52:03.0073 2636 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
19:52:03.0089 2636 LGBusEnum - ok
19:52:03.0104 2636 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
19:52:03.0120 2636 LGVirHid - ok
19:52:03.0120 2636 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:52:03.0151 2636 lltdio - ok
19:52:03.0182 2636 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:52:03.0229 2636 lltdsvc - ok
19:52:03.0245 2636 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:52:03.0276 2636 lmhosts - ok
19:52:03.0291 2636 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:52:03.0307 2636 LSI_FC - ok
19:52:03.0323 2636 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:52:03.0338 2636 LSI_SAS - ok
19:52:03.0354 2636 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:52:03.0369 2636 LSI_SAS2 - ok
19:52:03.0385 2636 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:52:03.0401 2636 LSI_SCSI - ok
19:52:03.0401 2636 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:52:03.0432 2636 luafv - ok
19:52:03.0479 2636 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:52:03.0479 2636 Mcx2Svc - ok
19:52:03.0494 2636 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:52:03.0510 2636 megasas - ok
19:52:03.0525 2636 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:52:03.0541 2636 MegaSR - ok
19:52:03.0557 2636 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:52:03.0588 2636 MMCSS - ok
19:52:03.0603 2636 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:52:03.0635 2636 Modem - ok
19:52:03.0666 2636 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:52:03.0681 2636 monitor - ok
19:52:03.0728 2636 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:52:03.0728 2636 mouclass - ok
19:52:03.0744 2636 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:52:03.0759 2636 mouhid - ok
19:52:03.0791 2636 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:52:03.0806 2636 mountmgr - ok
19:52:03.0837 2636 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:52:03.0853 2636 MozillaMaintenance - ok
19:52:03.0869 2636 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:52:03.0884 2636 mpio - ok
19:52:03.0884 2636 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:52:03.0915 2636 mpsdrv - ok
19:52:03.0947 2636 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:52:03.0978 2636 MpsSvc - ok
19:52:04.0009 2636 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:52:04.0025 2636 MRxDAV - ok
19:52:04.0040 2636 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:52:04.0056 2636 mrxsmb - ok
19:52:04.0071 2636 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:52:04.0087 2636 mrxsmb10 - ok
19:52:04.0118 2636 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:52:04.0134 2636 mrxsmb20 - ok
19:52:04.0149 2636 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:52:04.0165 2636 msahci - ok
19:52:04.0181 2636 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:52:04.0196 2636 msdsm - ok
19:52:04.0212 2636 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:52:04.0227 2636 MSDTC - ok
19:52:04.0243 2636 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:52:04.0274 2636 Msfs - ok
19:52:04.0305 2636 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:52:04.0337 2636 mshidkmdf - ok
19:52:04.0368 2636 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:52:04.0383 2636 msisadrv - ok
19:52:04.0430 2636 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:52:04.0461 2636 MSiSCSI - ok
19:52:04.0461 2636 msiserver - ok
19:52:04.0524 2636 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:52:04.0555 2636 MSKSSRV - ok
19:52:04.0571 2636 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:52:04.0602 2636 MSPCLOCK - ok
19:52:04.0617 2636 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:52:04.0649 2636 MSPQM - ok
19:52:04.0680 2636 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:52:04.0695 2636 MsRPC - ok
19:52:04.0711 2636 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:52:04.0727 2636 mssmbios - ok
19:52:04.0742 2636 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:52:04.0773 2636 MSTEE - ok
19:52:04.0789 2636 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:52:04.0805 2636 MTConfig - ok
19:52:04.0820 2636 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:52:04.0836 2636 Mup - ok
19:52:04.0851 2636 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:52:04.0883 2636 napagent - ok
19:52:04.0914 2636 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:52:04.0929 2636 NativeWifiP - ok
19:52:04.0961 2636 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:52:04.0992 2636 NDIS - ok
19:52:05.0007 2636 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:52:05.0039 2636 NdisCap - ok
19:52:05.0054 2636 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:52:05.0085 2636 NdisTapi - ok
19:52:05.0148 2636 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:52:05.0179 2636 Ndisuio - ok
19:52:05.0210 2636 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:52:05.0241 2636 NdisWan - ok
19:52:05.0241 2636 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:52:05.0273 2636 NDProxy - ok
19:52:05.0382 2636 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:52:05.0397 2636 Nero BackItUp Scheduler 4.0 - ok
19:52:05.0413 2636 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:52:05.0444 2636 NetBIOS - ok
19:52:05.0491 2636 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:52:05.0522 2636 NetBT - ok
19:52:05.0538 2636 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:52:05.0538 2636 Netlogon - ok
19:52:05.0585 2636 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:52:05.0631 2636 Netman - ok
19:52:05.0647 2636 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:52:05.0678 2636 netprofm - ok
19:52:05.0709 2636 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:52:05.0725 2636 NetTcpPortSharing - ok
19:52:05.0741 2636 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:52:05.0756 2636 nfrd960 - ok
19:52:05.0772 2636 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:52:05.0787 2636 NlaSvc - ok
19:52:05.0834 2636 [ 4903177FC90E77ABEB19021451E9475E ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
19:52:05.0850 2636 nmwcd - ok
19:52:05.0881 2636 [ E6844A4C97E5409BBE24BB4ED000320D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
19:52:05.0912 2636 nmwcdc - ok
19:52:05.0928 2636 [ F59F8CF59F7905622686637177E2A828 ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys
19:52:05.0959 2636 nmwcdnsucx64 - ok
19:52:05.0975 2636 [ A0E7F80157AF77B1CEAA8ADD3A3E7D85 ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
19:52:06.0006 2636 nmwcdnsux64 - ok
19:52:06.0021 2636 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:52:06.0053 2636 Npfs - ok
19:52:06.0084 2636 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:52:06.0115 2636 nsi - ok
19:52:06.0131 2636 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:52:06.0162 2636 nsiproxy - ok
19:52:06.0209 2636 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:52:06.0240 2636 Ntfs - ok
