Weißer Bildschirm nach anmelden PC Win7 64Bit

arthek · 08.05.2013, 09:35

Hallo Zusammen,

habe den Rechner von meinem Schwager hier der wahrscheinlich einen ähnlichen virus hat wie ich zuvor.

Wenn ich den Rechner hochfahre kommt mein anmelde Fenster. Wenn ich mich anmelde kommt der Weiße Bildschirm.

angesicherter Modus geht nicht weil er direkt wieder runterfährt.

Also habe ich es mit OTLPENet gemacht.

hier die otl log datei.

Code:

ATTFilter

OTL logfile created on: 5/8/2013 12:20:44 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.17 Mb Free Space | 74.17% Space Free | Partition Type: NTFS
Drive D: | 55.90 Gb Total Space | 5.76 Gb Free Space | 10.30% Space Free | Partition Type: NTFS
Drive I: | 465.66 Gb Total Space | 270.54 Gb Free Space | 58.10% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/09/08 13:29:56 | 000,204,288 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/12 09:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto] -- D:\Windows\System32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/22 02:17:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/03 17:17:45 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- D:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe -- (VideoDownloadConverter_4zService)
SRV - [2013/02/09 23:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto] -- D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/09 13:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/17 16:07:03 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/14 05:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/29 12:47:31 | 000,076,888 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/08 11:27:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 11:27:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/27 10:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto] -- D:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/10/21 20:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto] -- D:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/26 07:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto] -- D:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/19 01:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/09/20 00:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/09/20 00:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/06/27 04:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012/06/27 04:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2012/06/27 04:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2012/06/27 04:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2012/06/27 04:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2012/06/27 04:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012/06/27 04:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2012/06/27 04:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2012/06/22 10:56:44 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/08 11:27:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 11:27:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/08 12:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/11/14 12:07:02 | 000,530,488 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/10/11 09:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/09/08 14:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 12:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/12/10 01:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 01:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/22 03:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/27 09:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/10/27 09:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/27 09:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/10/27 09:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/10/27 09:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/10/27 09:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010/10/27 09:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/10/27 09:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/10/21 20:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/21 02:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/08/10 05:29:16 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- D:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/29 10:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\Björn_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
IE - HKU\Björn_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Björn_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Björn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
IE - HKU\Björn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Björn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Björn_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 6D 05 7A 6D 80 CC 01  [binary data]
IE - HKU\Björn_ON_D\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Björn_ON_D\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Björn_ON_D\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Björn_ON_D\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - Reg Error: Key error. File not found
IE - HKU\Björn_ON_D\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - D:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
IE - HKU\Björn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Björn_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: D:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/01 15:50:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 15:39:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/18 15:49:18 | 000,000,000 | ---D | M]
 
