| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Blackscreen nach BootWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.04.2013, 16:37
| #1 |
| |  Blackscreen nach Boot Hallo zusammen, habe vorhin mein Notebook gestartet, Anfrage zur Systemüberprüfung beim Boot durchgeführt, seitdem Blackscreen nach dem Login + weißer Mauszeiger. Malwarebytes hat im abgesicherten Modus nichts ergeben. Taskmanager lässt sich im normalen Modus nicht aufrufen, Fehlermeldung: "Die Anwendung konnte nicht korrekt gestartet werden (0xc0000022). Klicken sie auf "OK", um die Anwendung zu schließen" Code:
ATTFilter OTL logfile created on: 06.04.2013 16:52:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 72,18% Memory free 7,71 Gb Paging File | 6,79 Gb Available in Paging File | 88,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 56,58 Gb Free Space | 48,60% Space Free | Partition Type: NTFS Drive D: | 329,79 Gb Total Space | 214,24 Gb Free Space | 64,96% Space Free | Partition Type: NTFS Drive F: | 7,46 Gb Total Space | 7,13 Gb Free Space | 95,58% Space Free | Partition Type: FAT32 Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.06 15:08:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2011.10.18 00:54:38 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2010.08.11 14:01:06 | 004,018,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\OO Software\DiskImage\oodiag.exe -- (OO DiskImage) SRV:64bit: - [2009.12.08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.11.27 05:39:45 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.11.11 10:29:13 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.08.06 23:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.03.31 16:31:39 | 000,968,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0) SRV - [2013.03.21 22:51:22 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.21 22:39:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.06 10:59:12 | 002,569,168 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.02.28 00:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013.02.19 05:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws) SRV - [2013.02.19 05:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.08.23 12:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.27 05:39:45 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe -- (STacSV) SRV - [2009.11.10 04:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.31 16:31:39 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2013.02.27 00:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2013.02.14 04:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2013.02.08 05:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2013.02.08 05:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2013.02.08 05:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2013.02.08 05:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2013.02.08 05:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.09.04 11:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.08.11 14:02:36 | 000,043,600 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\oodivdh.sys -- (oodivdh) DRV:64bit: - [2010.08.11 14:02:34 | 000,215,120 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oodivd.sys -- (oodivd) DRV:64bit: - [2010.08.11 14:02:32 | 000,040,016 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\oodisrh.sys -- (oodisrh) DRV:64bit: - [2010.08.11 14:02:30 | 000,117,328 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oodisr.sys -- (oodisr) DRV:64bit: - [2009.11.27 05:39:45 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.11.13 11:47:35 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.11.11 11:02:11 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.10.26 06:39:43 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009.10.05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.30 03:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.08.12 05:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.08.06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.08.06 23:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.12.08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.03.12 15:26:00 | 000,106,496 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\STK02NW2.sys -- (DCamUSBSTK02N) DRV - [2012.07.04 16:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2010.02.24 20:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/09/16 18:48:01] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2007.03.12 15:25:00 | 000,101,520 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\STK02NW2.sys -- (DCamUSBSTK02N) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=08104E5D600379BF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=08104E5D600379BF IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=08104E5D600379BF IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid=&mid=807c76d844b547d0a623f18676bb741a-135112108420ea05a3ce03c3a4778c09d1be0864&lang=de&ds=AVG&pr=fr&d=&v=&pid=AVG&sg=&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=08104E5D600379BF" FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11222.992 FF - prefs.js..extensions.enabledAddons: %7B0F827075-B026-42F3-885D-98981EE7B1AE%7D:2.6.1125.80 FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.03.31 16:33:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.21 22:39:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.21 22:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.03.21 22:41:35 | 000,000,000 | ---D | M] [2011.01.18 17:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions [2013.03.21 22:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\28bu7e8y.default\extensions [2013.03.21 22:41:16 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\28bu7e8y.default\extensions\amo@dealplyshopping.com [2011.12.16 20:38:26 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\28bu7e8y.default\extensions\DefaultManager@Microsoft [2013.03.21 22:41:27 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\28bu7e8y.default\extensions\ffxtlbr@delta.com [2013.03.21 22:41:28 | 000,001,294 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\28bu7e8y.default\searchplugins\delta.xml [2013.03.21 22:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.21 22:38:56 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2013.03.31 16:33:05 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1 [2013.03.21 22:41:35 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION [2013.03.21 22:39:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.07 15:27:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.31 16:33:11 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2013.03.21 22:41:22 | 000,006,468 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=08104E5D600379BF CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\ CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0\ CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\ CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45474191-24C0-48B8-B758-A8C1EC2871EF}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8122EAAC-913C-4C01-93A7-B56714E62B4A}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99985665-B2C2-4B1E-9D0F-7AB091686B92}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.17 22:33:55 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{c5588729-1d96-11e0-843c-20cf305f9de9}\Shell - "" = AutoRun O33 - MountPoints2\{c5588729-1d96-11e0-843c-20cf305f9de9}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.06 15:33:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes [2013.04.06 15:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.06 15:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.06 15:33:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.06 15:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.06 15:33:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Programs [2013.04.06 15:19:21 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.04.06 14:18:11 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.04.05 15:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.03.29 23:01:41 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe [2013.03.29 23:01:41 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll [2013.03.29 23:01:41 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll [2013.03.29 23:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp [2013.03.29 23:01:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\AVG [2013.03.29 23:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2013.03.29 23:00:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013.03.29 22:23:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\AVG