19:52:06.0255 2636 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:52:06.0287 2636 Null - ok
19:52:06.0318 2636 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:52:06.0333 2636 NVHDA - ok
19:52:06.0536 2636 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:52:06.0692 2636 nvlddmkm - ok
19:52:06.0723 2636 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:52:06.0739 2636 nvraid - ok
19:52:06.0755 2636 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:52:06.0770 2636 nvstor - ok
19:52:06.0801 2636 [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:52:06.0817 2636 nvsvc - ok
19:52:06.0879 2636 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:52:06.0911 2636 nvUpdatusService - ok
19:52:06.0926 2636 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:52:06.0942 2636 nv_agp - ok
19:52:07.0020 2636 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:52:07.0020 2636 odserv - ok
19:52:07.0051 2636 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:52:07.0051 2636 ohci1394 - ok
19:52:07.0082 2636 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:52:07.0098 2636 ose - ok
19:52:07.0113 2636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:52:07.0129 2636 p2pimsvc - ok
19:52:07.0160 2636 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:52:07.0176 2636 p2psvc - ok
19:52:07.0207 2636 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:52:07.0223 2636 Parport - ok
19:52:07.0254 2636 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:52:07.0254 2636 partmgr - ok
19:52:07.0269 2636 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:52:07.0285 2636 PcaSvc - ok
19:52:07.0347 2636 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:52:07.0347 2636 pccsmcfd - ok
19:52:07.0363 2636 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:52:07.0379 2636 pci - ok
19:52:07.0410 2636 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:52:07.0410 2636 pciide - ok
19:52:07.0441 2636 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:52:07.0457 2636 pcmcia - ok
19:52:07.0457 2636 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:52:07.0472 2636 pcw - ok
19:52:07.0503 2636 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:52:07.0535 2636 PEAUTH - ok
19:52:07.0613 2636 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:52:07.0628 2636 PerfHost - ok
19:52:07.0675 2636 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:52:07.0722 2636 pla - ok
19:52:07.0784 2636 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:52:07.0800 2636 PlugPlay - ok
19:52:07.0847 2636 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:52:07.0847 2636 PNRPAutoReg - ok
19:52:07.0893 2636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:52:07.0909 2636 PNRPsvc - ok
19:52:07.0987 2636 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:52:08.0018 2636 PolicyAgent - ok
19:52:08.0034 2636 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:52:08.0065 2636 Power - ok
19:52:08.0112 2636 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:52:08.0143 2636 PptpMiniport - ok
19:52:08.0159 2636 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:52:08.0159 2636 Processor - ok
19:52:08.0190 2636 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:52:08.0205 2636 ProfSvc - ok
19:52:08.0221 2636 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:52:08.0237 2636 ProtectedStorage - ok
19:52:08.0268 2636 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:52:08.0299 2636 Psched - ok
19:52:08.0346 2636 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:52:08.0377 2636 ql2300 - ok
19:52:08.0393 2636 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:52:08.0408 2636 ql40xx - ok
19:52:08.0424 2636 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:52:08.0439 2636 QWAVE - ok
19:52:08.0455 2636 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:52:08.0471 2636 QWAVEdrv - ok
19:52:08.0486 2636 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:52:08.0517 2636 RasAcd - ok
19:52:08.0549 2636 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:52:08.0580 2636 RasAgileVpn - ok
19:52:08.0595 2636 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:52:08.0627 2636 RasAuto - ok
19:52:08.0642 2636 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:52:08.0673 2636 Rasl2tp - ok
19:52:08.0705 2636 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:52:08.0736 2636 RasMan - ok
19:52:08.0751 2636 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:52:08.0783 2636 RasPppoe - ok
19:52:08.0783 2636 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:52:08.0814 2636 RasSstp - ok
19:52:08.0845 2636 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:52:08.0876 2636 rdbss - ok
19:52:08.0876 2636 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:52:08.0892 2636 rdpbus - ok
19:52:08.0907 2636 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:52:08.0939 2636 RDPCDD - ok
19:52:08.0970 2636 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:52:09.0001 2636 RDPENCDD - ok
19:52:09.0001 2636 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:52:09.0032 2636 RDPREFMP - ok
19:52:09.0063 2636 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:52:09.0079 2636 RDPWD - ok
19:52:09.0110 2636 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:52:09.0126 2636 rdyboost - ok
19:52:09.0141 2636 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:52:09.0173 2636 RemoteAccess - ok
19:52:09.0219 2636 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:52:09.0251 2636 RemoteRegistry - ok
19:52:09.0266 2636 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:52:09.0297 2636 RpcEptMapper - ok
19:52:09.0313 2636 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:52:09.0329 2636 RpcLocator - ok
19:52:09.0375 2636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:52:09.0407 2636 RpcSs - ok
19:52:09.0422 2636 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:52:09.0453 2636 rspndr - ok
19:52:09.0469 2636 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:52:09.0469 2636 SamSs - ok
19:52:09.0516 2636 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:52:09.0516 2636 sbp2port - ok
19:52:09.0547 2636 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:52:09.0578 2636 SCardSvr - ok
19:52:09.0594 2636 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:52:09.0625 2636 scfilter - ok
19:52:09.0656 2636 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:52:09.0687 2636 Schedule - ok
19:52:09.0719 2636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:52:09.0750 2636 SCPolicySvc - ok
19:52:09.0765 2636 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:52:09.0765 2636 SDRSVC - ok
19:52:09.0890 2636 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
19:52:09.0906 2636 SDScannerService - ok
19:52:09.0984 2636 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:52:09.0999 2636 SDUpdateService - ok
19:52:10.0031 2636 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:52:10.0031 2636 SDWSCService - ok
19:52:10.0062 2636 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:52:10.0093 2636 secdrv - ok