[2011/10/01 15:40:06 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Björn\AppData\Roaming\Mozilla\Extensions
[2013/04/24 14:45:16 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\hw2uqtu6.default\extensions
[2013/04/24 14:45:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\hw2uqtu6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/09 13:01:15 | 000,000,000 | ---D | M] (softonic.com) -- D:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\hw2uqtu6.default\extensions\ffxtlbra@softonic.com
[2013/02/01 15:30:04 | 000,000,000 | ---D | M] (Ask Toolbar) -- D:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\hw2uqtu6.default\extensions\toolbar@ask.com
[2013/02/01 15:24:27 | 000,002,412 | ---- | M] () -- D:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\hw2uqtu6.default\searchplugins\askcom.xml
[2012/08/09 13:01:15 | 000,002,062 | ---- | M] () -- D:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\hw2uqtu6.default\searchplugins\softonic.xml
[2012/05/01 15:54:25 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/01 15:54:25 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- D:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011/10/01 15:39:46 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/10/01 15:39:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- 
File not found (No name found) -- D:\USERS\BJÃ¶RN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HW2UQTU6.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- D:\USERS\BJÃ¶RN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HW2UQTU6.DEFAULT\EXTENSIONS\FFXTLBRA@SOFTONIC.COM
File not found (No name found) -- D:\USERS\BJÃ¶RN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HW2UQTU6.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2011/06/16 00:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - D:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - D:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - D:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - D:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - D:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - D:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - D:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - D:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - D:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - D:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - D:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - D:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - D:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\Björn_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Björn_ON_D\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - D:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3:64bit: - HKU\Björn_ON_D\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - D:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\Björn_ON_D\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - D:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\Björn_ON_D\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AgentMonitor]  File not found
O4 - HKLM..\Run: [ApnUpdater] D:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] D:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [BCU] D:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] D:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [JMB36X IDE Setup] D:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] D:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] D:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] D:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (VER_COMPANY_NAME)
O4 - HKU\Björn_ON_D..\Run: [] D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\Björn_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Björn_ON_D..\Run: [EADM]  File not found
O4 - HKU\Björn_ON_D..\Run: [KiesAirMessage] D:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\Björn_ON_D..\Run: [KiesPreload] D:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_D..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - D:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - D:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Björn_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Björn_ON_D Winlogon: Shell - (C:\Users\Björn\AppData\Roaming\skype.dat) - D:\Users\Björn\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1b72209e-2308-11e1-be0a-002683161870}\Shell - "" = AutoRun
O33 - MountPoints2\{1b72209e-2308-11e1-be0a-002683161870}\Shell\AutoRun\command - "" = K:\DPFMate.exe
O33 - MountPoints2\{1e32eb40-f5c9-11e0-8ee4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e32eb40-f5c9-11e0-8ee4-806e6f6e6963}\Shell\AutoRun\command - "" = L:\Autorun.exe
O33 - MountPoints2\{d77667a3-f0b9-11e0-86ed-002683161870}\Shell - "" = AutoRun
O33 - MountPoints2\{d77667a3-f0b9-11e0-86ed-002683161870}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/08 03:46:25 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{82F920AB-9E78-4EA2-B01C-FCF983BC26C8}
[2013/05/08 03:33:51 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{796570D8-5DFF-4457-927F-C10D363AD969}
[2013/05/08 03:26:34 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{6E24F824-338A-4E15-A235-395C8D268C6E}
[2013/05/07 11:43:44 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{0E70918B-7324-419D-9104-C475C02A7F7A}