Secure Search [2013.03.29 22:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2013.03.29 22:23:14 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.03.29 22:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2013.03.29 22:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2013.03.26 20:57:33 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.26 20:41:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.03.26 20:41:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.03.25 22:00:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\vlc [2013.03.25 22:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.25 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.03.24 15:40:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\mh-software [2013.03.24 15:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mh-software [2013.03.24 15:38:55 | 001,827,896 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\actrpt2.dll [2013.03.24 15:38:55 | 001,204,872 | ---- | C] (gdpicture.com) -- C:\Windows\SysWow64\gdimagebox2.ocx [2013.03.24 15:38:55 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2013.03.24 15:38:55 | 000,609,336 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\ARVIEW2.OCX [2013.03.24 15:38:55 | 000,551,992 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\htmlexpt.dll [2013.03.24 15:38:55 | 000,540,672 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pesgo32b.ocx [2013.03.24 15:38:55 | 000,532,480 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pego32b.ocx [2013.03.24 15:38:55 | 000,471,040 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pe3do32b.ocx [2013.03.24 15:38:55 | 000,466,944 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pepso32b.ocx [2013.03.24 15:38:55 | 000,409,600 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pesgo32a.ocx [2013.03.24 15:38:55 | 000,405,504 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pego32a.ocx [2013.03.24 15:38:55 | 000,397,312 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pepco32b.ocx [2013.03.24 15:38:55 | 000,376,832 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pe3do32a.ocx [2013.03.24 15:38:55 | 000,375,864 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\pdfexpt.dll [2013.03.24 15:38:55 | 000,362,576 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\ActBar.ocx [2013.03.24 15:38:55 | 000,355,384 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\exclexpt.dll [2013.03.24 15:38:55 | 000,335,872 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pepco32a.ocx [2013.03.24 15:38:55 | 000,253,952 | ---- | C] (Inner Media, Inc.) -- C:\Windows\SysWow64\dzactx.dll [2013.03.24 15:38:55 | 000,229,376 | ---- | C] (Inner Media, Inc.) -- C:\Windows\SysWow64\duzactx.dll [2013.03.24 15:38:55 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX [2013.03.24 15:38:55 | 000,207,928 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\rtfexpt.dll [2013.03.24 15:38:55 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX [2013.03.24 15:38:55 | 000,130,104 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\textexpt.dll [2013.03.24 15:38:55 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL [2013.03.24 15:38:55 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2013.03.24 15:38:54 | 002,411,008 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\PEGRP32B.DLL [2013.03.24 15:38:54 | 001,427,456 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pegrp32a.dll [2013.03.24 15:38:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mfc42loc.dll [2013.03.24 15:38:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\mh-software shared [2013.03.24 15:38:12 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX [2013.03.24 15:38:12 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2013.03.24 15:38:12 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL [2013.03.24 15:37:05 | 000,000,000 | ---D | C] -- C:\Berechnungen [2013.03.21 22:42:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\Qtrax [2013.03.21 22:42:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX [2013.03.21 22:41:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.03.21 22:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.03.21 22:41:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\BabSolution [2013.03.21 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.03.21 22:41:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Delta [2013.03.21 22:41:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\PC Speed Maximizer [2013.03.21 22:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer [2013.03.21 22:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer [2013.03.21 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DealPly [2013.03.21 22:41:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [2013.03.21 22:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly [2013.03.21 22:41:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Babylon [2013.03.21 22:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.03.21 22:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.19 23:54:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Macromedia [2013.03.19 22:14:08 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.19 22:14:08 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.19 22:14:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.03.17 15:18:22 | 000,106,496 | ---- | C] (Syntek Ltd.) -- C:\Windows\SysNative\drivers\STK02NW2.sys [2013.03.17 15:18:22 | 000,101,520 | ---- | C] (Syntek Ltd.) -- C:\Windows\SysWow64\drivers\STK02NW2.sys [2013.03.17 15:18:22 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\STK02NP.ax [2013.03.17 15:18:22 | 000,033,728 | ---- | C] (Syntek Ltd.) -- C:\Windows\SysWow64\drivers\STK02NW1.sys [2013.03.17 15:18:22 | 000,028,416 | ---- | C] (Syntek Ltd.) -- C:\Windows\SysNative\drivers\STK02NW1.sys [2013.03.17 15:18:21 | 000,000,000 | ---D | C] -- C:\Windows\STK02N [2013.03.17 15:17:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\InstallShield [2013.03.15 12:09:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.15 12:09:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.15 12:09:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.15 12:09:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.15 12:09:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.15 12:09:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.15 12:09:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.15 12:09:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.15 12:09:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.15 12:09:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.15 12:09:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.15 12:09:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.15 12:09:03 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.15 12:09:03 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.15 12:09:03 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.15 12:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 20:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 20:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight ========== Files - Modified Within 30 Days ========== [2013.04.06 15:54:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.06 15:54:30 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys [2013.04.06 15:53:46 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.06 14:47:03 | 002,653,550 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.06 14:47:03 | 001,392,694 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.06 14:47:03 | 000,793,498 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.06 14:47:03 | 000,402,544 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2013.04.06 14:47:03 | 000,374,426 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013.04.06 14:47:03 | 000,252,008 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2013.04.06 14:47:03 | 000,062,698 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2013.04.06 14:47:03 | 000,053,986 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013.04.06 14:47:03 | 000,046,144 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2013.04.06 14:47:03 | 000,030,700 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013.04.06 14:47:03 | 000,030,472 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2013.04.06 14:47:03 | 000,029,924 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013.04.06 14:47:03 | 000,029,170 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2013.04.06 14:47:03 | 000,027,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.06 14:47:03 | 000,017,460 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2013.04.06 