19:52:10.0124 2636 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:52:10.0140 2636 seclogon - ok
19:52:10.0171 2636 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:52:10.0202 2636 SENS - ok
19:52:10.0218 2636 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:52:10.0233 2636 SensrSvc - ok
19:52:10.0249 2636 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:52:10.0265 2636 Serenum - ok
19:52:10.0280 2636 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:52:10.0296 2636 Serial - ok
19:52:10.0311 2636 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:52:10.0311 2636 sermouse - ok
19:52:10.0405 2636 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:52:10.0421 2636 ServiceLayer - ok
19:52:10.0452 2636 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:52:10.0483 2636 SessionEnv - ok
19:52:10.0514 2636 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:52:10.0530 2636 sffdisk - ok
19:52:10.0545 2636 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:52:10.0545 2636 sffp_mmc - ok
19:52:10.0561 2636 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:52:10.0577 2636 sffp_sd - ok
19:52:10.0577 2636 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:52:10.0592 2636 sfloppy - ok
19:52:10.0623 2636 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:52:10.0655 2636 SharedAccess - ok
19:52:10.0686 2636 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:52:10.0717 2636 ShellHWDetection - ok
19:52:10.0748 2636 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:52:10.0748 2636 SiSRaid2 - ok
19:52:10.0764 2636 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:52:10.0779 2636 SiSRaid4 - ok
19:52:10.0811 2636 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:52:10.0811 2636 SkypeUpdate - ok
19:52:10.0842 2636 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:52:10.0873 2636 Smb - ok
19:52:10.0904 2636 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:52:10.0920 2636 SNMPTRAP - ok
19:52:10.0935 2636 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:52:10.0935 2636 spldr - ok
19:52:10.0967 2636 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:52:10.0982 2636 Spooler - ok
19:52:11.0060 2636 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:52:11.0123 2636 sppsvc - ok
19:52:11.0138 2636 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:52:11.0169 2636 sppuinotify - ok
19:52:11.0216 2636 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:52:11.0232 2636 srv - ok
19:52:11.0247 2636 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:52:11.0263 2636 srv2 - ok
19:52:11.0263 2636 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:52:11.0279 2636 srvnet - ok
19:52:11.0310 2636 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:52:11.0341 2636 SSDPSRV - ok
19:52:11.0357 2636 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:52:11.0388 2636 SstpSvc - ok
19:52:11.0403 2636 Steam Client Service - ok
19:52:11.0450 2636 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:52:11.0466 2636 Stereo Service - ok
19:52:11.0497 2636 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:52:11.0513 2636 stexstor - ok
19:52:11.0528 2636 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:52:11.0559 2636 stisvc - ok
19:52:11.0591 2636 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:52:11.0591 2636 swenum - ok
19:52:11.0606 2636 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:52:11.0653 2636 swprv - ok
19:52:11.0715 2636 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:52:11.0747 2636 SysMain - ok
19:52:11.0762 2636 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:52:11.0778 2636 TabletInputService - ok
19:52:11.0793 2636 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:52:11.0825 2636 TapiSrv - ok
19:52:11.0840 2636 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:52:11.0871 2636 TBS - ok
19:52:11.0934 2636 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:52:11.0965 2636 Tcpip - ok
19:52:12.0012 2636 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:52:12.0043 2636 TCPIP6 - ok
19:52:12.0074 2636 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:52:12.0074 2636 tcpipreg - ok
19:52:12.0137 2636 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:52:12.0137 2636 TDPIPE - ok
19:52:12.0152 2636 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:52:12.0168 2636 TDTCP - ok
19:52:12.0183 2636 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:52:12.0215 2636 tdx - ok
19:52:12.0230 2636 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:52:12.0246 2636 TermDD - ok
19:52:12.0261 2636 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:52:12.0308 2636 TermService - ok
19:52:12.0308 2636 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:52:12.0324 2636 Themes - ok
19:52:12.0355 2636 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:52:12.0386 2636 THREADORDER - ok
19:52:12.0386 2636 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:52:12.0417 2636 TrkWks - ok
19:52:12.0480 2636 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:52:12.0511 2636 TrustedInstaller - ok
19:52:12.0527 2636 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:52:12.0558 2636 tssecsrv - ok
19:52:12.0589 2636 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:52:12.0605 2636 TsUsbFlt - ok
19:52:12.0620 2636 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:52:12.0651 2636 tunnel - ok
19:52:12.0683 2636 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:52:12.0698 2636 uagp35 - ok
19:52:12.0714 2636 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:52:12.0745 2636 udfs - ok
19:52:12.0761 2636 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:52:12.0776 2636 UI0Detect - ok
19:52:12.0807 2636 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:52:12.0807 2636 uliagpkx - ok
19:52:12.0854 2636 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:52:12.0870 2636 umbus - ok
19:52:12.0885 2636 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:52:12.0885 2636 UmPass - ok
19:52:12.0963 2636 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
19:52:12.0963 2636 Updater Service - ok
19:52:13.0041 2636 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:52:13.0073 2636 upnphost - ok
19:52:13.0119 2636 [ 907F50B8695DAA65A9445D27AD306E65 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:52:13.0151 2636 upperdev - ok
19:52:13.0166 2636 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:52:13.0182 2636 usbccgp - ok
19:52:13.0213 2636 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:52:13.0213 2636 usbcir - ok
19:52:13.0229 2636 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:52:13.0229 2636 usbehci - ok
19:52:13.0260 2636 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:52:13.0275 2636 usbhub - ok
19:52:13.0275 2636 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:52:13.0291 2636 usbohci - ok
19:52:13.0307 2636 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:52:13.0322 2636 usbprint - ok
19:52:13.0338 2636 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
19:52:13.0353 2636 usbser - ok