[2013/05/06 12:05:16 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{FF6844BA-22E4-4DF5-8F46-2A0D858646C0}
[2013/05/05 06:47:43 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{83BF5461-2BE0-4074-91ED-530848FDB338}
[2013/05/03 11:50:37 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{1736BD54-3ED9-4C03-A978-9B70795DC681}
[2013/05/02 07:55:27 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{C6790F4F-86EE-4845-B382-11E40AC52B01}
[2013/05/01 12:56:34 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{597B2478-8001-400B-A675-A48214AB84E2}
[2013/04/29 11:53:20 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{2AD14251-DB60-4E66-991F-9DF25EAD38FB}
[2013/04/27 04:57:51 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{49865642-E895-4E23-B541-F767B2252FAE}
[2013/04/26 03:22:34 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{5B6395B3-0CD1-4A39-8B82-C3D3626A8F5B}
[2013/04/25 11:16:36 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{3DCB2257-6E22-4B4C-977E-91E8A253E81C}
[2013/04/24 11:43:26 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{D53FFC17-3DFA-4E59-8C4E-52087A782383}
[2013/04/22 02:17:47 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/21 12:29:43 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{893FACBF-62A2-4E5B-8D2B-07A4F428DB42}
[2013/04/20 12:59:20 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{63C77444-0796-4D25-A734-B6215355A03A}
[2013/04/19 06:03:51 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{D75FBC7F-13F4-4F0F-955F-CE65506883A7}
[2013/04/17 03:46:52 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{8A0CC811-A924-49A7-8619-717C4F003A42}
[2013/04/16 03:11:12 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{02355BD9-01A7-4D88-A6B3-A867B19DCE1A}
[2013/04/15 11:03:40 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{B9E2D684-24DB-4756-85E6-50C49969B4FF}
[2013/04/14 15:17:22 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{C5EA5584-151E-4770-BCE6-A0B0A645A0B2}
[2013/04/12 08:59:54 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{0BB2BFD7-96D5-41DF-8AE9-5CCB543AA664}
[2013/04/11 03:23:53 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{0CBAB47E-5ABA-4BD1-8B19-87859261A69F}
[2013/04/10 17:17:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/04/10 17:17:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/04/10 17:17:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/04/10 17:17:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/04/10 17:17:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/04/10 17:17:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/04/10 17:17:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/04/10 17:17:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/04/10 17:17:58 | 002,312,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/04/10 17:17:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/04/10 17:17:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/04/10 17:17:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/04/10 17:17:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/04/10 17:17:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/04/10 17:17:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/04/10 17:17:58 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/04/10 17:17:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/04/10 09:57:27 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{E58FF077-DC3C-44BF-9740-635635C3CA67}
[2013/04/10 09:53:44 | 003,717,632 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mstscax.dll
[2013/04/10 09:53:44 | 003,217,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mstscax.dll
[2013/04/10 09:53:44 | 000,158,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\aaclient.dll
[2013/04/10 09:53:44 | 000,131,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\aaclient.dll
[2013/04/10 09:53:44 | 000,044,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tsgqec.dll
[2013/04/10 09:53:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tsgqec.dll
[2013/04/10 09:53:41 | 005,550,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2013/04/10 09:53:41 | 003,968,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 09:53:41 | 003,913,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 09:53:41 | 000,112,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\smss.exe
[2013/04/10 09:53:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\csrsrv.dll
[2013/04/10 09:53:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\apisetschema.dll
[2013/04/09 09:06:34 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{DC730C71-401E-4EF9-8505-A7A8EA4AD0C7}
[2013/04/08 13:17:50 | 000,000,000 | ---D | C] -- D:\Users\Björn\AppData\Local\{95BBCB51-B5EC-40C2-BADB-C7EAB7F3DCF4}
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/08 03:47:35 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/05/08 03:47:23 | 4276,826,110 | -HS- | M] () -- D:\hiberfil.sys
[2013/05/08 03:46:34 | 000,014,016 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 03:46:34 | 000,014,016 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 03:46:28 | 000,000,004 | ---- | M] () -- D:\Users\Björn\AppData\Roaming\skype.ini