14:47:03 | 000,016,518 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013.04.06 14:47:03 | 000,016,222 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013.04.06 14:47:03 | 000,016,164 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2013.04.06 14:47:03 | 000,013,980 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2013.04.06 14:47:03 | 000,013,980 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.06 14:47:03 | 000,013,334 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2013.04.06 14:33:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 14:33:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 14:28:35 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat [2013.04.05 15:37:24 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.04.04 22:34:50 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.04 22:34:50 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.02 13:18:50 | 000,001,536 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.03.31 16:31:39 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.03.30 18:57:29 | 000,002,082 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.03.29 23:12:53 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini [2013.03.29 23:01:25 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2013.03.29 23:01:25 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013.03.26 07:48:47 | 000,001,021 | ---- | M] () -- C:\Users\Chris\Desktop\Dropbox.lnk [2013.03.25 22:00:32 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.24 15:39:40 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\mh-Viewer.lnk [2013.03.24 15:39:40 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\mh-software.lnk [2013.03.21 22:51:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.21 22:51:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.19 22:14:58 | 000,002,257 | ---- | M] () -- C:\Users\Chris\Desktop\Internetbrowser.lnk ========== Files Created - No Company Name ========== [2013.04.06 14:28:35 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat [2013.03.29 23:01:25 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2013.03.29 23:01:25 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013.03.29 23:01:24 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk [2013.03.25 22:00:32 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.24 15:39:40 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\mh-Viewer.lnk [2013.03.24 15:39:40 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\mh-software.lnk [2013.03.24 15:39:05 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp [2013.03.24 15:38:54 | 000,450,560 | ---- | C] () -- C:\Windows\SysWow64\PEGRC32B.dll [2013.03.24 15:38:54 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\PEGRC32A.dll [2013.03.24 15:38:52 | 019,046,912 | ---- | C] () -- C:\Windows\SysWow64\Mh3dGlob10.dll [2013.03.24 15:38:51 | 001,283,072 | ---- | C] () -- C:\Windows\SysWow64\MhCglobal10.dll [2013.03.21 22:42:15 | 000,002,385 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk [2013.03.19 22:14:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2011.12.14 00:29:07 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{43BDCD5B-9FA8-4D4C-81D0-542B03A53EC7} [2011.10.18 00:55:32 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.07.02 20:50:08 | 000,608,792 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2010.09.17 03:58:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F < End of report > |
|
06.04.2013, 17:32
| #2 |
| /// TB-Ausbilder  | Blackscreen nach Boot!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Scan mit Combofix
__________________ |
|
06.04.2013, 17:33
| #3 |
| /// Helfer-Team | Blackscreen nach BootDie Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - [2013.03.31 16:31:39 | 000,968,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013.03.06 10:59:12 | 002,569,168 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
[2010.09.17 03:58:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F
[2013.03.29 23:01:25 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2013.03.29 23:01:25 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Chris\*.tmp
C:\Users\Chris\AppData\*.dll
C:\Users\Chris\AppData\*.exe
C:\Users\Chris\AppData\Local\Temp\*.exe
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade Dir bitte  Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
06.04.2013, 18:34
| #4 |
| | Blackscreen nach BootCode:
ATTFilter ComboFix 13-04-06.02 - Chris 06.04.2013 19:22:11.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3949.3169 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyIE64.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\DealPlyUpdateVer.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\FullRemove.exe
c:\users\Chris\4.0
c:\windows\msvcr71.dll
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-06 bis 2013-04-06 ))))))))))))))))))))))))))))))
.
.
2013-04-06 17:30 . 2013-04-06 17:30 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-04-06 17:30 . 2013-04-06 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\programdata\Malwarebytes
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-06 13:33 . 2012-12-14 14:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\users\Chris\AppData\Local\Programs
2013-04-06 12:18 . 2013-04-06 12:18 -------- d-----w- C:\found.000
2013-03-29 21:01 . 2012-08-23 10:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe
2013-03-29 21:01 . 2012-08-23 10:31 26488 ----a-w- c:\windows\system32\authuitu.dll
2013-03-29 21:01 . 2012-08-23 10:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-03-29 21:01 . 2013-03-29 21:01 -------- d-----w- c:\users\Chris\AppData\Roaming\AVG
2013-03-29 21:00 . 2013-03-29 21:01 -------- d-----w- c:\programdata\AVG
2013-03-29 21:00 . 2013-03-29 21:00 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-03-29 20:23 . 2013-03-29 20:23 -------- d-----w- c:\users\Chris\AppData\Local\AVG Secure Search
2013-03-29 20:23 . 2013-03-29 20:23 -------- d-----w- c:\programdata\AVG Secure Search
2013-03-29 20:23 . 2013-03-31 14:31 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-29 20:23 . 2013-03-29 20:23 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-03-29 20:23 . 2013-03-31 14:32 -------- d-----w- c:\program files (x86)\AVG Secure Search
2013-03-26 18:57 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-26 18:41 . 2013-03-26 18:41 -------- d-----w- c:\windows\SysWow64\Extensions
2013-03-26 18:41 . 2013-03-26 18:41 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-03-25 20:00 . 2013-03-25 20:00 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2013-03-25 20:00 . 2013-03-25 20:00 -------- d-----w- c:\program files (x86)\VideoLAN
2013-03-24 13:40 . 2013-03-24 13:40 -------- d-----w- c:\users\Chris\AppData\Roaming\mh-software
2013-03-24 13:39 . 2003-11-12 12:17 567848 ----a-w- c:\program files\Common Files\Microsoft Shared\dao\dao360.dll
2013-03-24 13:37 . 2013-03-24 13:37 -------- d-----w- C:\Berechnungen
2013-03-24 13:36 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-03-24 13:36 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-03-24 13:36 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-03-24 13:36 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-03-24 13:36 . 2004-10-22 01:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-03-24 13:36 . 2004-10-22 01:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-03-24 13:36 . 2013-03-24 13:36 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-03-24 13:36 . 2013-03-24 13:36 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-03-19 21:54 . 2013-03-19 21:54 -------- d-----w- c:\users\Chris\AppData\Local\Macromedia
2013-03-19 20:14 . 2013-03-21 20:51 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-19 20:14 . 2013-03-21 20:51 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-19 20:14 . 2013-03-19 20:14 -------- d-----w- c:\windows\system32\Macromed
2013-03-17 13:18 . 2007-03-12 13:28 40960 ----a-w- c:\windows\SysWow64\STK02NP.ax
2013-03-17 13:18 . 2007-03-12 13:26 28416 ----a-w- c:\windows\system32\drivers\STK02NW1.sys
2013-03-17 13:18 . 2007-03-12 13:26 106496 ----a-w- c:\windows\system32\drivers\STK02NW2.sys
2013-03-17 13:18 . 2007-03-12 13:25 33728 ----a-w- c:\windows\SysWow64\drivers\STK02NW1.sys
2013-03-17 13:18 . 2007-03-12 13:25 101520 ----a-w- c:\windows\SysWow64\drivers\STK02NW2.sys
2013-03-17 13:18 . 2013-03-17 13:18 -------- d-----w- c:\windows\STK02N
2013-03-17 13:17 . 2013-03-17 13:17 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield
2013-03-15 10:08 . 2013-02-02 06:58 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-03-14 18:23 . 2013-03-14 18:23 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-14 18:23 . 2013-03-14 18:23 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 22:40 . 2013-02-26 22:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-02-14 02:52 . 2013-02-14 02:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-02-12 05:45 . 2013-03-14 11:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 11:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 11:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 11:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 11:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 11:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-08 03:37 . 2013-02-08 03:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-02-08 03:37 . 2013-02-08 03:37 311096 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-02-08 03:37 . 2013-02-08 03:37 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-02-08 03:37 . 2013-02-08 03:37 206136 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-02-08 03:37 . 2013-02-08 03:37 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-01-13 21:17 . 2013-02-27 18:45 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 18:45 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 18:45 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 18:45 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 18:45 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 18:45 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 18:45 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 18:45 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 18:45 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 18:45 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 18:45 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 18:45 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 18:45 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 18:45 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 18:45 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 18:45 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 18:45 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 18:45 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 18:45 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 18:45 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 18:45 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 18:45 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 18:45 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 18:45 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 18:45 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 18:45 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 18:45 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 18:45 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 18:45 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 18:45 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 18:45 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 18:45 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 18:45 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 18:45 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 18:45 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 18:45 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 18:45 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 18:45 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 18:45 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 18:45 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-01-23 12:24 247704 ----a-w- c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261125~1.80\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"G Data AntiVirus Tray Application"=c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
"GDFirewallTray"=c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-26 246072]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/09/16 18:48];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-02-24 18:14 146928]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\DRIVERS\STK02NW2.sys [2007-03-12 106496]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 202752]
R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R4 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2013-02-19 1418184]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-02-27 4937264]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624]
R4 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-03-06 2569168]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-17 1431888]
R4 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe [2010-08-11 4018504]
R4 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216]
R4 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R4 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-03-31 968880]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys [2010-08-11 117328]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys [2010-08-11 40016]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [2010-08-11 215120]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [2010-08-11 43600]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-14 239416]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-31 39768]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 12:05 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 20:51]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 01:58]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 01:58]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2010-08-11 12:01 129864 ----a-w- c:\program files\OO Software\DiskImage\oodishi.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=08104E5D600379BF
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{45474191-24C0-48B8-B758-A8C1EC2871EF}\84F64756C6F5D4F6E6963616F543: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{99985665-B2C2-4B1E-9D0F-7AB091686B92}: NameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\28bu7e8y.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=08104E5D600379BF
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 081007550000000000004e5d600379bf
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15785
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.021:41
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
BHO-{EF7BD87A-8024-11E2-F316-F3E56188709B} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-GeoGebra 4 - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI05.00.00.01PRO"="2BBE7017278DF513F32DAD2DE3B08D361F054A5331EA46BE028F0A6F4AC5F01EBE08681104C2F23F188F3794D1DEDAFA1C3AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6171C11EC38DE3DA6171C11EC38DE3DCEED129F49E56161256D7238606274A21C418058743D3C6DDB2575903933F8978AA4AAD148A098486A46A0F2A3F95900CAC1CB390B46452A3F4DB77B20BAFB492BF9F2CCDB54C6A9A597D53B519185A89D3A0D23C42EE58E5A3600870EFBE96E4A487B03CC44C2A299B736C6EE3476CF23951E2A8467DE7C2D82FD47E176683BF00FE7A9191734577E9D790B3854F9A6E2E6EBA7E14EC2D8287F7296B28970E19F70EDBAF2589B6C01E36C431A46B1E4D4627636A81EF78BB119B410477ECE1EC8345BF6BD77480FC04C70EF38C095C666615536D7F9BD81A4612E171CFEA3ADD2C48D5C15C761EBD13A76D1E761708C77E0AFCC23E5A1AACC8EDC4FE297E3D298B1F735C60260B63B350BF2B5A760F85F004461F24B877CEF7AD422FE3DD750EAACA28953BF9226FA69C71BDEF85953E405E3206178276FC0233BBC89C49DF28B8DA8A6EF801BF300A65DDC561E20E84658F2793E9E0D80EAA949914F69A507315038A08629EDDF2F60108941C1D0883488EC218D53972F8BD4CED3CE4934DE8811954D357F56AB5F2FB8B7FB76DA84D2445C10070FFC81368EADFD4066614EAE151945CCB0719E5CCFC344152E00B63DE16481163042006EE35C4C88A71B3037C1AAE8D2C93103E620B0CD4D4357F8FED83A765A77C436308864C0C65722E32AA34D5881C0DAA7B3A493369CF0CA2C1948A5B2278AB436E95064A0C9A30BC8816713FAC56B89DEE90715A6AC581BB3816E063E03731513FA3610F3171FBE44AC6222F9C0842901259073085D7E59F6A0B24B65AA9EBDE63C582B08E641F9C18E0AB6C4482DFC65F633FA8B404AECE1D29CFA380E5DD9CC7777116F26624C2E7E799F0DE6689A6DE10113239B098F63E959AE0B4F66E96768FAB07D74C21C7AC6EF4148591DE97B5E343386EAEA52EF2BB99375C6D1C15A436C8B4D2703A19CA6CF12B191172CF45927E631DA041600CEB26A54801E094E2EF839B9C62BE90FD1209C46B405EFC5B1D84F61CF4D120D835D8848BAAA3BEF41F162660F24544FEE0C01499BFA1D5C3B6FA01B60A25197E8F5D8B3E9BF296F0C4FC4B6713E18DE99E172BF54716CAABEB1A2A456C43324935ED6C0B50575018FA9B4D312AA3CC2DF95B8F42141EA27788BB189AFD869B90D9A13D9F70818DFC3BE98AB497F1E84C4BCAEF5F6AA7CCD180D3F989F657AE353D4B53043BA5DC68F7168EFA4386EB23F944316FE53559C42E9CDE50D5842B25658753758F1E475D446B3146332"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-06 19:32:48
ComboFix-quarantined-files.txt 2013-04-06 17:32
.
Vor Suchlauf: 12 Verzeichnis(se), 61.018.263.552 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 60.719.833.088 Bytes frei
.
