Trojaner-Board
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Computer öffnet unaufgefordert Seiten und komischer Virus gefunden (https://www.trojaner-board.de/125334-computer-oeffnet-unaufgefordert-seiten-komischer-virus-gefunden.html)

F4c3d0wn 07.10.2012 21:42
Computer öffnet unaufgefordert Seiten und komischer Virus gefunden
 
Hallo Community,

natürlich habe ich mich vorher über mein Problem im Internet informiert, fand mit meinen Stichpunkten aber nicht wirklich eine Antwort.

Deswegen schildere ich mein Problem nun hier:

Wenn ich mit meinem Laptop, Acer Aspire 7738G, ins Internet gehe und die Website "Google" besuche, dort beispielsweise "Wikipedia" oder irgendwas anderes eingebe, das Suchergebniss dann anklicke, öffnet sich irgendeine Seite! Beim letzten mal war es bei einer Suche eine Seite mit Gartenstühlen oder Ebay...

Da ich mich über das Problem wunderte, habe ich mir erstmal ein Antivirenprogramm installiert, in meinem Fall nun "AVIRA".

....damit auch zu Problem 2:

Wenn ich im Internet surfe, meldet der AVIRA Echtzeitscanner dauernt den folgendes Virus: "C:\$Recycle.Bin\S-1-5-18\...\80000032.@" mit dem unerwünschten Programm namens "TR/ATRAPS.Gen2"
Wenn ich dann auf "Entfernen" drücke, kommt die Meldung nach einigen Sekunden wieder...

Was ist mit meinem Computer los? Was ist das für ein Virus und warum werden seltsame Internetseiten geöffnet?

Ich bin sehr sehr dankbar für euer Hilfe,

euer F4c3d0wn! Danke! :nixda: :schrei:

PS: Ich kenne ja vieles, aber bitte sagt mir genau was ich mache soll, den von Virenbekämpfung habe ich nicht viel Ahnung...

Psychotic 08.10.2012 06:48
:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Du hast das so genannte ZeroAccess-Rootkit am System.

Welches Betriebssystem läuft? Bitte auch angeben, ob 32- oder 64bit!

F4c3d0wn 08.10.2012 12:42
Danke Marius, dass du mir hilftst!!! Mein Name ist übrigens Jonas.

Ich habe mir deine Schritte oben 1-7 durchgelesen, verstehe aber keine Aufforderung. Was soll ich nun machen?

Ich habe ein 64-Bit Betriebsystem, Ccleaner ist auch schon vorhanden.

Psychotic 08.10.2012 12:46
Schritt 1: OTL


Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.



Schritt 2: aswMBR



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Schritt 3: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

F4c3d0wn 08.10.2012 16:55
Das Ergebnis (Report) vom TDSSKiller:

17:52:36.0922 3380 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:52:37.0181 3380 ============================================================
17:52:37.0181 3380 Current date / time: 2012/10/08 17:52:37.0181
17:52:37.0181 3380 SystemInfo:
17:52:37.0181 3380
17:52:37.0181 3380 OS Version: 6.1.7601 ServicePack: 1.0
17:52:37.0181 3380 Product type: Workstation
17:52:37.0181 3380 ComputerName: JONAS-PC
17:52:37.0181 3380 UserName: Jonas
17:52:37.0181 3380 Windows directory: C:\Windows
17:52:37.0181 3380 System windows directory: C:\Windows
17:52:37.0181 3380 Running under WOW64
17:52:37.0181 3380 Processor architecture: Intel x64
17:52:37.0181 3380 Number of processors: 2
17:52:37.0181 3380 Page size: 0x1000
17:52:37.0181 3380 Boot type: Normal boot
17:52:37.0181 3380 ============================================================
17:52:40.0290 3380 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:52:40.0374 3380 ============================================================
17:52:40.0374 3380 \Device\Harddisk0\DR0:
17:52:40.0375 3380 MBR partitions:
17:52:40.0375 3380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E70800, BlocksNum 0x32000
17:52:40.0398 3380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1EA3000, BlocksNum 0x1FF97670
17:52:40.0484 3380 ============================================================
17:52:40.0588 3380 C: <-> \Device\Harddisk0\DR0\Partition2
17:52:40.0649 3380 D: <-> \Device\Harddisk0\DR0\Partition1
17:52:40.0650 3380 ============================================================
17:52:40.0650 3380 Initialize success
17:52:40.0650 3380 ============================================================
17:52:47.0125 5104 ============================================================
17:52:47.0126 5104 Scan started
17:52:47.0126 5104 Mode: Manual;
17:52:47.0126 5104 ============================================================
17:52:48.0171 5104 ================ Scan system memory ========================
17:52:48.0171 5104 System memory - ok
17:52:48.0172 5104 ================ Scan services =============================
17:52:48.0556 5104 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:52:48.0559 5104 1394ohci - ok
17:52:48.0646 5104 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:52:48.0650 5104 ACPI - ok
17:52:48.0714 5104 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:52:48.0714 5104 AcpiPmi - ok
17:52:48.0941 5104 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:52:48.0942 5104 AdobeARMservice - ok
17:52:49.0199 5104 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:52:49.0202 5104 AdobeFlashPlayerUpdateSvc - ok
17:52:49.0290 5104 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:52:49.0296 5104 adp94xx - ok
17:52:49.0397 5104 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:52:49.0401 5104 adpahci - ok
17:52:49.0487 5104 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:52:49.0489 5104 adpu320 - ok
17:52:49.0540 5104 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:52:49.0541 5104 AeLookupSvc - ok
17:52:49.0624 5104 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:52:49.0630 5104 AFD - ok
17:52:49.0713 5104 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
17:52:49.0735 5104 AgereSoftModem - ok
17:52:49.0847 5104 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:52:49.0848 5104 agp440 - ok
17:52:49.0914 5104 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:52:49.0916 5104 ALG - ok
17:52:49.0958 5104 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:52:49.0958 5104 aliide - ok
17:52:49.0991 5104 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:52:49.0991 5104 amdide - ok
17:52:50.0072 5104 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:52:50.0072 5104 AmdK8 - ok
17:52:50.0090 5104 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:52:50.0091 5104 AmdPPM - ok
17:52:50.0151 5104 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:52:50.0152 5104 amdsata - ok
17:52:50.0237 5104 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:52:50.0240 5104 amdsbs - ok
17:52:50.0297 5104 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:52:50.0297 5104 amdxata - ok
17:52:50.0856 5104 [ 98A8B7D168D035FEFDEFA18F759115F6 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:52:50.0857 5104 AntiVirSchedulerService - ok
17:52:50.0950 5104 [ AAACAE485AE81D0A449FBC754880C791 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:52:50.0951 5104 AntiVirService - ok
17:52:51.0126 5104 [ 596FE09BAE862BF29220FC94075ED1CE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:52:51.0130 5104 AntiVirWebService - ok
17:52:51.0223 5104 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:52:51.0224 5104 AppID - ok
17:52:51.0282 5104 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:52:51.0283 5104 AppIDSvc - ok
17:52:51.0372 5104 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:52:51.0373 5104 Appinfo - ok
17:52:51.0473 5104 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:52:51.0474 5104 Apple Mobile Device - ok
17:52:51.0552 5104 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:52:51.0553 5104 arc - ok
17:52:51.0610 5104 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:52:51.0611 5104 arcsas - ok
17:52:51.0649 5104 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:52:51.0650 5104 AsyncMac - ok
17:52:51.0662 5104 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:52:51.0662 5104 atapi - ok
17:52:52.0064 5104 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:52:52.0133 5104 AudioEndpointBuilder - ok
17:52:52.0149 5104 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:52:52.0154 5104 AudioSrv - ok
17:52:52.0194 5104 [ 25B63A3C24A5E0223A35DE2F0D9E0FAF ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:52:52.0195 5104 avgntflt - ok
17:52:52.0254 5104 [ A83691240C1568E6A3EAA5C86D9F8AE3 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:52:52.0255 5104 avipbb - ok
17:52:52.0287 5104 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:52:52.0288 5104 avkmgr - ok
17:52:52.0363 5104 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:52:52.0365 5104 AxInstSV - ok
17:52:52.0518 5104 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:52:52.0523 5104 b06bdrv - ok
17:52:52.0610 5104 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:52:52.0613 5104 b57nd60a - ok
17:52:52.0714 5104 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:52:52.0715 5104 BDESVC - ok
17:52:52.0728 5104 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:52:52.0729 5104 Beep - ok
17:52:52.0770 5104 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:52:52.0771 5104 blbdrive - ok
17:52:52.0899 5104 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:52:52.0903 5104 Bonjour Service - ok
17:52:52.0968 5104 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:52:52.0969 5104 bowser - ok
17:52:53.0067 5104 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:52:53.0068 5104 BrFiltLo - ok
17:52:53.0091 5104 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:52:53.0092 5104 BrFiltUp - ok
17:52:53.0187 5104 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:52:53.0189 5104 Browser - ok
17:52:53.0493 5104 [ 0E39DB25920F7952C72A524565CCBAA6 ] Browser Manager C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
17:52:53.0548 5104 Browser Manager - ok
17:52:53.0671 5104 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:52:53.0674 5104 Brserid - ok
17:52:53.0731 5104 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:52:53.0732 5104 BrSerWdm - ok
17:52:53.0778 5104 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:52:53.0778 5104 BrUsbMdm - ok
17:52:53.0841 5104 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:52:53.0841 5104 BrUsbSer - ok
17:52:53.0883 5104 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:52:53.0884 5104 BTHMODEM - ok
17:52:53.0999 5104 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:52:54.0000 5104 bthserv - ok
17:52:54.0017 5104 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:52:54.0018 5104 cdfs - ok
17:52:54.0090 5104 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:52:54.0092 5104 cdrom - ok
17:52:54.0175 5104 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:52:54.0176 5104 CertPropSvc - ok
17:52:54.0228 5104 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:52:54.0228 5104 circlass - ok
17:52:54.0270 5104 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:52:54.0274 5104 CLFS - ok
17:52:54.0505 5104 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:52:54.0507 5104 clr_optimization_v2.0.50727_32 - ok
17:52:54.0655 5104 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:52:54.0657 5104 clr_optimization_v2.0.50727_64 - ok
17:52:54.0834 5104 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:52:54.0879 5104 clr_optimization_v4.0.30319_32 - ok
17:52:54.0986 5104 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:52:54.0988 5104 clr_optimization_v4.0.30319_64 - ok
17:52:55.0043 5104 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:52:55.0043 5104 CmBatt - ok
17:52:55.0067 5104 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:52:55.0068 5104 cmdide - ok
17:52:55.0124 5104 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:52:55.0130 5104 CNG - ok
17:52:55.0200 5104 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:52:55.0200 5104 Compbatt - ok
17:52:55.0248 5104 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:52:55.0249 5104 CompositeBus - ok
17:52:55.0282 5104 COMSysApp - ok
17:52:55.0311 5104 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:52:55.0311 5104 crcdisk - ok
17:52:55.0408 5104 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:52:55.0410 5104 CryptSvc - ok
17:52:55.0526 5104 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:52:55.0533 5104 DcomLaunch - ok
17:52:55.0664 5104 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:52:55.0668 5104 defragsvc - ok
17:52:55.0726 5104 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:52:55.0728 5104 DfsC - ok
17:52:55.0824 5104 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:52:55.0828 5104 Dhcp - ok
17:52:55.0901 5104 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:52:55.0903 5104 discache - ok
17:52:55.0965 5104 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:52:55.0966 5104 Disk - ok
17:52:56.0075 5104 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:52:56.0078 5104 Dnscache - ok
17:52:56.0133 5104 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:52:56.0136 5104 dot3svc - ok
17:52:56.0148 5104 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:52:56.0150 5104 DPS - ok
17:52:56.0180 5104 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:52:56.0181 5104 drmkaud - ok
17:52:56.0286 5104 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:52:56.0288 5104 dtsoftbus01 - ok
17:52:56.0360 5104 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:52:56.0367 5104 DXGKrnl - ok
17:52:56.0418 5104 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:52:56.0420 5104 EapHost - ok
17:52:56.0807 5104 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:52:56.0907 5104 ebdrv - ok
17:52:56.0966 5104 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:52:56.0968 5104 EFS - ok
17:52:57.0077 5104 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:52:57.0085 5104 ehRecvr - ok
17:52:57.0116 5104 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:52:57.0117 5104 ehSched - ok
17:52:57.0446 5104 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:52:57.0451 5104 elxstor - ok
17:52:57.0458 5104 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:52:57.0458 5104 ErrDev - ok
17:52:57.0540 5104 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:52:57.0545 5104 EventSystem - ok
17:52:57.0625 5104 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:52:57.0626 5104 exfat - ok
17:52:57.0686 5104 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:52:57.0688 5104 fastfat - ok
17:52:57.0814 5104 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:52:57.0821 5104 Fax - ok
17:52:57.0842 5104 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:52:57.0843 5104 fdc - ok
17:52:57.0871 5104 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:52:57.0873 5104 fdPHost - ok
17:52:57.0890 5104 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:52:57.0891 5104 FDResPub - ok
17:52:57.0920 5104 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:52:57.0921 5104 FileInfo - ok
17:52:57.0959 5104 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:52:57.0960 5104 Filetrace - ok
17:52:58.0032 5104 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:52:58.0032 5104 flpydisk - ok
17:52:58.0108 5104 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:52:58.0111 5104 FltMgr - ok
17:52:58.0191 5104 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:52:58.0213 5104 FontCache - ok
17:52:58.0317 5104 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:52:58.0318 5104 FontCache3.0.0.0 - ok
17:52:58.0356 5104 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:52:58.0357 5104 FsDepends - ok
17:52:58.0423 5104 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:52:58.0424 5104 Fs_Rec - ok
17:52:58.0507 5104 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:52:58.0509 5104 fvevol - ok
17:52:58.0543 5104 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:52:58.0544 5104 gagp30kx - ok
17:52:58.0608 5104 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:52:58.0609 5104 GEARAspiWDM - ok
17:52:58.0668 5104 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:52:58.0677 5104 gpsvc - ok
17:52:58.0819 5104 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:52:58.0820 5104 gupdate - ok
17:52:58.0832 5104 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:52:58.0833 5104 gupdatem - ok
17:52:58.0874 5104 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:52:58.0875 5104 hcw85cir - ok
17:52:58.0998 5104 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:52:59.0002 5104 HdAudAddService - ok
17:52:59.0027 5104 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:52:59.0028 5104 HDAudBus - ok
17:52:59.0053 5104 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:52:59.0054 5104 HidBatt - ok
17:52:59.0088 5104 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:52:59.0089 5104 HidBth - ok
17:52:59.0117 5104 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:52:59.0118 5104 HidIr - ok
17:52:59.0163 5104 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:52:59.0164 5104 hidserv - ok
17:52:59.0243 5104 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:52:59.0244 5104 HidUsb - ok
17:52:59.0301 5104 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:52:59.0303 5104 hkmsvc - ok
17:52:59.0422 5104 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:52:59.0426 5104 HomeGroupListener - ok
17:52:59.0473 5104 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:52:59.0477 5104 HomeGroupProvider - ok