[2013/05/08 03:46:08 | 000,001,104 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/08 03:39:16 | 000,664,618 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/05/08 03:39:16 | 000,624,800 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/05/08 03:39:16 | 000,134,786 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/05/08 03:39:16 | 000,110,438 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/05/07 11:53:02 | 000,001,108 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/06 16:11:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/23 01:57:19 | 000,002,279 | ---- | M] () -- D:\Users\Björn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/23 01:57:19 | 000,002,255 | ---- | M] () -- D:\Users\Björn\Desktop\Google Chrome.lnk
[2013/04/22 02:55:49 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/22 02:17:07 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/22 02:17:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/11 03:23:04 | 000,338,616 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/07 11:39:27 | 000,000,004 | ---- | C] () -- D:\Users\Björn\AppData\Roaming\skype.ini
[2013/04/23 01:57:19 | 000,002,255 | ---- | C] () -- D:\Users\Björn\Desktop\Google Chrome.lnk
[2013/04/22 02:17:47 | 000,002,279 | ---- | C] () -- D:\Users\Björn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/24 11:38:57 | 000,000,581 | ---- | C] () -- D:\Users\Björn\AppData\Local\cookies.ini
[2012/09/26 14:57:16 | 000,030,568 | ---- | C] () -- D:\Windows\MusiccityDownload.exe
[2012/09/26 14:57:14 | 000,974,848 | ---- | C] () -- D:\Windows\SysWow64\cis-2.4.dll
[2012/09/26 14:57:14 | 000,081,920 | ---- | C] () -- D:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 14:57:14 | 000,065,536 | ---- | C] () -- D:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 14:57:14 | 000,057,344 | ---- | C] () -- D:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/01/11 08:02:41 | 000,098,304 | ---- | C] () -- D:\Users\Björn\AppData\Roaming\skype.dat
[2011/10/13 17:51:12 | 000,000,093 | ---- | C] () -- D:\Users\Björn\AppData\Local\fusioncache.dat
[2011/10/13 17:46:59 | 001,526,730 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/13 17:46:02 | 000,281,688 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/10/13 17:46:01 | 000,669,184 | ---- | C] () -- D:\Windows\SysWow64\pbsvc.exe
[2011/10/13 17:46:01 | 000,076,888 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/10/02 11:35:48 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/10/01 15:40:03 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2011/10/01 15:22:38 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/10/01 14:53:08 | 000,043,147 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2011/10/01 14:52:36 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/10/01 14:52:34 | 000,029,396 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/09/14 05:47:40 | 000,053,760 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2009/10/06 03:16:02 | 000,819,200 | ---- | C] () -- D:\Windows\SysWow64\xvidcore.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2011/10/01 18:08:08 | 000,000,000 | ---D | M] -- D:\ProgramData\1und1InternetExplorerAddon
[2011/10/01 14:45:44 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2012/12/03 17:21:32 | 000,000,000 | ---D | M] -- D:\ProgramData\Ask
[2012/10/16 12:05:45 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2012/10/16 12:22:57 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonEPP
[2012/10/16 12:23:47 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJEGV
[2012/10/16 12:22:57 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJEPPEX2
[2012/10/16 12:05:31 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJFAX
[2012/10/16 12:22:56 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJMyPrinter
[2012/10/16 12:27:28 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJSDU
[2012/10/16 12:22:58 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJSolutionMenuEX
[2012/10/16 12:20:03 | 000,000,000 | ---D | M] -- D:\ProgramData\CanonIJWSpt
[2011/10/01 15:42:00 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2011/10/01 14:45:44 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2011/10/01 18:08:08 | 000,000,000 | ---D | M] -- D:\ProgramData\DesktopIcons
[2011/10/01 14:45:44 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2013/03/18 16:10:52 | 000,000,000 | ---D | M] -- D:\ProgramData\DriverGenius
[2011/10/19 11:37:37 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2012/12/18 10:59:42 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2011/10/01 14:45:44 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2011/10/11 15:24:42 | 000,000,000 | ---D | M] -- D:\ProgramData\Futuremark
[2012/12/11 16:01:31 | 000,000,000 | ---D | M] -- D:\ProgramData\KONAMI
[2012/02/17 05:10:25 | 000,000,000 | ---D | M] -- D:\ProgramData\LightScribe
[2012/12/20 18:43:47 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin
[2012/08/23 07:33:01 | 000,000,000 | ---D | M] -- D:\ProgramData\RavensburgerTipToi
[2012/10/25 13:21:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Rockstar Games
[2012/10/10 14:40:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Samsung
[2011/10/01 14:45:44 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2011/10/01 18:08:08 | 000,000,000 | ---D | M] -- D:\ProgramData\UUdb
[2011/10/01 14:45:44 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/12/24 11:36:04 | 000,000,000 | ---D | M] -- D:\ProgramData\VTech
[2011/10/19 11:14:51 | 000,000,000 | -H-D | M] -- D:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2013/03/28 11:26:59 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