- - End Of File - - BA0287DC5AC6A3BB97D8633DAF367D42
|
|
06.04.2013, 18:58
| #5 |
| /// TB-Ausbilder | Blackscreen nach Boot Alles klar, machen wir mal weiter: Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3: Nochmals mit Combofix bitte.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
06.04.2013, 19:27
| #6 |
| | Blackscreen nach BootCode:
ATTFilter # AdwCleaner v2.200 - Datei am 06/04/2013 um 19:47:10 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Chris - CHRIS-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : F:\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\28bu7e8y.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\28bu7e8y.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\28bu7e8y.default\searchplugins\delta.xml
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Chris\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\Chris\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\28bu7e8y.default\extensions\amo@dealplyshopping.com
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\28bu7e8y.default\extensions\ffxtlbr@delta.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKCU\Software\5bedfd9b43be944
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5bedfd9b43be944
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=08104E5D600379BF --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\28bu7e8y.default\prefs.js
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\28bu7e8y.default\user.js ... Gelöscht !
Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntr[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Delta Search");
Gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=08104[...]
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("browser.search.order.1", "Delta Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId[...]
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.id", "081007550000000000004e5d600379bf");
Gelöscht : user_pref("extensions.delta.instlDay", "15785");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.021:41:27");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
-\\ Google Chrome v26.0.1410.43
Datei : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [13871 octets] - [06/04/2013 19:46:22]
AdwCleaner[S1].txt - [13475 octets] - [06/04/2013 19:47:10]
########## EOF - C:\AdwCleaner[S1].txt - [13536 octets] ##########
|
|
06.04.2013, 19:28
| #7 | |
| /// TB-Ausbilder | Blackscreen nach BootZitat:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
06.04.2013, 19:41
| #8 |
| | Blackscreen nach BootCode:
ATTFilter ComboFix 13-04-06.02 - Chris 06.04.2013 20:29:57.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3949.3146 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-06 bis 2013-04-06 ))))))))))))))))))))))))))))))
.
.
2013-04-07 04:09 . 2013-04-07 04:09 -------- d-----w- C:\found.001
2013-04-06 18:36 . 2013-04-06 18:36 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-04-06 18:36 . 2013-04-06 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-06 17:45 . 2013-04-06 17:45 -------- d-----w- C:\_OTL
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\programdata\Malwarebytes
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-06 13:33 . 2012-12-14 14:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\users\Chris\AppData\Local\Programs
2013-04-06 12:18 . 2013-04-06 12:18 -------- d-----w- C:\found.000
2013-03-29 21:01 . 2012-08-23 10:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe
2013-03-29 21:01 . 2012-08-23 10:31 26488 ----a-w- c:\windows\system32\authuitu.dll
2013-03-29 21:01 . 2012-08-23 10:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-03-29 21:01 . 2013-03-29 21:01 -------- d-----w- c:\users\Chris\AppData\Roaming\AVG
2013-03-29 21:00 . 2013-03-29 21:01 -------- d-----w- c:\programdata\AVG
2013-03-29 21:00 . 2013-03-29 21:00 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-03-29 20:23 . 2013-03-31 14:31 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-26 18:57 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-26 18:41 . 2013-03-26 18:41 -------- d-----w- c:\windows\SysWow64\Extensions
2013-03-26 18:41 . 2013-03-26 18:41 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-03-25 20:00 . 2013-03-25 20:00 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2013-03-25 20:00 . 2013-03-25 20:00 -------- d-----w- c:\program files (x86)\VideoLAN
2013-03-24 13:40 . 2013-03-24 13:40 -------- d-----w- c:\users\Chris\AppData\Roaming\mh-software
2013-03-24 13:39 . 2003-11-12 12:17 567848 ----a-w- c:\program files\Common Files\Microsoft Shared\dao\dao360.dll
2013-03-24 13:37 . 2013-03-24 13:37 -------- d-----w- C:\Berechnungen
2013-03-24 13:36 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-03-24 13:36 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-03-24 13:36 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-03-24 13:36 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-03-24 13:36 . 2004-10-22 01:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-03-24 13:36 . 2004-10-22 01:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-03-24 13:36 . 2013-03-24 13:36 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-03-24 13:36 . 2013-03-24 13:36 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-03-21 20:42 . 2013-03-21 20:42 69632 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{A3E9BA4F-2C4C-41F7-B7E0-6F47137688A2}\ARPPRODUCTICON.exe
2013-03-21 20:42 . 2013-03-21 20:42 49152 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{A3E9BA4F-2C4C-41F7-B7E0-6F47137688A2}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-03-21 20:42 . 2013-03-21 20:42 -------- d-----w- c:\users\Chris\Qtrax
2013-03-21 20:41 . 2013-03-21 20:41 -------- d-----w- c:\users\Chris\AppData\Roaming\PC Speed Maximizer
2013-03-21 20:41 . 2013-03-21 20:41 -------- d-----w- c:\program files (x86)\PC Speed Maximizer
2013-03-19 21:54 . 2013-03-19 21:54 -------- d-----w- c:\users\Chris\AppData\Local\Macromedia
2013-03-19 20:14 . 2013-03-21 20:51 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-19 20:14 . 2013-03-21 20:51 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-19 20:14 . 2013-03-19 20:14 -------- d-----w- c:\windows\system32\Macromed
2013-03-17 13:18 . 2007-03-12 13:28 40960 ----a-w- c:\windows\SysWow64\STK02NP.ax
2013-03-17 13:18 . 2007-03-12 13:26 28416 ----a-w- c:\windows\system32\drivers\STK02NW1.sys
2013-03-17 13:18 . 2007-03-12 13:26 106496 ----a-w- c:\windows\system32\drivers\STK02NW2.sys
2013-03-17 13:18 . 2007-03-12 13:25 33728 ----a-w- c:\windows\SysWow64\drivers\STK02NW1.sys
2013-03-17 13:18 . 2007-03-12 13:25 101520 ----a-w- c:\windows\SysWow64\drivers\STK02NW2.sys
2013-03-17 13:18 . 2013-03-17 13:18 -------- d-----w- c:\windows\STK02N
2013-03-17 13:17 . 2013-03-17 13:17 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield
2013-03-15 10:08 . 2013-02-02 06:58 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-03-14 18:23 . 2013-03-14 18:23 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-14 18:23 . 2013-03-14 18:23 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 22:40 . 2013-02-26 22:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-02-14 02:52 . 2013-02-14 02:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-02-12 05:45 . 2013-03-14 11:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 11:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 11:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 11:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 11:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 11:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-08 03:37 . 2013-02-08 03:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-02-08 03:37 . 2013-02-08 03:37 311096 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-02-08 03:37 . 2013-02-08 03:37 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-02-08 03:37 . 2013-02-08 03:37 206136 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-02-08 03:37 . 2013-02-08 03:37 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-01-13 21:17 . 2013-02-27 18:45 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 18:45 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 18:45 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 18:45 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 18:45 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 18:45 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 18:45 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 18:45 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 18:45 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 18:45 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 18:45 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 18:45 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 18:45 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 18:45 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 18:45 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 18:45 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 18:45 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 18:45 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 18:45 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 18:45 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 18:45 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 18:45 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 18:45 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 18:45 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 18:45 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 18:45 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 18:45 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 18:45 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 18:45 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 18:45 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 18:45 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 18:45 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 18:45 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 18:45 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 18:45 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 18:45 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 18:45 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 18:45 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 18:45 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 18:45 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"G Data AntiVirus Tray Application"=c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
"GDFirewallTray"=c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-26 246072]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/09/16 18:48];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-02-24 18:14 146928]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\DRIVERS\STK02NW2.sys [2007-03-12 106496]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 202752]
R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R4 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2013-02-19 1418184]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-02-27 4937264]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-17 1431888]
R4 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe [2010-08-11 4018504]
R4 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216]
R4 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys [2010-08-11 117328]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys [2010-08-11 40016]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [2010-08-11 215120]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [2010-08-11 43600]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-14 239416]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-31 39768]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 12:05 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 20:51]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 01:58]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 01:58]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2010-08-11 12:01 129864 ----a-w- c:\program files\OO Software\DiskImage\oodishi.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{45474191-24C0-48B8-B758-A8C1EC2871EF}\84F64756C6F5D4F6E6963616F543: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{99985665-B2C2-4B1E-9D0F-7AB091686B92}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\28bu7e8y.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI05.00.00.01PRO"="2BBE7017278DF513F32DAD2DE3B08D361F054A5331EA46BE028F0A6F4AC5F01EBE08681104C2F23F188F3794D1DEDAFA1C3AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6171C11EC38DE3DA6171C11EC38DE3DCEED129F49E56161256D7238606274A21C418058743D3C6DDB2575903933F8978AA4AAD148A098486A46A0F2A3F95900CAC1CB390B46452A3F4DB77B20BAFB492BF9F2CCDB54C6A9A597D53B519185A89D3A0D23C42EE58E5A3600870EFBE96E4A487B03CC44C2A299B736C6EE3476CF23951E2A8467DE7C2D82FD47E176683BF00FE7A9191734577E9D790B3854F9A6E2E6EBA7E14EC2D8287F7296B28970E19F70EDBAF2589B6C01E36C431A46B1E4D4627636A81EF78BB119B410477ECE1EC8345BF6BD77480FC04C70EF38C095C666615536D7F9BD81A4612E171CFEA3ADD2C48D5C15C761EBD13A76D1E761708C77E0AFCC23E5A1AACC8EDC4FE297E3D298B1F735C60260B63B350BF2B5A760F85F004461F24B877CEF7AD422FE3DD750EAACA28953BF9226FA69C71BDEF85953E405E3206178276FC0233BBC89C49DF28B8DA8A6EF801BF300A65DDC561E20E84658F2793E9E0D80EAA949914F69A507315038A08629EDDF2F60108941C1D0883488EC218D53972F8BD4CED3CE4934DE8811954D357F56AB5F2FB8B7FB76DA84D2445C10070FFC81368EADFD4066614EAE151945CCB0719E5CCFC344152E00B63DE16481163042006EE35C4C88A71B3037C1AAE8D2C93103E620B0CD4D4357F8FED83A765A77C436308864C0C65722E32AA34D5881C0DAA7B3A493369CF0CA2C1948A5B2278AB436E95064A0C9A30BC8816713FAC56B89DEE90715A6AC581BB3816E063E03731513FA3610F3171FBE44AC6222F9C0842901259073085D7E59F6A0B24B65AA9EBDE63C582B08E641F9C18E0AB6C4482DFC65F633FA8B404AECE1D29CFA380E5DD9CC7777116F26624C2E7E799F0DE6689A6DE10113239B098F63E959AE0B4F66E96768FAB07D74C21C7AC6EF4148591DE97B5E343386EAEA52EF2BB99375C6D1C15A436C8B4D2703A19CA6CF12B191172CF45927E631DA041600CEB26A54801E094E2EF839B9C62BE90FD1209C46B405EFC5B1D84F61CF4D120D835D8848BAAA3BEF41F162660F24544FEE0C01499BFA1D5C3B6FA01B60A25197E8F5D8B3E9BF296F0C4FC4B6713E18DE99E172BF54716CAABEB1A2A456C43324935ED6C0B50575018FA9B4D312AA3CC2DF95B8F42141EA27788BB189AFD869B90D9A13D9F70818DFC3BE98AB497F1E84C4BCAEF5F6AA7CCD180D3F989F657AE353D4B53043BA5DC68F7168EFA4386EB23F944316FE53559C42E9CDE50D5842B25658753758F1E475D446B3146332"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-06 20:39:17
ComboFix-quarantined-files.txt 2013-04-06 18:39
ComboFix2.txt 2013-04-06 17:32
.
Vor Suchlauf: 21 Verzeichnis(se), 60.624.920.576 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 60.526.399.488 Bytes frei
.