17:52:59.0516 5104 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:52:59.0517 5104 HpSAMD - ok
17:52:59.0566 5104 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:52:59.0574 5104 HTTP - ok
17:52:59.0611 5104 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:52:59.0611 5104 hwpolicy - ok
17:52:59.0664 5104 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:52:59.0665 5104 i8042prt - ok
17:52:59.0803 5104 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:52:59.0808 5104 iaStorV - ok
17:52:59.0981 5104 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:52:59.0982 5104 IDriverT - ok
17:53:00.0180 5104 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:53:00.0200 5104 idsvc - ok
17:53:00.0264 5104 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:53:00.0265 5104 iirsp - ok
17:53:00.0435 5104 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:53:00.0446 5104 IKEEXT - ok
17:53:00.0481 5104 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:53:00.0481 5104 intelide - ok
17:53:00.0541 5104 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:53:00.0542 5104 intelppm - ok
17:53:00.0577 5104 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:53:00.0579 5104 IPBusEnum - ok
17:53:00.0635 5104 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:53:00.0636 5104 IpFilterDriver - ok
17:53:00.0703 5104 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:53:00.0704 5104 IPMIDRV - ok
17:53:00.0789 5104 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:53:00.0792 5104 IPNAT - ok
17:53:01.0025 5104 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:53:01.0031 5104 iPod Service - ok
17:53:01.0100 5104 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:53:01.0101 5104 IRENUM - ok
17:53:01.0147 5104 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:53:01.0147 5104 isapnp - ok
17:53:01.0303 5104 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:53:01.0305 5104 iScsiPrt - ok
17:53:01.0360 5104 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
17:53:01.0363 5104 k57nd60a - ok
17:53:01.0419 5104 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:53:01.0420 5104 kbdclass - ok
17:53:01.0462 5104 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:53:01.0463 5104 kbdhid - ok
17:53:01.0477 5104 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:53:01.0478 5104 KeyIso - ok
17:53:01.0523 5104 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:53:01.0524 5104 KSecDD - ok
17:53:01.0576 5104 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:53:01.0577 5104 KSecPkg - ok
17:53:01.0631 5104 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:53:01.0632 5104 ksthunk - ok
17:53:01.0774 5104 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:53:01.0779 5104 KtmRm - ok
17:53:01.0879 5104 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:53:01.0883 5104 LanmanServer - ok
17:53:01.0962 5104 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:53:01.0966 5104 LanmanWorkstation - ok
17:53:02.0021 5104 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:53:02.0022 5104 lltdio - ok
17:53:02.0083 5104 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:53:02.0088 5104 lltdsvc - ok
17:53:02.0128 5104 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:53:02.0130 5104 lmhosts - ok
17:53:02.0178 5104 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:53:02.0179 5104 LSI_FC - ok
17:53:02.0229 5104 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:53:02.0230 5104 LSI_SAS - ok
17:53:02.0252 5104 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:53:02.0253 5104 LSI_SAS2 - ok
17:53:02.0281 5104 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:53:02.0283 5104 LSI_SCSI - ok
17:53:02.0319 5104 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:53:02.0320 5104 luafv - ok
17:53:02.0373 5104 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:53:02.0375 5104 Mcx2Svc - ok
17:53:02.0404 5104 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:53:02.0405 5104 megasas - ok
17:53:02.0580 5104 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:53:02.0601 5104 MegaSR - ok
17:53:02.0716 5104 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:53:02.0718 5104 MMCSS - ok
17:53:02.0791 5104 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:53:02.0793 5104 Modem - ok
17:53:02.0848 5104 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:53:02.0849 5104 monitor - ok
17:53:02.0876 5104 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:53:02.0877 5104 mouclass - ok
17:53:02.0904 5104 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:53:02.0904 5104 mouhid - ok
17:53:02.0935 5104 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:53:02.0937 5104 mountmgr - ok
17:53:03.0092 5104 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:53:03.0093 5104 MozillaMaintenance - ok
17:53:03.0177 5104 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:53:03.0178 5104 mpio - ok
17:53:03.0208 5104 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:53:03.0209 5104 mpsdrv - ok
17:53:03.0318 5104 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
17:53:03.0320 5104 MQAC - ok
17:53:03.0402 5104 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:53:03.0404 5104 MRxDAV - ok
17:53:03.0482 5104 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:53:03.0484 5104 mrxsmb - ok
17:53:03.0553 5104 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:53:03.0557 5104 mrxsmb10 - ok
17:53:03.0578 5104 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:53:03.0580 5104 mrxsmb20 - ok
17:53:03.0628 5104 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:53:03.0629 5104 msahci - ok
17:53:03.0705 5104 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:53:03.0707 5104 msdsm - ok
17:53:03.0760 5104 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:53:03.0763 5104 MSDTC - ok
17:53:03.0816 5104 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:53:03.0817 5104 Msfs - ok
17:53:03.0846 5104 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:53:03.0847 5104 mshidkmdf - ok
17:53:03.0859 5104 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:53:03.0859 5104 msisadrv - ok
17:53:03.0943 5104 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:53:03.0946 5104 MSiSCSI - ok
17:53:03.0952 5104 msiserver - ok
17:53:04.0022 5104 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:53:04.0023 5104 MSKSSRV - ok
17:53:04.0125 5104 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
17:53:04.0127 5104 MSMQ - ok
17:53:04.0175 5104 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:53:04.0176 5104 MSPCLOCK - ok
17:53:04.0247 5104 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:53:04.0248 5104 MSPQM - ok
17:53:04.0306 5104 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:53:04.0311 5104 MsRPC - ok
17:53:04.0356 5104 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:53:04.0357 5104 mssmbios - ok
17:53:04.0454 5104 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:53:04.0455 5104 MSTEE - ok
17:53:04.0480 5104 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:53:04.0480 5104 MTConfig - ok
17:53:04.0498 5104 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:53:04.0500 5104 Mup - ok
17:53:04.0560 5104 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:53:04.0566 5104 napagent - ok
17:53:04.0627 5104 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:53:04.0630 5104 NativeWifiP - ok
17:53:04.0714 5104 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:53:04.0739 5104 NDIS - ok
17:53:04.0801 5104 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:53:04.0802 5104 NdisCap - ok
17:53:04.0860 5104 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:53:04.0860 5104 NdisTapi - ok
17:53:04.0948 5104 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:53:04.0949 5104 Ndisuio - ok
17:53:05.0032 5104 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:53:05.0033 5104 NdisWan - ok
17:53:05.0079 5104 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:53:05.0080 5104 NDProxy - ok
17:53:05.0179 5104 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:53:05.0180 5104 NetBIOS - ok
17:53:05.0194 5104 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:53:05.0197 5104 NetBT - ok
17:53:05.0211 5104 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:53:05.0212 5104 Netlogon - ok
17:53:05.0264 5104 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:53:05.0270 5104 Netman - ok
17:53:05.0294 5104 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:53:05.0299 5104 netprofm - ok
17:53:05.0335 5104 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:53:05.0347 5104 NetTcpPortSharing - ok
17:53:05.0728 5104 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
17:53:05.0853 5104 netw5v64 - ok
17:53:05.0909 5104 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:53:05.0910 5104 nfrd960 - ok
17:53:06.0072 5104 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:53:06.0076 5104 NlaSvc - ok
17:53:06.0100 5104 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:53:06.0101 5104 Npfs - ok
17:53:06.0157 5104 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:53:06.0159 5104 nsi - ok
17:53:06.0236 5104 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:53:06.0237 5104 nsiproxy - ok
17:53:06.0674 5104 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:53:06.0919 5104 Ntfs - ok
17:53:06.0978 5104 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:53:06.0979 5104 Null - ok
17:53:07.0156 5104 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:53:07.0162 5104 NVHDA - ok
17:53:08.0407 5104 [ AA043614B7F65EAF7FA83068286D5981 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:53:08.0515 5104 nvlddmkm - ok
17:53:08.0596 5104 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:53:08.0599 5104 nvraid - ok
17:53:08.0666 5104 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:53:08.0668 5104 nvstor - ok
17:53:09.0184 5104 [ D0A5ADF4CD902C06ACD651D2FB2A85A9 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:53:09.0203 5104 nvsvc - ok
17:53:09.0867 5104 [ 03FAC29EED869029D5B000805DE2DE57 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:53:09.0919 5104 nvUpdatusService - ok
17:53:09.0988 5104 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:53:09.0990 5104 nv_agp - ok
17:53:10.0043 5104 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:53:10.0044 5104 ohci1394 - ok
17:53:10.0172 5104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:53:10.0177 5104 p2pimsvc - ok
17:53:10.0373 5104 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:53:10.0380 5104 p2psvc - ok
17:53:10.0444 5104 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:53:10.0445 5104 Parport - ok
17:53:10.0503 5104 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:53:10.0504 5104 partmgr - ok
17:53:10.0577 5104 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:53:10.0580 5104 PcaSvc - ok
17:53:10.0628 5104 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:53:10.0630 5104 pci - ok
17:53:10.0689 5104 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:53:10.0690 5104 pciide - ok
17:53:10.0833 5104 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:53:10.0835 5104 pcmcia - ok
17:53:10.0895 5104 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:53:10.0896 5104 pcw - ok
17:53:10.0964 5104 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:53:10.0971 5104 PEAUTH - ok
17:53:13.0590 5104 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:53:13.0592 5104 PerfHost - ok
17:53:13.0978 5104 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:53:13.0994 5104 pla - ok
17:53:14.0172 5104 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:53:14.0178 5104 PlugPlay - ok
17:53:14.0206 5104 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:53:14.0209 5104 PNRPAutoReg - ok
17:53:14.0305 5104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:53:14.0309 5104 PNRPsvc - ok
17:53:14.0460 5104 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:53:14.0465 5104 PolicyAgent - ok
17:53:14.0563 5104 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:53:14.0566 5104 Power - ok
17:53:14.0652 5104 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:53:14.0653 5104 PptpMiniport - ok
17:53:14.0719 5104 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:53:14.0720 5104 Processor - ok
17:53:14.0822 5104 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:53:14.0825 5104 ProfSvc - ok
17:53:14.0854 5104 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:53:14.0856 5104 ProtectedStorage - ok
17:53:14.0988 5104 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:53:14.0990 5104 Psched - ok
17:53:15.0385 5104 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:53:15.0401 5104 ql2300 - ok
17:53:15.0426 5104 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:53:15.0427 5104 ql40xx - ok
17:53:15.0497 5104 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:53:15.0502 5104 QWAVE - ok
17:53:15.0532 5104 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:53:15.0533 5104 QWAVEdrv - ok
17:53:15.0592 5104 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:53:15.0593 5104 RasAcd - ok
17:53:15.0703 5104 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:53:15.0704 5104 RasAgileVpn - ok
17:53:15.0755 5104 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:53:15.0758 5104 RasAuto - ok
17:53:15.0831 5104 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:53:15.0832 5104 Rasl2tp - ok
17:53:15.0974 5104 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:53:15.0980 5104 RasMan - ok
17:53:16.0028 5104 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:53:16.0029 5104 RasPppoe - ok
17:53:16.0096 5104 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:53:16.0097 5104 RasSstp - ok
17:53:16.0218 5104 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:53:16.0231 5104 rdbss - ok
17:53:16.0280 5104 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:53:16.0281 5104 rdpbus - ok
17:53:16.0316 5104 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:53:16.0317 5104 RDPCDD - ok
17:53:16.0402 5104 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:53:16.0403 5104 RDPENCDD - ok
17:53:16.0431 5104 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:53:16.0432 5104 RDPREFMP - ok
17:53:16.0521 5104 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:53:16.0524 5104 RDPWD - ok
17:53:16.0604 5104 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:53:16.0607 5104 rdyboost - ok
17:53:16.0736 5104 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:53:16.0739 5104 RemoteAccess - ok
17:53:16.0839 5104 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:53:16.0842 5104 RemoteRegistry - ok
17:53:16.0892 5104 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:53:16.0894 5104 RpcEptMapper - ok
17:53:16.0953 5104 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:53:16.0954 5104 RpcLocator - ok