19:52:13.0369 2636 [ 3F7498527B48657091C355F683BEB0DD ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:52:13.0385 2636 UsbserFilt - ok
19:52:13.0400 2636 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:52:13.0416 2636 USBSTOR - ok
19:52:13.0431 2636 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:52:13.0447 2636 usbuhci - ok
19:52:13.0463 2636 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:52:13.0494 2636 UxSms - ok
19:52:13.0494 2636 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:52:13.0509 2636 VaultSvc - ok
19:52:13.0525 2636 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:52:13.0541 2636 vdrvroot - ok
19:52:13.0572 2636 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:52:13.0603 2636 vds - ok
19:52:13.0619 2636 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:52:13.0634 2636 vga - ok
19:52:13.0634 2636 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:52:13.0665 2636 VgaSave - ok
19:52:13.0697 2636 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:52:13.0712 2636 vhdmp - ok
19:52:13.0743 2636 [ 1161ACFF728D97F75D74D2F1465F8A46 ] vhidmini C:\Windows\system32\DRIVERS\vHidDev.sys
19:52:13.0743 2636 vhidmini - ok
19:52:13.0759 2636 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:52:13.0775 2636 viaide - ok
19:52:13.0775 2636 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:52:13.0790 2636 volmgr - ok
19:52:13.0821 2636 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:52:13.0837 2636 volmgrx - ok
19:52:13.0853 2636 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:52:13.0853 2636 volsnap - ok
19:52:13.0884 2636 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:52:13.0899 2636 vsmraid - ok
19:52:13.0946 2636 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:52:13.0993 2636 VSS - ok
19:52:14.0009 2636 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:52:14.0009 2636 vwifibus - ok
19:52:14.0040 2636 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:52:14.0071 2636 W32Time - ok
19:52:14.0102 2636 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:52:14.0102 2636 WacomPen - ok
19:52:14.0133 2636 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:52:14.0165 2636 WANARP - ok
19:52:14.0165 2636 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:52:14.0196 2636 Wanarpv6 - ok
19:52:14.0243 2636 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:52:14.0274 2636 wbengine - ok
19:52:14.0289 2636 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:52:14.0305 2636 WbioSrvc - ok
19:52:14.0336 2636 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:52:14.0352 2636 wcncsvc - ok
19:52:14.0352 2636 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:52:14.0367 2636 WcsPlugInService - ok
19:52:14.0383 2636 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:52:14.0399 2636 Wd - ok
19:52:14.0430 2636 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:52:14.0461 2636 Wdf01000 - ok
19:52:14.0477 2636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:52:14.0492 2636 WdiServiceHost - ok
19:52:14.0492 2636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:52:14.0508 2636 WdiSystemHost - ok
19:52:14.0539 2636 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:52:14.0555 2636 WebClient - ok
19:52:14.0570 2636 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:52:14.0601 2636 Wecsvc - ok
19:52:14.0617 2636 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:52:14.0648 2636 wercplsupport - ok
19:52:14.0648 2636 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:52:14.0679 2636 WerSvc - ok
19:52:14.0711 2636 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:52:14.0742 2636 WfpLwf - ok
19:52:14.0742 2636 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:52:14.0757 2636 WIMMount - ok
19:52:14.0789 2636 WinDefend - ok
19:52:14.0789 2636 WinHttpAutoProxySvc - ok
19:52:14.0867 2636 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:52:14.0898 2636 Winmgmt - ok
19:52:14.0945 2636 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:52:15.0007 2636 WinRM - ok
19:52:15.0054 2636 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:52:15.0069 2636 Wlansvc - ok
19:52:15.0101 2636 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:52:15.0116 2636 WmiAcpi - ok
19:52:15.0132 2636 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:52:15.0147 2636 wmiApSrv - ok
19:52:15.0147 2636 WMPNetworkSvc - ok
19:52:15.0163 2636 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:52:15.0179 2636 WPCSvc - ok
19:52:15.0210 2636 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:52:15.0225 2636 WPDBusEnum - ok
19:52:15.0241 2636 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:52:15.0272 2636 ws2ifsl - ok
19:52:15.0288 2636 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:52:15.0303 2636 wscsvc - ok
19:52:15.0319 2636 WSearch - ok
19:52:15.0381 2636 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:52:15.0413 2636 wuauserv - ok
19:52:15.0444 2636 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:52:15.0459 2636 WudfPf - ok
19:52:15.0475 2636 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:52:15.0491 2636 WUDFRd - ok
19:52:15.0506 2636 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:52:15.0522 2636 wudfsvc - ok
19:52:15.0522 2636 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:52:15.0553 2636 WwanSvc - ok
19:52:15.0600 2636 [ 0461FE1DAC97D41F32146268E50ECB18 ] yksvc C:\Windows\System32\yk62x64.dll
19:52:15.0615 2636 yksvc - ok
19:52:15.0631 2636 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:52:15.0662 2636 yukonw7 - ok
19:52:15.0662 2636 ================ Scan global ===============================
19:52:15.0678 2636 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:52:15.0725 2636 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:52:15.0725 2636 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:52:15.0771 2636 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:52:15.0803 2636 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:52:15.0803 2636 [Global] - ok
19:52:15.0803 2636 ================ Scan MBR ==================================
19:52:15.0818 2636 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
19:52:18.0111 2636 \Device\Harddisk0\DR0 - ok
19:52:18.0111 2636 ================ Scan VBR ==================================
19:52:18.0111 2636 [ 9CE68D44E530C0C76A4A80454E55C965 ] \Device\Harddisk0\DR0\Partition1
19:52:18.0111 2636 \Device\Harddisk0\DR0\Partition1 - ok
19:52:18.0127 2636 [ CD93565A18FB21C6A7A87478A22F80E9 ] \Device\Harddisk0\DR0\Partition2
19:52:18.0127 2636 \Device\Harddisk0\DR0\Partition2 - ok
19:52:18.0143 2636 [ 41A722363E6B03E7AD7C68325CBE134B ] \Device\Harddisk0\DR0\Partition3
19:52:18.0158 2636 \Device\Harddisk0\DR0\Partition3 - ok
19:52:18.0158 2636 ============================================================
19:52:18.0158 2636 Scan finished
19:52:18.0158 2636 ============================================================
19:52:18.0158 0720 Detected object count: 0
19:52:18.0158 0720 Actual detected object count: 0
19:52:20.0389 3244 Deinitialize success