- - End Of File - - 72D42A2AC44CDCBF089D39249707500F
|
|
06.04.2013, 19:43
| #9 |
| /// TB-Ausbilder | Blackscreen nach Boot Hier finde ich Einträge von AVG und G-Data ... was für ein Virenscanner ist denn jetzt installiert?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
06.04.2013, 19:49
| #10 |
| | Blackscreen nach Boot G-DATA war als 30-Tage Testversion installiert, wurde aber deinstalliert nach Ablauf und durch AVG ersetzt |
|
06.04.2013, 20:03
| #11 |
| /// TB-Ausbilder | Blackscreen nach Boot Hm benutze mal bitte dieses Removetool um die Reste zu entfernen: https://www.gdatasoftware.co.uk/?eID...3%3AAFEIBgU%3D Ausserdem hast du schon MBAM benutzt. Gibt es dazu auch ein Logfile? Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Bitte Logfile von Malwarebytes.. Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3: Weiterer Scan mit Combofix.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
06.04.2013, 20:49
| #12 |
| | Blackscreen nach Boot MBAM: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.06.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Chris :: CHRIS-PC [Administrator] 06.04.2013 15:58:09 mbam-log-2013-04-06 (15-58-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 565583 Laufzeit: 1 Stunde(n), 31 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 C:\Users\Chris\Desktop\xf-adesk2012x32.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.200 - Datei am 06/04/2013 um 21:22:52 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Chris - CHRIS-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Chris\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\28bu7e8y.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v26.0.1410.43
Datei : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [13871 octets] - [06/04/2013 19:46:22]
AdwCleaner[S1].txt - [13592 octets] - [06/04/2013 19:47:10]
AdwCleaner[S2].txt - [1412 octets] - [06/04/2013 20:17:12]
AdwCleaner[S3].txt - [1095 octets] - [06/04/2013 21:22:52]
########## EOF - C:\AdwCleaner[S3].txt - [1155 octets] ##########
Code:
ATTFilter ComboFix 13-04-06.02 - Chris 06.04.2013 21:38:34.3.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3949.3138 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-06 bis 2013-04-06 ))))))))))))))))))))))))))))))
.
.
2013-04-07 04:09 . 2013-04-07 04:09 -------- d-----w- C:\found.001
2013-04-06 19:45 . 2013-04-06 19:45 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-04-06 19:45 . 2013-04-06 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-06 17:45 . 2013-04-06 17:45 -------- d-----w- C:\_OTL
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\programdata\Malwarebytes
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-06 13:33 . 2012-12-14 14:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\users\Chris\AppData\Local\Programs
2013-04-06 12:18 . 2013-04-06 12:18 -------- d-----w- C:\found.000
2013-03-29 21:01 . 2012-08-23 10:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe
2013-03-29 21:01 . 2012-08-23 10:31 26488 ----a-w- c:\windows\system32\authuitu.dll
2013-03-29 21:01 . 2012-08-23 10:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-03-29 21:01 . 2013-03-29 21:01 -------- d-----w- c:\users\Chris\AppData\Roaming\AVG
2013-03-29 21:00 . 2013-03-29 21:01 -------- d-----w- c:\programdata\AVG
2013-03-29 21:00 . 2013-03-29 21:00 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-03-29 20:23 . 2013-03-31 14:31 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-26 18:57 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-26 18:41 . 2013-03-26 18:41 -------- d-----w- c:\windows\SysWow64\Extensions
2013-03-26 18:41 . 2013-03-26 18:41 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-03-25 20:00 . 2013-03-25 20:00 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2013-03-25 20:00 . 2013-03-25 20:00 -------- d-----w- c:\program files (x86)\VideoLAN
2013-03-24 13:40 . 2013-03-24 13:40 -------- d-----w- c:\users\Chris\AppData\Roaming\mh-software
2013-03-24 13:39 . 2003-11-12 12:17 567848 ----a-w- c:\program files\Common Files\Microsoft Shared\dao\dao360.dll
2013-03-24 13:37 . 2013-03-24 13:37 -------- d-----w- C:\Berechnungen
2013-03-24 13:36 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-03-24 13:36 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-03-24 13:36 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-03-24 13:36 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-03-24 13:36 . 2004-10-22 01:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-03-24 13:36 . 2004-10-22 01:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-03-24 13:36 . 2013-03-24 13:36 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-03-24 13:36 . 2013-03-24 13:36 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-03-21 20:42 . 2013-03-21 20:42 69632 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{A3E9BA4F-2C4C-41F7-B7E0-6F47137688A2}\ARPPRODUCTICON.exe
2013-03-21 20:42 . 2013-03-21 20:42 49152 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{A3E9BA4F-2C4C-41F7-B7E0-6F47137688A2}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-03-21 20:42 . 2013-03-21 20:42 -------- d-----w- c:\users\Chris\Qtrax
2013-03-21 20:41 . 2013-03-21 20:41 -------- d-----w- c:\users\Chris\AppData\Roaming\PC Speed Maximizer
2013-03-21 20:41 . 2013-03-21 20:41 -------- d-----w- c:\program files (x86)\PC Speed Maximizer
2013-03-19 21:54 . 2013-03-19 21:54 -------- d-----w- c:\users\Chris\AppData\Local\Macromedia
2013-03-19 20:14 . 2013-03-21 20:51 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-19 20:14 . 2013-03-21 20:51 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-19 20:14 . 2013-03-19 20:14 -------- d-----w- c:\windows\system32\Macromed
2013-03-17 13:18 . 2007-03-12 13:28 40960 ----a-w- c:\windows\SysWow64\STK02NP.ax
2013-03-17 13:18 . 2007-03-12 13:26 28416 ----a-w- c:\windows\system32\drivers\STK02NW1.sys
2013-03-17 13:18 . 2007-03-12 13:26 106496 ----a-w- c:\windows\system32\drivers\STK02NW2.sys
2013-03-17 13:18 . 2007-03-12 13:25 33728 ----a-w- c:\windows\SysWow64\drivers\STK02NW1.sys
2013-03-17 13:18 . 2007-03-12 13:25 101520 ----a-w- c:\windows\SysWow64\drivers\STK02NW2.sys
2013-03-17 13:18 . 2013-03-17 13:18 -------- d-----w- c:\windows\STK02N
2013-03-17 13:17 . 2013-03-17 13:17 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield
2013-03-15 10:08 . 2013-02-02 06:58 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-03-14 18:23 . 2013-03-14 18:23 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-14 18:23 . 2013-03-14 18:23 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 22:40 . 2013-02-26 22:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-02-14 02:52 . 2013-02-14 02:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-02-12 05:45 . 2013-03-14 11:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 11:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 11:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 11:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 11:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 11:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-08 03:37 . 2013-02-08 03:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-02-08 03:37 . 2013-02-08 03:37 311096 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-02-08 03:37 . 2013-02-08 03:37 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-02-08 03:37 . 2013-02-08 03:37 206136 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-02-08 03:37 . 2013-02-08 03:37 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-01-13 21:17 . 