17:53:17.0081 5104 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:53:17.0087 5104 RpcSs - ok
17:53:17.0155 5104 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:53:17.0156 5104 rspndr - ok
17:53:17.0176 5104 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:53:17.0178 5104 SamSs - ok
17:53:17.0224 5104 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:53:17.0226 5104 sbp2port - ok
17:53:17.0317 5104 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:53:17.0320 5104 SCardSvr - ok
17:53:17.0464 5104 [ BB19E8CDFE4DADE1DDD5825289854E86 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
17:53:17.0466 5104 SCDEmu - ok
17:53:17.0512 5104 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:53:17.0513 5104 scfilter - ok
17:53:17.0828 5104 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:53:17.0840 5104 Schedule - ok
17:53:17.0885 5104 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:53:17.0886 5104 SCPolicySvc - ok
17:53:17.0991 5104 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:53:17.0994 5104 SDRSVC - ok
17:53:18.0091 5104 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:53:18.0091 5104 secdrv - ok
17:53:18.0147 5104 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:53:18.0150 5104 seclogon - ok
17:53:18.0211 5104 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:53:18.0213 5104 SENS - ok
17:53:18.0274 5104 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:53:18.0276 5104 SensrSvc - ok
17:53:18.0346 5104 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
17:53:18.0347 5104 Serenum - ok
17:53:18.0442 5104 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
17:53:18.0444 5104 Serial - ok
17:53:18.0512 5104 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:53:18.0513 5104 sermouse - ok
17:53:18.0582 5104 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:53:18.0585 5104 SessionEnv - ok
17:53:18.0767 5104 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:53:18.0768 5104 sffdisk - ok
17:53:18.0845 5104 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:53:18.0845 5104 sffp_mmc - ok
17:53:18.0910 5104 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:53:18.0911 5104 sffp_sd - ok
17:53:18.0937 5104 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:53:18.0937 5104 sfloppy - ok
17:53:18.0988 5104 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:53:18.0993 5104 ShellHWDetection - ok
17:53:19.0027 5104 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:53:19.0028 5104 SiSRaid2 - ok
17:53:19.0105 5104 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:53:19.0106 5104 SiSRaid4 - ok
17:53:19.0231 5104 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:53:19.0232 5104 Smb - ok
17:53:19.0364 5104 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:53:19.0366 5104 SNMPTRAP - ok
17:53:19.0430 5104 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:53:19.0432 5104 spldr - ok
17:53:19.0536 5104 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:53:19.0542 5104 Spooler - ok
17:53:19.0739 5104 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:53:19.0824 5104 sppsvc - ok
17:53:19.0895 5104 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:53:19.0898 5104 sppuinotify - ok
17:53:19.0945 5104 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:53:19.0951 5104 srv - ok
17:53:20.0009 5104 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:53:20.0013 5104 srv2 - ok
17:53:20.0072 5104 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:53:20.0074 5104 srvnet - ok
17:53:20.0178 5104 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:53:20.0183 5104 SSDPSRV - ok
17:53:20.0249 5104 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:53:20.0252 5104 SstpSvc - ok
17:53:20.0326 5104 Steam Client Service - ok
17:53:20.0365 5104 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:53:20.0366 5104 stexstor - ok
17:53:20.0485 5104 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:53:20.0493 5104 stisvc - ok
17:53:20.0567 5104 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:53:20.0568 5104 swenum - ok
17:53:20.0691 5104 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:53:20.0699 5104 swprv - ok
17:53:20.0803 5104 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:53:20.0834 5104 SysMain - ok
17:53:20.0870 5104 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:53:20.0873 5104 TabletInputService - ok
17:53:20.0943 5104 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:53:20.0962 5104 TapiSrv - ok
17:53:20.0991 5104 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:53:20.0995 5104 TBS - ok
17:53:21.0112 5104 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:53:21.0179 5104 Tcpip - ok
17:53:21.0279 5104 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:53:21.0292 5104 TCPIP6 - ok
17:53:21.0343 5104 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:53:21.0344 5104 tcpipreg - ok
17:53:21.0464 5104 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:53:21.0465 5104 TDPIPE - ok
17:53:21.0526 5104 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:53:21.0527 5104 TDTCP - ok
17:53:21.0585 5104 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:53:21.0587 5104 tdx - ok
17:53:21.0651 5104 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:53:21.0652 5104 TermDD - ok
17:53:21.0756 5104 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:53:21.0764 5104 TermService - ok
17:53:21.0811 5104 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:53:21.0814 5104 Themes - ok
17:53:21.0828 5104 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:53:21.0830 5104 THREADORDER - ok
17:53:21.0875 5104 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:53:21.0878 5104 TrkWks - ok
17:53:22.0015 5104 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:53:22.0017 5104 TrustedInstaller - ok
17:53:22.0053 5104 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:53:22.0054 5104 tssecsrv - ok
17:53:22.0161 5104 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:53:22.0162 5104 TsUsbFlt - ok
17:53:22.0193 5104 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:53:22.0194 5104 TsUsbGD - ok
17:53:22.0354 5104 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:53:22.0356 5104 tunnel - ok
17:53:22.0393 5104 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:53:22.0394 5104 uagp35 - ok
17:53:22.0489 5104 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:53:22.0493 5104 udfs - ok
17:53:22.0545 5104 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:53:22.0548 5104 UI0Detect - ok
17:53:22.0603 5104 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:53:22.0604 5104 uliagpkx - ok
17:53:22.0733 5104 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:53:22.0734 5104 umbus - ok
17:53:22.0759 5104 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:53:22.0760 5104 UmPass - ok
17:53:22.0809 5104 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:53:22.0814 5104 upnphost - ok
17:53:22.0867 5104 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:53:22.0867 5104 USBAAPL64 - ok
17:53:22.0988 5104 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:53:22.0989 5104 usbaudio - ok
17:53:23.0060 5104 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:53:23.0061 5104 usbccgp - ok
17:53:23.0139 5104 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:53:23.0140 5104 usbcir - ok
17:53:23.0171 5104 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:53:23.0172 5104 usbehci - ok
17:53:23.0314 5104 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:53:23.0318 5104 usbhub - ok
17:53:23.0368 5104 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:53:23.0368 5104 usbohci - ok
17:53:23.0424 5104 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:53:23.0425 5104 usbprint - ok
17:53:23.0485 5104 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:53:23.0486 5104 usbscan - ok
17:53:23.0549 5104 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:53:23.0550 5104 USBSTOR - ok
17:53:23.0607 5104 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:53:23.0608 5104 usbuhci - ok
17:53:23.0725 5104 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:53:23.0727 5104 usbvideo - ok
17:53:23.0768 5104 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:53:23.0771 5104 UxSms - ok
17:53:23.0788 5104 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:53:23.0790 5104 VaultSvc - ok
17:53:23.0837 5104 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:53:23.0838 5104 vdrvroot - ok
17:53:23.0890 5104 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:53:23.0898 5104 vds - ok
17:53:24.0047 5104 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:53:24.0048 5104 vga - ok
17:53:24.0117 5104 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:53:24.0118 5104 VgaSave - ok
17:53:24.0179 5104 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:53:24.0180 5104 vhdmp - ok
17:53:24.0270 5104 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:53:24.0272 5104 viaide - ok
17:53:24.0303 5104 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:53:24.0304 5104 volmgr - ok
17:53:24.0325 5104 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:53:24.0333 5104 volmgrx - ok
17:53:24.0351 5104 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:53:24.0355 5104 volsnap - ok
17:53:24.0391 5104 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:53:24.0393 5104 vsmraid - ok
17:53:24.0662 5104 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:53:24.0720 5104 VSS - ok
17:53:25.0089 5104 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:53:25.0090 5104 vwifibus - ok
17:53:25.0204 5104 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:53:25.0210 5104 W32Time - ok
17:53:25.0276 5104 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:53:25.0277 5104 WacomPen - ok
17:53:25.0375 5104 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:53:25.0376 5104 WANARP - ok
17:53:25.0380 5104 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:53:25.0382 5104 Wanarpv6 - ok
17:53:25.0445 5104 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:53:25.0462 5104 wbengine - ok
17:53:25.0529 5104 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:53:25.0533 5104 WbioSrvc - ok
17:53:25.0631 5104 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:53:25.0638 5104 wcncsvc - ok
17:53:25.0678 5104 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:53:25.0681 5104 WcsPlugInService - ok
17:53:25.0743 5104 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:53:25.0743 5104 Wd - ok
17:53:25.0818 5104 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:53:25.0825 5104 Wdf01000 - ok
17:53:25.0872 5104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:53:25.0875 5104 WdiServiceHost - ok
17:53:25.0881 5104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:53:25.0884 5104 WdiSystemHost - ok
17:53:25.0905 5104 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:53:25.0909 5104 WebClient - ok
17:53:25.0965 5104 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:53:25.0970 5104 Wecsvc - ok
17:53:26.0022 5104 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:53:26.0025 5104 wercplsupport - ok
17:53:26.0084 5104 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:53:26.0087 5104 WerSvc - ok
17:53:26.0156 5104 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:53:26.0157 5104 WfpLwf - ok
17:53:26.0176 5104 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:53:26.0177 5104 WIMMount - ok
17:53:26.0185 5104 WinHttpAutoProxySvc - ok
17:53:26.0442 5104 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:53:26.0444 5104 Winmgmt - ok
17:53:26.0717 5104 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:53:26.0787 5104 WinRM - ok
17:53:27.0044 5104 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:53:27.0045 5104 WinUsb - ok
17:53:27.0458 5104 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:53:27.0524 5104 Wlansvc - ok
17:53:28.0464 5104 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:53:28.0526 5104 wlidsvc - ok
17:53:28.0748 5104 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
17:53:28.0749 5104 WmBEnum - ok
17:53:28.0933 5104 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
17:53:28.0934 5104 WmFilter - ok
17:53:29.0098 5104 [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
17:53:29.0098 5104 WmHidLo - ok
17:53:29.0208 5104 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:53:29.0208 5104 WmiAcpi - ok
17:53:29.0401 5104 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:53:29.0478 5104 wmiApSrv - ok
17:53:29.0674 5104 WMPNetworkSvc - ok
17:53:29.0757 5104 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
17:53:29.0758 5104 WmVirHid - ok
17:53:29.0835 5104 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
17:53:29.0837 5104 WmXlCore - ok
17:53:29.0904 5104 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:53:29.0907 5104 WPCSvc - ok
17:53:29.0946 5104 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:53:29.0950 5104 WPDBusEnum - ok
17:53:30.0032 5104 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:53:30.0033 5104 ws2ifsl - ok
17:53:30.0041 5104 WSearch - ok
17:53:30.0071 5104 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:53:30.0073 5104 WudfPf - ok
17:53:30.0228 5104 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:53:30.0230 5104 WUDFRd - ok
17:53:30.0355 5104 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:53:30.0358 5104 wudfsvc - ok
17:53:30.0541 5104 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:53:30.0545 5104 WwanSvc - ok
17:53:30.0552 5104 ================ Scan global ===============================
17:53:30.0627 5104 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:53:30.0773 5104 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:53:30.0792 5104 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:53:31.0086 5104 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:53:31.0210 5104 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:53:31.0215 5104 [Global] - ok
17:53:31.0216 5104 ================ Scan MBR ==================================
17:53:31.0378 5104 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:53:34.0630 5104 \Device\Harddisk0\DR0 - ok
17:53:34.0631 5104 ================ Scan VBR ==================================
17:53:34.0659 5104 [ 4133A627BC8C5C91B5A80AA5554E633C ] \Device\Harddisk0\DR0\Partition1
17:53:34.0662 5104 \Device\Harddisk0\DR0\Partition1 - ok
17:53:34.0698 5104 [ 9F1F1C6B779179BCF9E65FAA94603F37 ] \Device\Harddisk0\DR0\Partition2
17:53:34.0735 5104 \Device\Harddisk0\DR0\Partition2 - ok
17:53:34.0735 5104 ============================================================
17:53:34.0735 5104 Scan finished
17:53:34.0735 5104 ============================================================
17:53:34.0751 4228 Detected object count: 0
17:53:34.0751 4228 Actual detected object count: 0