Alt 03.03.2013, 19:54   #6
markusg
/// Malware-holic
 
Avazutracking virus - Standard

Avazutracking virus


Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Avazutracking virus

Alt 03.03.2013, 20:34   #7
Avog
 
Avazutracking virus - Standard

Avazutracking virus


Combofix meinte das Spybot noch offen ist war aber nicht offen

Code:
ATTFilter
ComboFix 13-03-02.01 - Finn 03.03.2013  20:04:10.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6143.4522 [GMT 1:00]
ausgeführt von:: c:\users\Finn\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-03 bis 2013-03-03  ))))))))))))))))))))))))))))))
.
.
2013-03-03 19:13 . 2013-03-03 19:13	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-03 19:13 . 2013-03-03 19:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-03 17:42 . 2013-03-03 17:42	--------	d-----w-	C:\_OTL
2013-03-03 14:05 . 2013-03-03 14:09	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-03-03 14:05 . 2009-01-25 11:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
2013-03-03 14:05 . 2013-03-03 14:05	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-03 14:04 . 2013-03-03 14:04	--------	d-----w-	c:\users\Finn\AppData\Local\Programs
2013-02-28 12:58 . 2013-02-28 12:58	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-28 12:58 . 2013-02-28 12:58	--------	d-----w-	c:\program files (x86)\Java
2013-02-15 13:11 . 2013-02-15 13:11	--------	d-----w-	c:\programdata\Ask
2013-02-14 15:38 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 15:38 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 15:37 . 2013-01-09 01:04	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-14 15:37 . 2013-01-09 01:04	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-02-14 15:37 . 2013-01-08 21:56	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-02-14 15:37 . 2013-01-09 01:53	182816	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-02-14 15:37 . 2013-01-09 01:09	304640	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-02-14 15:37 . 2013-01-08 22:42	149528	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-02-14 15:37 . 2013-01-08 22:00	194048	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2013-02-14 15:37 . 2013-01-08 21:58	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-02-14 10:40 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 10:40 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 10:40 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 10:40 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 10:40 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-14 10:40 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-14 10:40 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-14 10:40 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-14 10:40 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-14 10:40 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-14 10:40 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 10:40 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-10 19:22 . 2013-03-03 18:08	--------	d-----w-	c:\users\Finn\AppData\Roaming\TS3Client
2013-02-10 19:22 . 2013-02-10 19:22	--------	d-----w-	c:\program files\TeamSpeak 3 Client
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 12:58 . 2012-10-08 13:56	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-02-28 12:58 . 2012-10-08 13:56	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-27 16:24 . 2012-10-01 20:52	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 16:24 . 2012-10-01 20:52	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-14 15:40 . 2012-10-07 01:00	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-14 10:40	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-29 10:34 . 2013-01-06 18:25	9389888	----a-w-	c:\windows\system32\nvcuda.dll
2012-12-29 10:34 . 2013-01-06 18:25	7931896	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-12-29 10:34 . 2013-01-06 18:25	7565240	----a-w-	c:\windows\system32\nvopencl.dll
2012-12-29 10:34 . 2013-01-06 18:25	6263784	----a-w-	c:\windows\SysWow64\nvopencl.dll
2012-12-29 10:34 . 2013-01-06 18:25	2904504	----a-w-	c:\windows\system32\nvcuvid.dll
2012-12-29 10:34 . 2013-01-06 18:25	2720696	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-12-29 10:34 . 2013-01-06 18:25	26931128	----a-w-	c:\windows\system32\nvoglv64.dll
2012-12-29 10:34 . 2013-01-06 18:25	25256376	----a-w-	c:\windows\system32\nvcompiler.dll
2012-12-29 10:34 . 2013-01-06 18:25	2344888	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-06 18:25	20450232	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-12-29 10:34 . 2013-01-06 18:25	1985976	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-06 18:25	18054312	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2013-01-06 18:25	17560504	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-12-29 10:34 . 2013-01-06 18:25	15129064	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2013-01-06 18:25	10997176	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:34 . 2012-10-10 20:23	2824656	----a-w-	c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2012-10-10 20:23	15052368	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2012-10-10 20:23	12641120	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 10:34 . 2012-10-10 20:22	2504248	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2012-10-02 20:23	1813432	----a-w-	c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-10-02 20:23	1504696	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-12-29 08:40 . 2009-09-19 04:09	6382008	----a-w-	c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2009-09-19 04:09	3455416	----a-w-	c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2009-09-19 04:09	884152	----a-w-	c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2009-09-19 04:09	63928	----a-w-	c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2009-09-19 04:09	2558392	----a-w-	c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2009-09-19 04:09	118712	----a-w-	c:\windows\system32\nvmctray.dll
2012-12-29 01:54 . 2012-12-29 01:54	550328	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-12-16 17:11 . 2012-12-21 15:45	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 15:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:45	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:45	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-12 12:49 . 2012-10-01 19:28	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-12 12:49 . 2012-10-01 19:28	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-07 13:20 . 2013-01-09 16:03	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 16:03	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 16:03	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 16:03	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 16:03	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 16:03	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 16:03	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 16:03	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 16:03	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 16:03	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 16:03	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 16:03	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 16:03	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 16:03	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 16:03	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 16:03	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 16:03	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 16:03	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 16:03	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 16:03	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 16:03	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 16:03	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 16:03	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 16:03	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 16:03	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 16:03	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 16:03	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 16:03	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 16:03	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 16:03	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 16:03	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 16:03	51712	----a-w-	c:\windows\SysWow64\esrb.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-09-21 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-09-21 14:38	1521872	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-09-21 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-10 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"Abyssus"="c:\program files (x86)\Razer\Abyssus\razerhid.exe" [2010-05-10 223744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-06-11 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-06-11 171008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-12 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-02-12 565472]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 05120718
*NewlyCreated* - 25324916
*NewlyCreated* - 30213164
*NewlyCreated* - 95276521
*Deregistered* - 05120718
*Deregistered* - 25324916
*Deregistered* - 30213164
*Deregistered* - 95276521
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-24 13:45	1629648	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 16:24]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21 20:29]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21 20:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5120&r=173610129816p0405v125y4401930o
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5120&r=173610129816p0405v125y4401930o
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Finn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\jhsm0u7i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
FF - ExtSQL: 2013-01-05 15:12; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: !HIDDEN! 2012-10-08 15:45; mail@shopping-preise.de; c:\users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\jhsm0u7i.default\extensions\mail@shopping-preise.de
FF - ExtSQL: !HIDDEN! 2012-10-08 15:45; firejump@firejump.net; c:\users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\jhsm0u7i.default\extensions\firejump@firejump.net
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-03  20:32:07
ComboFix-quarantined-files.txt  2013-03-03 19:32
.
Vor Suchlauf: 10 Verzeichnis(se), 364.228.370.432 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 363.937.615.872 Bytes frei
.
- - End Of File - - 8BC1EAA22923B2C6FD7C14BA4EACA743