ich hoffe ihr könnt mir so super weiter helfen wie bei meinem eigenen virus..

danke schonmal..

gruß arthek

ryder · 08.05.2013, 10:20

!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.

Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:

Bitte lesen:
Regeln für die Bereinigung

Illegal genutzte Software
Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
Keine Garantie
Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
Keine Alleingänge
Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
Aufmerksam lesen und nachfragen
Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
Richtig antworten
- Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
- Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss.
- Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
  [CODE] (Logfile) [/CODE]
- Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten.
Keine privaten Nachrichten
Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
Wie läuft die Bereinigung ab?
Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.

Computer mit Combofix entsperren

Warnung: Diese Anleitung ist nur für diesen speziellen Fall gedacht und kann andere Computer evtl. schwer beschädigen. Zudem darf Combofix nur ausgeführt werden, wenn dies von einem erfahrenen Helfer angewiesen wird!

Combofix kopieren
- Lade dir Combofix an einem sauberen Rechner (evtl. Nachbar, Freund, ...) von einem dieser Downloadlinks: Link
- Kopiere die Datei auf deinen USB-Stick (nicht in einen Unterordner!)
Start mit Eingabeaufforderung
- Schliesse den präparierten USB-Stick an den infizierten Rechner an und starte ihn.
- Drücke beim Start einige Male die F8-Taste bis das Bootmenü von Windows erscheint und wähle Abgesicherter Modus mit Eingabeaufforderung.
- Nach einigen Sekunden sollte ein schwarzes Fenster mit dem blinkenden Cursor erscheinen.
Combofix starten
- Tippe explorer (Enter)
- Finde den USB-Stick und starte Combofix mit einem Doppelklick.
- Sollte es versuchen die Wiederherstellungskonsole zu installieren, dann lasse dies zu.
- Übergehe alle anderen Warnungen mit OK.
Logfile posten
- Es könnte eine Warnung erscheinen, ob du wieder den abgesicherten Modus ausführen willst. Klicke dann JA.
- Entweder wird ein Editor angezeigt oder das Logfile befindet sich hier: c:\combofix.txt
- Poste mir dieses Logfile in CODE-Tags (#-Symbol im Forumseditor anklicken)
- Sollte ein Fehler kommen, dass ein Registrierungsschlüssel einem ungültigem Vorgang unterzogen wurde, dann starte den Rechner neu. Das behebt das Problem.

arthek · 08.05.2013, 10:43

habe folgenden fehler :

combofix hat festgestellt das folgende Realtimescanner aktiv sind
antivirus : avira dekstop
antispyware: avira desktop
....
Bitte deaktiviere diese Scanner, bevor du auf OK klickst

ryder · 08.05.2013, 10:50

Du liest aber auch schon was ich dir schreibe?

Zitat:

Übergehe alle anderen Warnungen mit OK.

arthek · 08.05.2013, 10:59

Zitat:

Zitat von ryder

Du liest aber auch schon was ich dir schreibe?

ja hab ich natürlich gelesen... habe es auch gemacht und der hat nix gemacht darauf so als ob er combofix einfach wieder beendet hat..

habe es jetzt nochmal gestartet und es hat geklappt..