Die anderen beiden Scans sind in arbeit. Werden gleich gepostet.
Ich darf während der Scans doch im Internet sein, oder?

Das Programm "OTL.exe" funktioniert bei mir nicht: Nach ca 30sek scannen (ich entferne mich während des Scans vom PC, klicke auch nix) kommt "Keine Rückmeldung".

Also........








Hier das Ergebniss vom aswMBR.exe:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-08 17:49:58
-----------------------------
17:49:58.142 OS Version: Windows x64 6.1.7601 Service Pack 1
17:49:58.142 Number of processors: 2 586 0x170A
17:49:58.149 ComputerName: JONAS-PC UserName: Jonas
17:50:00.411 Initialize success
17:51:23.469 AVAST engine defs: 12100800
17:51:40.589 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:51:40.592 Disk 0 Vendor: WDC_WD6400BEVT-22A0RT0 01.01A01 Size: 610480MB BusType: 11
17:51:40.603 Disk 0 MBR read successfully
17:51:40.606 Disk 0 MBR scan
17:51:40.627 Disk 0 Windows 7 default MBR code
17:51:40.646 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
17:51:40.675 Disk 0 Partition 2 00 12 Compaq diag NTFS 3584 MB offset 24578048
17:51:40.694 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 100 MB offset 31918080
17:51:40.708 Disk 0 Partition - 00 0F Extended LBA 594795 MB offset 32122880
17:51:40.755 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 261934 MB offset 32124928
17:51:40.769 Disk 0 Partition - 00 05 Extended 2050 MB offset 568567408
17:51:40.827 Disk 0 Partition 5 00 82 Linux swap 2050 MB offset 568567808
17:51:40.836 Disk 0 Partition - 00 05 Extended 20481 MB offset 1109210736
17:51:40.926 Disk 0 Partition 6 00 83 Linux 20480 MB offset 572768256
17:51:40.945 Disk 0 Partition - 00 05 Extended 310318 MB offset 1155354624
17:51:41.011 Disk 0 Partition 7 00 83 Linux 310317 MB offset 614713344
17:51:41.122 Disk 0 scanning C:\Windows\system32\drivers
17:52:12.285 Service scanning
17:53:05.459 Modules scanning
17:53:05.469 Disk 0 trace - called modules:
17:53:05.490 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:53:05.498 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c76060]
17:53:05.506 3 CLASSPNP.SYS[fffff8800186343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004741060]
17:53:19.651 AVAST engine scan C:\Windows
17:53:38.264 AVAST engine scan C:\Windows\system32
17:58:44.905 AVAST engine scan C:\Windows\system32\drivers
17:59:01.615 AVAST engine scan C:\Users\Jonas
18:08:39.464 AVAST engine scan C:\ProgramData
18:10:22.276 Scan finished successfully
18:28:20.421 Disk 0 MBR has been saved successfully to "C:\Users\Jonas\Desktop\MBR.dat"
18:28:20.435 The log file has been saved successfully to "C:\Users\Jonas\Desktop\aswMBR.txt"

Psychotic 08.10.2012 18:02
Lass OTL mal weg - mach folgendes:

Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.scr dds.pif
  • Schließe alle laufenden Programme.
  • Starte DDS mit Doppelklick.
  • Es wird 2 Logfiles erstellen.
    • dds.txt
    • attach.txt
  • Speichere beide Logfiles auf deinem Desktop
  • Poste beide Logfiles hier.

F4c3d0wn 08.10.2012 18:25
Wie ist es eigentlich zu handhaben, dass ich mich ja mit meinem Passwort hier anmelden muss und der Verbreiter meines Trojaners/Virus, was auch immer, das Passwort dieser Seite ja hier weiß?