Alt 03.03.2013, 20:46   #8
markusg
/// Malware-holic
 
Avazutracking virus - Standard

Avazutracking virus


hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2013, 21:36   #9
Avog
 
Avazutracking virus - Standard

Avazutracking virus


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.03.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Finn :: FINN-PC [Administrator]

Schutz: Aktiviert

03.03.2013 20:50:03
mbam-log-2013-03-03 (20-50-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 369509
Laufzeit: 43 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 03.03.2013, 21:39   #10
markusg
/// Malware-holic
 
Avazutracking virus - Standard

Avazutracking virus


hi

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2013, 21:54   #11
Avog
 
Avazutracking virus - Standard

Avazutracking virus


hoffe ich habe alles richtig:
Code:
ATTFilter
Acrobat.com	Adobe Systems Incorporated	27.10.2009	1,60MB	1.6.65 notwendig
Adobe AIR	Adobe Systems Inc.	27.10.2009		1.5.0.7220 notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	27.02.2013	6,00MB	11.6.602.171 notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	27.02.2013	6,00MB	11.6.602.171 notwendig
Adobe Reader 9.5.4 MUI	Adobe Systems Incorporated	24.02.2013	656MB	9.5.4 notwendig
Amazon MP3-Downloader 1.0.17	Amazon Services LLC	22.01.2013		1.0.17 notwendig
ATI Catalyst Install Manager	ATI Technologies, Inc.	01.10.2012	18,1MB	3.0.715.0 unbekannt
Avira Free Antivirus	Avira	12.02.2013	122MB	13.0.0.3185 notwendig
Avira SearchFree Toolbar plus Web Protection	Ask.com	01.10.2012	9,65MB	1.15.5.0 unnötig
Avira SearchFree Toolbar plus Web Protection Updater	Ask.com	01.10.2012		1.2.2.26921 unnötig
CCleaner	Piriform	24.09.2012		3.23 notwendig
Compatibility Pack für 2007 Office System	Microsoft Corporation	09.01.2013	49,1MB	12.0.6612.1000 unbekannt
Counter-Strike: Global Offensive		15.10.2012 notwendig	
Desktop Icon für Amazon		08.10.2012		1.0.1 (de) unbekannt
Diablo III	Blizzard Entertainment	13.02.2013		1.0.7.14633 notwendig
FireJump	FireJump.net	08.10.2012	4,28MB	1.0.2.5 unbekannt
Free YouTube to MP3 Converter version 3.11.37.1212	DVDVideoSoft Ltd.	05.01.2013	72,8MB	3.11.37.1212 notwendig
Google Chrome	Google Inc.	21.11.2012		25.0.1364.97 unnötig
Guild Wars 2	NCsoft Corporation, Ltd.	01.10.2012 unnötig		
ICQ 7.1 Build #2096 Banner Remover 1.0	murb.com	08.10.2012	2,22MB notwendig	 
ICQ Status Checker 1.9	murb.com	26.11.2012	3,70MB notwendig	
ICQ7M	ICQ	01.10.2012		7.8 notwendig
Identity Card	Packard Bell	01.10.2012		1.00.3002 unbekannt
Java 7 Update 15	Oracle	28.02.2013	129MB	7.0.150 notwendig
League of Legends	Riot Games	10.12.2012		1.3 unnötig
Logitech GamePanel Software 3.05.151	Logitech Inc.	01.10.2012	74,3MB	3.05.151 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	03.03.2013	18,4MB	1.70.0.1100 notwendig 
Marvell Miniport Driver	Marvell	01.10.2012		10.70.3.3 unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	05.10.2012	38,8MB	4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	05.10.2012	2,93MB	4.0.30319 notwendig
Microsoft Office File Validation Add-In	Microsoft Corporation	11.10.2012	7,95MB	14.0.5130.5003 unbekannt
Microsoft Office Home and Student 2007	Microsoft Corporation	03.10.2012		12.0.6612.1000 unbekannt
Microsoft Office Language Pack 2007 - German/Deutsch	Microsoft Corporation	03.10.2012		12.0.6612.1000 unbekannt
Microsoft Office Live Add-in 1.5	Microsoft Corporation	08.10.2012	508KB	2.0.4024.1 unbekannt
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	09.01.2013	4,52MB	12.0.6612.1000 unbekannt
Microsoft Office Suite Activation Assistant	Microsoft Corporation	27.10.2009	8,36MB	2.9 unbekannt