hier der log

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 13-05-08.02 - Bjˆrn 08.05.2013  13:54:34.1.8 - x64 MINIMAL
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.16361.15249 [GMT 2:00]
ausgef¸hrt von:: K:\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\7Loader.TAG
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-08 bis 2013-05-08  ))))))))))))))))))))))))))))))
.
.
2013-05-08 11:56 . 2013-05-08 11:56	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-05-08 11:56 . 2013-05-08 11:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-08 11:50 . 2013-05-08 11:50	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EDCE831-BD87-4457-AB01-96B2D3235DFD}\offreg.dll
2013-05-08 07:46 . 2013-05-08 07:46	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{82F920AB-9E78-4EA2-B01C-FCF983BC26C8}
2013-05-08 07:33 . 2013-05-08 07:33	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{796570D8-5DFF-4457-927F-C10D363AD969}
2013-05-08 07:26 . 2013-05-08 07:26	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{6E24F824-338A-4E15-A235-395C8D268C6E}
2013-05-07 15:43 . 2013-05-07 15:43	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{0E70918B-7324-419D-9104-C475C02A7F7A}
2013-05-07 15:25 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EDCE831-BD87-4457-AB01-96B2D3235DFD}\mpengine.dll
2013-05-06 16:05 . 2013-05-06 16:05	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{FF6844BA-22E4-4DF5-8F46-2A0D858646C0}
2013-05-05 10:47 . 2013-05-05 10:47	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{83BF5461-2BE0-4074-91ED-530848FDB338}
2013-05-03 15:50 . 2013-05-03 15:50	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{1736BD54-3ED9-4C03-A978-9B70795DC681}
2013-05-02 11:55 . 2013-05-02 11:55	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{C6790F4F-86EE-4845-B382-11E40AC52B01}
2013-05-01 16:56 . 2013-05-01 16:56	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{597B2478-8001-400B-A675-A48214AB84E2}
2013-04-29 15:53 . 2013-04-29 15:53	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{2AD14251-DB60-4E66-991F-9DF25EAD38FB}
2013-04-27 08:57 . 2013-04-27 08:58	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{49865642-E895-4E23-B541-F767B2252FAE}
2013-04-26 07:22 . 2013-04-26 19:22	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{5B6395B3-0CD1-4A39-8B82-C3D3626A8F5B}
2013-04-25 15:16 . 2013-04-25 15:16	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{3DCB2257-6E22-4B4C-977E-91E8A253E81C}
2013-04-24 20:07 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-24 15:43 . 2013-04-24 15:43	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{D53FFC17-3DFA-4E59-8C4E-52087A782383}
2013-04-21 16:29 . 2013-04-21 16:29	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{893FACBF-62A2-4E5B-8D2B-07A4F428DB42}
2013-04-20 16:59 . 2013-04-20 16:59	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{63C77444-0796-4D25-A734-B6215355A03A}
2013-04-19 10:03 . 2013-04-19 10:04	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{D75FBC7F-13F4-4F0F-955F-CE65506883A7}
2013-04-17 07:46 . 2013-04-17 07:47	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{8A0CC811-A924-49A7-8619-717C4F003A42}
2013-04-16 07:11 . 2013-04-16 19:11	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{02355BD9-01A7-4D88-A6B3-A867B19DCE1A}
2013-04-15 15:03 . 2013-04-15 15:03	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{B9E2D684-24DB-4756-85E6-50C49969B4FF}
2013-04-14 19:17 . 2013-04-14 19:17	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{C5EA5584-151E-4770-BCE6-A0B0A645A0B2}
2013-04-12 12:59 . 2013-04-12 13:00	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{0BB2BFD7-96D5-41DF-8AE9-5CCB543AA664}
2013-04-11 07:23 . 2013-04-11 07:24	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{0CBAB47E-5ABA-4BD1-8B19-87859261A69F}
2013-04-10 13:57 . 2013-04-10 13:57	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{E58FF077-DC3C-44BF-9740-635635C3CA67}
2013-04-09 13:06 . 2013-04-09 13:06	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{DC730C71-401E-4EF9-8505-A7A8EA4AD0C7}
2013-04-08 17:17 . 2013-04-08 17:17	--------	d-----w-	c:\users\Bjˆrn\AppData\Local\{95BBCB51-B5EC-40C2-BADB-C7EAB7F3DCF4}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2009-10-14 05:13	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-22 06:17 . 2012-07-16 15:33	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-22 06:17 . 2011-10-01 19:32	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 21:18 . 2009-10-14 05:12	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-25 20:39 . 2013-03-25 20:39	4546560	----a-w-	c:\windows\SysWow64\GPhotos.scr
2013-02-28 18:01 . 2013-02-28 18:01	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-28 18:01 . 2012-12-03 21:21	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-02-28 18:01 . 2012-12-03 21:21	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-12 20:29	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 20:29	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-12 20:29	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 20:29	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-12 20:29	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 20:29	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-18 20:52	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:25 . 2013-03-18 20:44	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-02-10 03:25 . 2013-03-18 20:44	963776	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-10 03:25 . 2013-03-18 20:44	9422672	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-10 03:25 . 2013-03-18 20:44	7964680	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-10 03:25 . 2013-03-18 20:44	7569184	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-10 03:25 . 2013-03-18 20:44	6267240	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-10 03:25 . 2013-03-18 20:44	2911008	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-10 03:25 . 2013-03-18 20:44	2726176	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-10 03:25 . 2013-03-18 20:44	26947360	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-10 03:25 . 2013-03-18 20:44	2528840	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-10 03:25 . 2013-03-18 20:44	25256736	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-10 03:25 . 2013-03-18 20:44	250504	----a-w-	c:\windows\system32\nvinitx.dll