2013-02-27 18:45 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 18:45 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 18:45 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 18:45 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 18:45 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 18:45 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 18:45 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 18:45 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 18:45 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 18:45 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 18:45 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 18:45 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 18:45 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 18:45 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 18:45 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 18:45 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 18:45 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 18:45 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 18:45 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 18:45 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 18:45 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 18:45 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 18:45 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 18:45 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 18:45 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 18:45 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 18:45 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 18:45 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 18:45 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 18:45 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 18:45 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 18:45 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 18:45 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 18:45 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 18:45 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 18:45 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 18:45 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 18:45 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 18:45 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 18:45 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 18:45 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"G Data AntiVirus Tray Application"=c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
"GDFirewallTray"=c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-26 246072]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/09/16 18:48];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-02-24 18:14 146928]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\DRIVERS\STK02NW2.sys [2007-03-12 106496]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 202752]
R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R4 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2013-02-19 1418184]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-02-27 4937264]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-17 1431888]
R4 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe [2010-08-11 4018504]
R4 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216]
R4 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys [2010-08-11 117328]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys [2010-08-11 40016]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [2010-08-11 215120]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [2010-08-11 43600]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-14 239416]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-31 39768]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 12:05 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 20:51]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 01:58]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 01:58]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2010-08-11 12:01 129864 ----a-w- c:\program files\OO Software\DiskImage\oodishi.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{45474191-24C0-48B8-B758-A8C1EC2871EF}\84F64756C6F5D4F6E6963616F543: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{99985665-B2C2-4B1E-9D0F-7AB091686B92}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\28bu7e8y.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI05.00.00.01PRO"="2BBE7017278DF513F32DAD2DE3B08D361F054A5331EA46BE028F0A6F4AC5F01EBE08681104C2F23F188F3794D1DEDAFA1C3AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6171C11EC38DE3DA6171C11EC38DE3DCEED129F49E56161256D7238606274A21C418058743D3C6DDB2575903933F8978AA4AAD148A098486A46A0F2A3F95900CAC1CB390B46452A3F4DB77B20BAFB492BF9F2CCDB54C6A9A597D53B519185A89D3A0D23C42EE58E5A3600870EFBE96E4A487B03CC44C2A299B736C6EE3476CF23951E2A8467DE7C2D82FD47E176683BF00FE7A9191734577E9D790B3854F9A6E2E6EBA7E14EC2D8287F7296B28970E19F70EDBAF2589B6C01E36C431A46B1E4D4627636A81EF78BB119B410477ECE1EC8345BF6BD77480FC04C70EF38C095C666615536D7F9BD81A4612E171CFEA3ADD2C48D5C15C761EBD13A76D1E761708C77E0AFCC23E5A1AACC8EDC4FE297E3D298B1F735C60260B63B350BF2B5A760F85F004461F24B877CEF7AD422FE3DD750EAACA28953BF9226FA69C71BDEF85953E405E3206178276FC0233BBC89C49DF28B8DA8A6EF801BF300A65DDC561E20E84658F2793E9E0D80EAA949914F69A507315038A08629EDDF2F60108941C1D0883488EC218D53972F8BD4CED3CE4934DE8811954D357F56AB5F2FB8B7FB76DA84D2445C10070FFC81368EADFD4066614EAE151945CCB0719E5CCFC344152E00B63DE16481163042006EE35C4C88A71B3037C1AAE8D2C93103E620B0CD4D4357F8FED83A765A77C436308864C0C65722E32AA34D5881C0DAA7B3A493369CF0CA2C1948A5B2278AB436E95064A0C9A30BC8816713FAC56B89DEE90715A6AC581BB3816E063E03731513FA3610F3171FBE44AC6222F9C0842901259073085D7E59F6A0B24B65AA9EBDE63C582B08E641F9C18E0AB6C4482DFC65F633FA8B404AECE1D29CFA380E5DD9CC7777116F26624C2E7E799F0DE6689A6DE10113239B098F63E959AE0B4F66E96768FAB07D74C21C7AC6EF4148591DE97B5E343386EAEA52EF2BB99375C6D1C15A436C8B4D2703A19CA6CF12B191172CF45927E631DA041600CEB26A54801E094E2EF839B9C62BE90FD1209C46B405EFC5B1D84F61CF4D120D835D8848BAAA3BEF41F162660F24544FEE0C01499BFA1D5C3B6FA01B60A25197E8F5D8B3E9BF296F0C4FC4B6713E18DE99E172BF54716CAABEB1A2A456C43324935ED6C0B50575018FA9B4D312AA3CC2DF95B8F42141EA27788BB189AFD869B90D9A13D9F70818DFC3BE98AB497F1E84C4BCAEF5F6AA7CCD180D3F989F657AE353D4B53043BA5DC68F7168EFA4386EB23F944316FE53559C42E9CDE50D5842B25658753758F1E475D446B3146332"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-06 21:47:34
ComboFix-quarantined-files.txt 2013-04-06 19:47
ComboFix2.txt 2013-04-06 18:39
ComboFix3.txt 2013-04-06 17:32
.
Vor Suchlauf: 22 Verzeichnis(se), 60.626.702.336 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 60.282.003.456 Bytes frei
.
- - End Of File - - EC9FF20BCF6895CAA41536CFF2075374
|
|
06.04.2013, 20:52
| #13 | |
| /// TB-Ausbilder | Blackscreen nach BootZitat:
Supportstopp Lesestoff:Cracks und Keygens Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen. Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
06.04.2013, 20:56
| #14 |
| | Blackscreen nach Boot Die Datei ist mir bereits bekannt, der Besitzer des Notebooks hat einen Email-Anhang geöffnet. Also nette Unterstellung, leider nur nicht zutreffend. |
|
| Themen zu Blackscreen nach Boot |
| adobe, avg, avg secure search, avg security toolbar, bho, bingbar, browserprotect.dll, cid, dealply, defender, explorer, fehlermeldung, firefox, flash player, format, frage, helper, home, logfile, mozilla, object, plug-in, registry, scan, schließen, secure search, security, software, stick, systemüberprüfung, temp, vtoolbarupdater, windows |
Linear-Darstellung