Außerdem:
Hier das DDS.txt :

.DDS Logfile:
DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.7.2
Run by Jonas at 19:20:33 on 2012-10-08
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4091.2480 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mqsvc.exe
C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Jonas\AppData\Roaming\BrowserCompanion\tbhcn.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
mStart Page = hxxp://search.chatzum.com/
uInternet Settings,ProxyServer = http=;ftp=;https=;
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Browser Companion Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: loadtbs: {dfefcdee-cf1a-4fc8-88ad-129872198372} - C:\Users\Jonas\AppData\Roaming\loadtbs\toolbar.dll
TB: {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Google Update] "C:\Users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Jonas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Jonas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\tbhcn.lnk - C:\Users\Jonas\AppData\Roaming\BrowserCompanion\tbhcn.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: mswsock.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{30D53C6F-7AE8-4C70-AD89-77F453161D87} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{FCFCF837-D0B4-4D4E-908C-8AE06C0051FB} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FCFCF837-D0B4-4D4E-908C-8AE06C0051FB}\46C696E6B6 : DhcpNameServer = 192.168.0.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll
{00cbb66b-1d3b-46d3-9577-323a336acb50}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{963B125B-8B21-49A2-A3A8-E37092276531}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
TB-X64: {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
{99079a25-328f-4bd4-be04-00955acaa0a7}
{D4027C7F-154A-4066-A1AD-4243D8127440}
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [(Standard)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
AppInit_DLLs-X64: c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
user_pref(browser.newtab.url, search.chatzum.com);FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=2c691f30-d602-4086-92dd-b3451bcdcdb2&apn_ptnrs=%5EAGS&apn_sauid=D552E4E5-ADBD-4CC0-98DF-C6C07FCC1609&apn_dtid=%5EYYYYYY%5EVL%5EDE&&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5afdc74600000000000000262d631707&q=
FF - user.js: extensions.BabylonToolbar.id - 5afdc74600000000000000262d631707
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15616
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.716:17:12
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
.
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-7 84256]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-7 108320]
R2 AntiVirWebService;Avira Browser-Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-10-7 554784]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-3 2201112]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-8-27 2253120]
R3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-30 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-9 250568]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-30 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-28 114144]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-10-07 20:05:09        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\Avira
2012-10-07 19:59:23        --------        d-----w-        C:\Program Files (x86)\Ask.com
2012-10-07 19:59:05        99248        ----a-w-        C:\Windows\System32\drivers\avgntflt.sys
2012-10-07 19:59:05        27800        ----a-w-        C:\Windows\System32\drivers\avkmgr.sys
2012-10-07 19:59:04        --------        d-----w-        C:\ProgramData\Avira
2012-10-07 19:59:04        --------        d-----w-        C:\Program Files (x86)\Avira
2012-10-06 19:42:28        --------        d-----w-        C:\Users\Jonas\AppData\Local\Logitech
2012-10-06 19:27:49        --------        d-----w-        C:\Program Files\Common Files\Logitech
2012-10-06 18:09:14        --------        d-----w-        C:\Users\Jonas\AppData\Local\Bus Simulator 2012
2012-10-06 17:58:21        --------        d-----w-        C:\Program Files (x86)\astragon
2012-10-06 14:01:02        --------        d-----w-        C:\ProgramData\boost_interprocess
2012-10-06 14:00:53        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\FreeVideoConverter
2012-10-06 14:00:51        --------        d-----w-        C:\Program Files (x86)\Free Video Converter
2012-10-06 11:57:48        --------        d-----w-        C:\NDSCreator
2012-10-05 12:25:52        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\Unity
2012-10-05 12:23:33        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\PACE Anti-Piracy
2012-10-05 12:23:33        --------        d-----w-        C:\Users\Jonas\AppData\Local\PACE Anti-Piracy
2012-10-05 12:23:33        --------        d-----w-        C:\ProgramData\PACE Anti-Piracy
2012-10-05 12:23:32        --------        d-----w-        C:\Program Files (x86)\Common Files\PACE Anti-Piracy
2012-10-05 12:21:14        --------        d-----w-        C:\Users\Jonas\AppData\Local\Unity
2012-10-05 12:15:32        --------        d-----w-        C:\Program Files (x86)\Unity
2012-10-04 17:54:09        --------        d-----w-        C:\Users\Jonas\AppData\Local\GameMaker8.1
2012-10-04 17:53:57        --------        d-----w-        C:\Users\Jonas\AppData\Local\YoYo_Games_Ltd
2012-10-04 17:40:18        --------        d-----w-        C:\Program Files (x86)\ChatZum Toolbar
2012-10-04 17:39:53        --------        d-----w-        C:\Users\Jonas\GameMaker 8.1
2012-10-04 17:39:53        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\GameMaker
2012-10-04 15:56:07        --------        d-sh--w-        C:\Windows\SysWow64\%APPDATA%
2012-10-04 15:44:28        --------        d-----w-        C:\devkitPro
2012-10-04 15:13:45        560128        ----a-w-        C:\Windows\SysWow64\ScintillaNet.dll
2012-10-04 15:13:45        560128        ----a-w-        C:\Windows\ScintillaNet.dll
2012-10-04 15:13:45        408576        ----a-w-        C:\Windows\SysWow64\SciLexer.dll
2012-10-04 15:13:45        408576        ----a-w-        C:\Windows\SciLexer.dll
2012-10-04 15:13:26        --------        d-----w-        C:\Program Files (x86)\DS Game Maker
2012-10-04 15:11:14        --------        d-----w-        C:\Users\Jonas\AppData\Local\Babylon
2012-10-04 12:23:04        --------        d-----w-        C:\Users\Jonas\AppData\Local\European Bus Simulator 2012
2012-10-03 18:40:25        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\Sinvise Systems
2012-10-03 18:40:25        --------        d-----w-        C:\Program Files (x86)\Sinvise Systems
2012-10-03 14:19:46        --------        d-----w-        C:\Users\Jonas\AppData\Local\DownTango
2012-10-03 14:19:36        --------        d-----w-        C:\Program Files (x86)\Red Sky
2012-10-03 14:17:15        --------        d-----w-        C:\ProgramData\Browser Manager
2012-10-03 14:15:44        --------        d-----w-        C:\ProgramData\Tarma Installer
2012-10-03 13:13:11        --------        d-----w-        C:\Program Files (x86)\N3V Games
2012-10-03 13:13:59        --------        d-----w-        C:\Program Files (x86)\N3V Games
2012-10-02 18:01:03        --------        d-----w-        C:\Users\Jonas\AppData\Local\{08B1FC16-6D7A-4844-89E5-ECE7A180CE56}
2012-10-02 16:36:02        9308616        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2FFD5F8-B247-4BC3-A2AB-24C0D5D7332E}\mpengine.dll
2012-10-01 16:50:44        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\Fighters
2012-10-01 16:50:06        --------        d-----w-        C:\ProgramData\Fighters
2012-10-01 16:50:06        --------        d-----w-        C:\ProgramData\Fighters
2012-10-01 16:50:06        --------        d-----w-        C:\ProgramData\Fighters
2012-10-01 16:50:06        --------        d-----w-        C:\ProgramData\Fighters
2012-10-01 15:06:09        --------        d-----w-        C:\Users\Jonas\AppData\Local\{1198A11C-6516-48AF-A8F6-46ED37D18BC9}
2012-10-01 14:22:14        159744        ----a-w-        C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-01 14:22:14        159744        ----a-w-        C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-01 14:22:14        159744        ----a-w-        C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-01 14:22:14        159744        ----a-w-        C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-01 14:22:14        159744        ----a-w-        C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-01 14:22:14        159744        ----a-w-        C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-01 14:22:14        159744        ----a-w-        C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-30 07:53:48        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\Satmap
2012-09-30 07:52:50        --------        d-----w-        C:\Users\Jonas\AppData\Local\Satmap_Systems_Ltd
2012-09-29 12:19:42        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\SF Software
2012-09-29 12:19:42        --------        d-----w-        C:\Users\Jonas\AppData\Local\SF
2012-09-29 12:10:30        --------        d-----w-        C:\ProgramData\SF
2012-09-29 11:57:42        --------        d-----w-        C:\Program Files (x86)\Sigel
2012-09-26 13:55:53        33240        ----a-w-        C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-26 13:54:01        --------        d-----w-        C:\Program Files\iPod
2012-09-26 13:53:58        --------        d-----w-        C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-26 13:53:58        --------        d-----w-        C:\Program Files\iTunes
2012-09-26 13:53:58        --------        d-----w-        C:\Program Files (x86)\iTunes
2012-09-26 13:38:08        245760        ----a-w-        C:\Windows\System32\OxpsConverter.exe
2012-09-20 16:32:46        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\PDAppFlex
2012-09-18 19:00:34        15112        ----a-w-        C:\Users\Jonas\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2012-09-18 18:58:06        --------        d-----w-        C:\ProgramData\Synetic
2012-09-18 18:58:01        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\ProtectDISC
2012-09-18 18:56:34        --------        d--h--w-        C:\Windows\msdownld.tmp
2012-09-18 18:56:28        --------        d-----w-        C:\Windows\SysWow64\directx
2012-09-17 11:48:26        95208        ----a-w-        C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-15 20:26:27        --------        d-----w-        C:\Users\Jonas\AppData\Local\fontconfig
2012-09-15 20:26:25        --------        d-----w-        C:\Users\Jonas\AppData\Local\gegl-0.2
2012-09-15 20:26:25        --------        d-----w-        C:\Users\Jonas\.gimp-2.8
2012-09-15 20:25:14        --------        d-----w-        C:\Program Files\GIMP 2
2012-09-15 09:26:00        --------        d-----w-        C:\Users\Jonas\AppData\Local\{648658F6-667E-419B-BEDA-8F16A2F92A31}
2012-09-14 15:07:13        283200        ----a-w-        C:\Windows\System32\drivers\dtsoftbus01.sys
2012-09-14 11:38:14        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\Steganos
2012-09-12 15:59:09        --------        d-----w-        C:\Program Files (x86)\FIFA 12
2012-09-12 15:59:09        --------        d-----w-        C:\Program Files (x86)\FIFA 12
2012-09-12 15:59:09        --------        d-----w-        C:\Program Files (x86)\FIFA 12
2012-09-12 15:59:09        --------        d-----w-        C:\Program Files (x86)\FIFA 12
2012-09-12 15:17:54        --------        d-----w-        C:\Users\Jonas\AppData\Local\CrashRpt
2012-09-12 14:01:50        950128        ----a-w-        C:\Windows\System32\drivers\ndis.sys
2012-09-12 14:01:50        41472        ----a-w-        C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 14:01:49        574464        ----a-w-        C:\Windows\System32\d3d10level9.dll
2012-09-12 14:01:49        490496        ----a-w-        C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 14:01:48        376688        ----a-w-        C:\Windows\System32\drivers\netio.sys
2012-09-12 14:01:48        288624        ----a-w-        C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 14:01:48        1913200        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
2012-09-11 16:30:33        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\convert
2012-09-11 16:30:29        --------        d-----w-        C:\Users\Jonas\AppData\Roaming\loadtbs
2012-09-11 14:06:53        --------        d-----w-        C:\Program Files (x86)\pazera-software
2012-09-10 18:48:13        --------        d-----w-        C:\Users\Jonas\AppData\Local\Downloaded Installations
2012-09-10 18:07:35        --------        d-----w-        C:\Users\Jonas\AppData\Local\{7468D293-9D03-4BEC-8C37-56DE9E712827}
2012-09-09 17:32:45        980376        ----a-w-        C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\main.dll
2012-09-09 17:32:45        1470872        ----a-w-        C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsui.dll
2012-09-09 17:32:45        1364376        ----a-w-        C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\api.dll
2012-09-09 17:29:08        --------        d-----w-        C:\Program Files (x86)\MSXML 4.0
2012-09-09 17:29:05        --------        d-----w-        C:\Program Files (x86)\Common Files\Microsoft Games
2012-09-09 17:00:57        --------        d-----w-        C:\Program Files (x86)\Microsoft Games
2012-09-09 17:00:57        --------        d-----w-        C:\Program Files (x86)\Microsoft Games
2012-09-09 17:00:57        --------        d-----w-        C:\Program Files (x86)\Microsoft Games
2012-09-09 16:51:25        --------        d--h--w-        C:\ProgramData\Common Files
2012-09-09 16:51:22        126944        ----a-w-        C:\Windows\System32\drivers\scdemu.sy
2012-09-09 14:06:53        --------        d-----w-        C:\Users\Jonas\AppData\Local\APN
.
==================== Find3M  ====================
.
2012-09-17 11:48:20        821736        ----a-w-        C:\Windows\SysWow64\npDeployJava1.dll
2012-09-17 11:48:20        746984        ----a-w-        C:\Windows\SysWow64\deployJava1.dll
2012-08-30 13:22:18        696520        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-30 13:22:17        73416        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-29 23:15:30        3782214        ----a-w-        C:\chatzum_nt.exe
2012-08-24 13:58:36        405152        ----a-w-        C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-08-24 10:31:32        2312704        ----a-w-        C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18        1392128        ----a-w-        C:\Windows\System32\wininet.dll
2012-08-24 10:20:11        1494528        ----a-w-        C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45        173056        ----a-w-        C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29        599040        ----a-w-        C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42        2382848        ----a-w-        C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17        1800704        ----a-w-        C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27        1129472        ----a-w-        C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02        1427968        ----a-w-        C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26        142848        ----a-w-        C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12        420864        ----a-w-        C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58        2382848        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2012-08-21 11:01:20        125872        ----a-w-        C:\Windows\System32\GEARAspi64.dll
2012-08-21 11:01:20        106928        ----a-w-        C:\Windows\SysWow64\GEARAspi.dll
2012-08-18 14:18:28        2297552        ----a-w-        C:\Windows\SysWow64\d3dx9_26.dll
2012-07-18 18:15:06        3148800        ----a-w-        C:\Windows\System32\win32k.sys
.
============= FINISH: 19:22:05,53 ===============
--- --- ---