2013-02-10 03:25 . 2013-03-18 20:44	2350368	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-10 03:25 . 2013-03-18 20:44	20534560	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-10 03:25 . 2013-03-18 20:44	205184	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-02-10 03:25 . 2013-03-18 20:44	1990944	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-10 03:25 . 2013-03-18 20:44	1807136	----a-w-	c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-03-18 20:44	17987192	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-10 03:25 . 2013-03-18 20:44	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-10 03:25 . 2013-03-18 20:44	15275744	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-10 03:25 . 2013-03-18 20:44	1510176	----a-w-	c:\windows\system32\nvdispgenco6420162.dll
2013-02-10 03:25 . 2013-03-18 20:44	15038296	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-10 03:25 . 2013-03-18 20:44	12862400	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-10 03:25 . 2013-03-18 20:44	11040544	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-10 03:25 . 2012-10-10 20:23	2854344	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2012-10-10 20:23	1114144	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-10 01:04 . 2013-03-18 19:07	6393120	----a-w-	c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2013-03-18 19:07	3472672	----a-w-	c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2013-03-18 19:07	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2013-03-18 19:07	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-02-10 01:04 . 2013-03-18 19:07	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-02-10 01:04 . 2013-03-18 19:07	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-02-09 17:43 . 2013-02-09 17:43	555808	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-02-09 13:25 . 2013-03-18 19:07	3035306	----a-w-	c:\windows\system32\nvcoproc.bin
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-01-28 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:36	163936	----a-w-	c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]
2013-03-03 21:17	707728	----a-w-	c:\progra~2\VIDEOD~2\bar\1.bin\4zbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]
2013-03-03 21:17	62864	----a-w-	c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-01-28 17:16	1520776	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-08-02 10:13	248936	----a-w-	c:\program files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll" [2012-08-02 274536]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-01-28 1520776]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [2013-03-03 707728]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-01 39408]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"EADM"="d:\spiele\origin\Origin.exe" [2013-03-28 3497552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"AgentMonitor"="d:\spiele\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-08 377800]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-01-28 1644680]
"VideoDownloadConverter Search Scope Monitor"="c:\progra~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" [2013-03-03 42536]
"VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~2\VIDEOD~2\bar\1.bin\4zbrmon.exe" [2013-03-03 30096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
R1 ntiomin;ntiomin; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 204288]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R2 AviraUpgradeService;Avira Upgrade Service;c:\windows\TEMP\AVSETUP_4e9b1099\avupgsvc.exe [x]
R2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IntelÆ PROSet Monitoring Service;IntelÆ PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
R2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2013-03-03 42504]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-22 283200]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-22 06:55	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 06:17]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-01 19:09]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-01 19:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gmx.net/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\GMX Toolbar\IE\uitb.dll
FF - ProfilePath - c:\users\Bjˆrn\AppData\Roaming\Mozilla\Firefox\Profiles\hw2uqtu6.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.hpOld - 
FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic.dspOld - Google
FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic)
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic_i.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 5e270bd7000000000000002683161870
FF - user.js: extensions.Softonic.instlDay - 15561
FF - user.js: extensions.Softonic.vrsn - 1.6.7.4
FF - user.js: extensions.Softonic.vrsni - 1.6.7.4
FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.419:01
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - INF1205T01
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\users\Bjˆrn\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-612092012-4180906935-3109514247-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-612092012-4180906935-3109514247-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-612092012-4180906935-3109514247-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-08  13:57:29
ComboFix-quarantined-files.txt  2013-05-08 11:57
.
Vor Suchlauf: 6.044.262.400 Bytes frei
Nach Suchlauf: 6.479.532.032 Bytes frei
.
- - End Of File - - FCBE5706C248029D3E110C39336EB6C2
         
 --- --- ---

ryder · 08.05.2013, 11:38

Zitat:

c:\windows\7Loader.TAG

Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Supportstopp

Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.

Damit ist das Thema beendet.

arthek · 08.05.2013, 11:57

der rechner ist ja von meinem schwager, wusste nicht was da für sachen drauf sind und kam da ja nicht drauf wegen dem weißen Bildschirm .
kann ich die sachen löschen und wir machen weiter oder ist das jetzt durch ?

Weißer Bildschirm nach anmelden PC Win7 64Bit

Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm nach anmelden PC Win7 64Bit