Microsoft Silverlight	Microsoft Corporation	03.10.2012	54,6MB	4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	01.10.2012	1,72MB	3.1.0000 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	06.10.2012	572KB	8.0.61000 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	10.02.2013	788KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	11.02.2013	788KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	02.10.2012	596KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	07.10.2012	600KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	03.10.2012	16,5MB	10.0.40219 unbekannt
Microsoft Works	Microsoft Corporation	11.10.2012	876MB	9.7.0621 unbekannt
Mozilla Firefox 19.0 (x86 de)	Mozilla	20.02.2013	43,7MB	19.0 notwendig
Mozilla Maintenance Service	Mozilla	20.02.2013	330KB	19.0 unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	07.10.2012	1,27MB	4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	07.10.2012	1,33MB	4.20.9876.0 unbekannt
Nero 9 Essentials	Nero AG	01.10.2012 notwendig		
Nokia Connectivity Cable Driver	Nokia	29.11.2012	3,95MB	7.1.92.0 unnötig
Nokia Suite	Nokia	29.11.2012		3.6.36.0 unnötig
NVIDIA 3D Vision Controller-Treiber 310.90	NVIDIA Corporation	06.01.2013		310.90 notwendig
NVIDIA 3D Vision Treiber 310.90	NVIDIA Corporation	06.01.2013		310.90 notwendig
NVIDIA Grafiktreiber 310.90	NVIDIA Corporation	06.01.2013		310.90 notwendig
NVIDIA HD-Audiotreiber 1.3.18.0	NVIDIA Corporation	06.01.2013		1.3.18.0 notwendig
NVIDIA PhysX-Systemsoftware 9.12.1031	NVIDIA Corporation	06.01.2013		9.12.1031 notwendig
NVIDIA Update 1.11.3	NVIDIA Corporation	06.01.2013		1.11.3 notwendig
Opera 12.11	Opera Software ASA	20.11.2012		12.11.1661 notwendig
Packard Bell Recovery Management	Packard Bell	27.10.2009		4.05.3005 unbekannt
Packard Bell ScreenSaver	Packard Bell Incorporated	01.10.2012		1.1.0812 unbekannt
Packard Bell Software Suite SE	Packard Bell	01.10.2012		2.01.3001 unbekannt
Packard Bell Updater	Packard Bell	27.10.2009		1.01.3017 unbekannt
Pando Media Booster	Pando Networks Inc.	10.12.2012	5,46MB	2.6.0.8 unbekannt
PC Connectivity Solution	Nokia	29.11.2012	21,2MB	12.0.48.0 unbekannt
Preispilot für Firefox	Preispilot	08.10.2012	1,75MB	2.0 unbekannt
Razer Abyssus	 Razer USA Ltd.	01.10.2012		2.00 notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	27.10.2009		6.0.1.5898 notwendig
shopping-preise.de AddOn Firefox	shopping-preise.de	08.10.2012	1,52MB	2.81 unbekannt
Skype™ 5.10	Skype Technologies S.A.	01.10.2012	19,4MB	5.10.116 notwendig
Spybot - Search & Destroy	Safer-Networking Ltd.	03.03.2013	135MB	2.0.12 notwendig
Steam	Valve Corporation	15.10.2012	35,4MB	1.0.0.0 notwendig
TeamSpeak 3 Client	TeamSpeak Systems GmbH	10.02.2013		3.0.6 notwendig
Trillian	Cerulean Studios, LLC	11.01.2013 unbekannt		
Welcome Center	Packard Bell	01.10.2012		1.00.3008 notwendig
Winamp	Nullsoft, Inc	01.03.2013		5.63 notwendig
Winamp Erkennungs-Plug-in	Nullsoft, Inc	01.10.2012	75,0KB	1.0.0.1 notwendig
Windows Live Anmelde-Assistent	Microsoft Corporation	01.10.2012	1,93MB	5.000.818.5 unbekannt
Windows Live Essentials	Microsoft Corporation	01.10.2012		14.0.8089.0726 unbekannt
Windows Live Sync	Microsoft Corporation	01.10.2012	2,79MB	14.0.8089.726 unbekannt
Windows Live-Uploadtool	Microsoft Corporation	01.10.2012	224KB	14.0.8014.1029 unbekannt
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)	Nokia	29.11.2012		05/31/2012 7.1.2.0 unbekannt
WinRAR 4.20 (64-Bit)	win.rar GmbH	01.10.2012		4.20.0 notwendig
Moin, habe mal eine zwischenfrage: "Soll ich bis zu beseitigung des problems lieber KEINE onlinegames zoggen wenn mir meine daten lieb sind?"