--- --- ---







Nun das Attach.txt :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 13/06/2012 17:50:01
System Uptime: 08/10/2012 18:01:26 (1 hours ago)
.
Motherboard: Acer | | JM70
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | U2E1 | 1188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 250 GiB total, 43,012 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0,069 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: FingerPrinter Reader
Device ID: USB\VID_1C7A&PID_0801\00000000000006
Manufacturer:
Name: FingerPrinter Reader
PNP Device ID: USB\VID_1C7A&PID_0801\00000000000006
Service:
.
Class GUID:
Description:
Device ID: ACPI\WEC1040\4&891F657&0
Manufacturer:
Name:
PNP Device ID: ACPI\WEC1040\4&891F657&0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) - Deutsch
Apple Application Support
Apple Software Update
Ask Toolbar
Audacity 2.0
Audible Download Manager
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
Browser Manager
BrowserCompanion
Bus-Simulator 2012
Camtasia Studio 7
CardRecovery 6.00
Cinema 4D version R12
devkitProUpdater 1.5.3
Die Sims™ 3
DVDStyler v2.2
E3MC - Windows Shutdown Timer v5.7 Full
FIFA 12 (c) EA version 1
Free Audio Converter version 5.0.14.627
Free DVD Video Burner version 3.2.2.706
Free Video Converter V 3.1
Free Video to MP3 Converter version 5.0.17.825
Free YouTube Download version 3.1.37.918
Free YouTube to MP3 Converter version 3.11.29.825
GameMaker 8.1
Google Chrome
Google Earth Plug-in
Google Update Helper
Heyer's Video-Cover 4
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
loadtbs-3.0
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 15.0.1 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 15.0 (x86 de)
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser und SDK
MTA:SA v1.3
NVIDIA PhysX
OpenOffice.org 3.4.1
Pazera Free MP4 to AVI Converter 1.6
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shutdown Timer
Steam
Unity
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vegas Pro 11.0
Visitenkarten in 2 Minuten
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== End Of File ===========================

DANKE DAS DU MIR HILFST!!!!!!!!!!

Psychotic 08.10.2012 19:59
Ich helfe gerne! :)

Wegen dem Kennwort brauchst du dir keine Sorgen zu machen...


Schritt 1: Software deinstallieren

  • Klicke Start-->Systemsteuerung.
  • Öffne Programme und Funktionen.
  • Suche und deinstalliere folgende Einträge:
    Zitat:
    Ask Toolbar
    Avira SearchFree Toolbar plus Web Protection Updater
  • Schließe das Fenster.



Schritt 2: Combofix


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

F4c3d0wn 08.10.2012 20:51
Also: Wegen Schritt 1: Der Updater von Avira habe ich deinstalliert.

Aber die Ask Toolbar ist mir vor einigen Tagen schonmal aufgefallen, aber nun finde ich sie WIRKLICH nicht in dem Fenster (Programme deinstallieren), ich habe mehreremale alles durchsucht.

Psychotic 09.10.2012 06:21
Wenn du sie nicht findest, mach weiter mit Schritt 2!