MFG Finn

Alt 04.03.2013, 20:16   #12
markusg
/// Malware-holic
 
Avazutracking virus - Standard

Avazutracking virus


deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Avira SearchFree : beide
Desktop Icon
FireJump
Google Chrome
Guild
League
Microsoft Office : falls nicht verwendet
Microsoft Silverlight
Nokia : alle
PC Connectivity
Preispilot
shopping-preise
Spybot : verzichte drauf, bringt nichts.
Trillian
Windows Live : alle nicht verwendeten

passwörter auf jeden fall später ändern

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2013, 21:00   #13
Avog
 
Avazutracking virus - Standard

Avazutracking virus


Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 04/03/2013 um 20:55:54 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Finn - FINN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Finn\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\jhsm0u7i.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\jhsm0u7i.default\searchplugins\icqplugin-1.xml
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Finn\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Finn\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\jhsm0u7i.default\prefs.js

C:\Users\Finn\AppData\Roaming\Mozilla\Firefox\Profiles\jhsm0u7i.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1349122184);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options itb_people itb_zoom_in itb_zoom_out itb_zoom_def[...]
Gelöscht : user_pref("icqtoolbar.history", "lena%20st%C3%B6rfaktor||celeb%20cate||diablo%20progress||wd%20diabl[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1349209131");
Gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "15.0.1");
Gelöscht : user_pref("icqtoolbar.showPc", false);
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "134912028213491213241349122184813");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1349442328);
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.11.1661.0

Datei : C:\Users\Finn\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [5114 octets] - [04/03/2013 20:55:54]

########## EOF - C:\AdwCleaner[S1].txt - [5174 octets] ##########
soll ich alle passwörter ändern?
welche pogramm soll ich alternativ zu spybot nutzen

Alt 04.03.2013, 21:01   #14
markusg
/// Malware-holic
 
Avazutracking virus - Standard

Avazutracking virus


hi
behalte Malwarebytes.
passwörter noch nicht ändern
neustarten.
HitmanPro - Download - Filepony
Hitmanpro laden, doppelklicken, Lizenz, Testlizenz.
Auf Scan, nichts löschen, auf Weiter, Log als xml exportieren und posten, bzw packen und anhängen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2013, 21:16   #15
Avog
 
Avazutracking virus - Standard

Avazutracking virus


Hoffe das hat geklapt

Antwort
Seite 1 von 2 1 2

Themen zu Avazutracking virus
antivir, autorun, avazutracking, avira, avira searchfree toolbar, battle.net, bho, converter, error, excel, fehler, firefox, flash player, home, install.exe, installation, launch, logfile, mozilla, msiinstaller, ntdll.dll, nvidia update, object, office 2007, packard bell, pando media booster, plug-in, realtek, registry, richtlinie, rundll, safer networking, scan, security, seth.avazutracking.net, software, svchost.exe, teamspeak, unknown mbr, virus, windows


« Windows 7 Anwenderprogramme öffnen nur sehr langsam | Groupon Trojaner gefährlich für Linux? »


Ähnliche Themen: Avazutracking virus


  1. Tablet Aus Nexus 7 avazutracking.net Google chrome Problem
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (1)
  2. Avazutracking
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (17)
  3. Seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (11)
  4. Seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (12)
  5. Seth.avazutracking.net - Problem
    Log-Analyse und Auswertung - 14.10.2013 (7)
  6. seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (9)
  7. Avazutracking entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (17)
  8. seth.avazutracking.net Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (9)
  9. Seth Avazutracking.net
    Log-Analyse und Auswertung - 02.08.2013 (13)
  10. Unsicher ob wirklich Virus eingefangen- avazutracking !
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (13)
  11. Seth.avazutracking.net
    Log-Analyse und Auswertung - 25.06.2013 (4)
  12. Avazutracking Virus
    Plagegeister aller Art und deren Bekämpfung - 22.06.2013 (9)
  13. Unsicher ob wirklich Virus eingefangen- avazutracking
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (15)
  14. http://seth.avazutracking.net/tracking/redirect/
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (1)
  15. Seth. avazutracking.net
    Log-Analyse und Auswertung - 12.04.2013 (20)
  16. Seth Avazutracking.net und ad.yieldmanager.com entfernen?
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (26)
  17. Seth. avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (36)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avazutracking virus - Hallo, als ich vorhin am surfen war ging aufeinmal die Seite seth.avazutracking.net auf. Vor 2-3 tagen hatte ich bei der installation von Winamp einen misteriösen schwarzen Kasten (rote schrift) an - Avazutracking virus...
Archiv
Du betrachtest: Avazutracking virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131