F4c3d0wn 09.10.2012 08:31
Habe Combofix.exe durchlaufen lassen, als erfertig war hat er sich selber neugestartet, eine Fehlermeldung oder etc. habe ich nicht bekommen.

Hier der Code:

[Code]
Combofix Logfile:
Code:
ComboFix 12-10-08.03 - Jonas 08/10/2012  21:58:29.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4091.2381 [GMT 2:00]
ausgeführt von:: c:\users\Jonas\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-08 bis 2012-10-08  ))))))))))))))))))))))))))))))
.
.
2012-10-08 20:39 . 2012-10-08 20:39        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-10-08 20:39 . 2012-10-08 20:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-07 20:05 . 2012-10-07 20:05        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Avira
2012-10-07 19:59 . 2012-09-24 07:58        27800        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-10-07 19:59 . 2012-09-13 13:52        99248        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-10-07 19:59 . 2012-09-13 13:52        129576        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-10-07 19:59 . 2012-10-07 19:59        --------        d-----w-        c:\programdata\Avira
2012-10-07 19:59 . 2012-10-07 19:59        --------        d-----w-        c:\program files (x86)\Avira
2012-10-06 19:42 . 2012-10-06 19:42        --------        d-----w-        c:\users\Jonas\AppData\Local\Logitech
2012-10-06 19:27 . 2012-10-06 19:27        --------        d-----w-        c:\program files\Common Files\Logitech
2012-10-06 19:27 . 2012-10-06 19:27        --------        d-----w-        c:\program files\Logitech
2012-10-06 18:09 . 2012-10-06 18:09        --------        d-----w-        c:\users\Jonas\AppData\Local\Bus Simulator 2012
2012-10-06 17:58 . 2012-10-06 17:58        --------        d-----w-        c:\program files (x86)\astragon
2012-10-06 14:01 . 2012-10-07 06:18        --------        d-----w-        c:\programdata\boost_interprocess
2012-10-06 14:00 . 2012-10-06 14:01        --------        d-----w-        c:\users\Jonas\AppData\Roaming\FreeVideoConverter
2012-10-06 14:00 . 2012-10-06 14:00        --------        d-----w-        c:\program files (x86)\Free Video Converter
2012-10-06 11:57 . 2012-10-06 12:01        --------        d-----w-        C:\NDSCreator
2012-10-05 12:25 . 2012-10-05 12:31        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Unity
2012-10-05 12:23 . 2012-10-05 12:25        --------        d-----w-        c:\programdata\PACE Anti-Piracy
2012-10-05 12:23 . 2012-10-05 12:25        --------        d-----w-        c:\users\Jonas\AppData\Roaming\PACE Anti-Piracy
2012-10-05 12:23 . 2012-10-05 12:23        --------        d-----w-        c:\users\Jonas\AppData\Local\PACE Anti-Piracy
2012-10-05 12:23 . 2012-10-05 12:23        --------        d-----w-        c:\program files (x86)\Common Files\PACE Anti-Piracy
2012-10-05 12:21 . 2012-10-05 12:25        --------        d-----w-        c:\users\Jonas\AppData\Local\Unity
2012-10-05 12:15 . 2012-10-05 12:21        --------        d-----w-        c:\program files (x86)\Unity
2012-10-04 17:54 . 2012-10-04 17:54        --------        d-----w-        c:\users\Jonas\AppData\Local\GameMaker8.1
2012-10-04 17:53 . 2012-10-04 17:53        --------        d-----w-        c:\users\Jonas\AppData\Local\YoYo_Games_Ltd
2012-10-04 17:40 . 2012-10-06 06:41        --------        d-----w-        c:\program files (x86)\ChatZum Toolbar
2012-10-04 17:39 . 2012-10-04 18:10        --------        d-----w-        c:\users\Jonas\AppData\Roaming\GameMaker
2012-10-04 17:39 . 2012-10-04 17:39        --------        d-----w-        c:\users\Jonas\GameMaker 8.1
2012-10-04 15:56 . 2012-10-04 15:56        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%
2012-10-04 15:44 . 2012-10-05 12:04        --------        d-----w-        C:\devkitPro
2012-10-04 15:13 . 2010-08-24 18:39        560128        ----a-w-        c:\windows\SysWow64\ScintillaNet.dll
2012-10-04 15:13 . 2010-08-24 18:39        560128        ----a-w-        c:\windows\ScintillaNet.dll
2012-10-04 15:13 . 2010-08-24 18:39        408576        ----a-w-        c:\windows\SysWow64\SciLexer.dll
2012-10-04 15:13 . 2010-08-24 18:39        408576        ----a-w-        c:\windows\SciLexer.dll
2012-10-04 15:13 . 2012-10-05 11:56        --------        d-----w-        c:\program files (x86)\DS Game Maker
2012-10-04 15:11 . 2012-10-04 15:11        --------        d-----w-        c:\users\Jonas\AppData\Local\Babylon
2012-10-04 12:23 . 2012-10-04 12:23        --------        d-----w-        c:\users\Jonas\AppData\Local\European Bus Simulator 2012
2012-10-03 18:40 . 2012-10-03 18:40        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Sinvise Systems
2012-10-03 18:40 . 2012-10-03 18:40        --------        d-----w-        c:\program files (x86)\Sinvise Systems
2012-10-03 14:19 . 2012-10-03 14:19        --------        d-----w-        c:\users\Jonas\AppData\Local\DownTango
2012-10-03 14:19 . 2012-10-03 14:19        --------        d-----w-        c:\program files (x86)\Red Sky
2012-10-03 14:17 . 2012-10-03 14:17        --------        d-----w-        c:\programdata\Browser Manager
2012-10-03 14:15 . 2012-10-03 14:18        --------        d-----w-        c:\programdata\Tarma Installer
2012-10-03 13:13 . 2012-10-03 13:13        --------        d-----w-        c:\program files (x86)\N3V Games
2012-10-01 16:50 . 2012-10-01 16:50        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Fighters
2012-10-01 16:50 . 2012-10-01 16:50        --------        d-----w-        c:\programdata\Fighters
2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-01 14:22 . 2012-10-01 14:22        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-30 07:53 . 2012-09-30 07:53        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Satmap
2012-09-30 07:52 . 2012-09-30 07:52        --------        d-----w-        c:\users\Jonas\AppData\Local\Satmap_Systems_Ltd
2012-09-29 12:19 . 2012-09-29 12:19        --------        d-----w-        c:\users\Jonas\AppData\Roaming\SF Software
2012-09-29 12:19 . 2012-09-29 12:19        --------        d-----w-        c:\users\Jonas\AppData\Local\SF
2012-09-29 12:10 . 2012-09-29 12:20        --------        d-----w-        c:\programdata\SF
2012-09-29 11:57 . 2012-09-29 11:57        --------        d-----w-        c:\program files (x86)\Sigel
2012-09-26 13:55 . 2012-08-21 11:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-26 13:54 . 2012-09-26 13:54        --------        d-----w-        c:\program files\iPod
2012-09-26 13:53 . 2012-09-26 13:55        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-26 13:53 . 2012-09-26 13:55        --------        d-----w-        c:\program files\iTunes
2012-09-26 13:53 . 2012-09-26 13:55        --------        d-----w-        c:\program files (x86)\iTunes
2012-09-26 13:38 . 2012-08-21 21:01        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-09-20 16:32 . 2012-09-20 16:32        --------        d-----w-        c:\users\Jonas\AppData\Roaming\PDAppFlex
2012-09-20 14:05 . 2012-09-20 14:55        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2012-09-18 18:58 . 2012-09-18 18:58        --------        d-----w-        c:\programdata\Synetic
2012-09-18 18:58 . 2012-09-18 18:58        --------        d-----w-        c:\users\Jonas\AppData\Roaming\ProtectDISC
2012-09-18 18:56 . 2012-09-18 18:56        --------        d--h--w-        c:\windows\msdownld.tmp
2012-09-17 11:48 . 2012-09-17 11:48        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-09-17 11:48 . 2012-09-17 11:48        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 11:48 . 2012-09-17 11:48        --------        d-----w-        c:\program files (x86)\Java
2012-09-15 20:26 . 2012-09-15 20:26        --------        d-----w-        c:\users\Jonas\AppData\Local\fontconfig
2012-09-15 20:26 . 2012-09-22 12:55        --------        d-----w-        c:\users\Jonas\.gimp-2.8
2012-09-15 20:26 . 2012-09-15 20:26        --------        d-----w-        c:\users\Jonas\AppData\Local\gegl-0.2
2012-09-15 20:25 . 2012-09-15 20:26        --------        d-----w-        c:\program files\GIMP 2
2012-09-14 15:07 . 2012-09-14 15:07        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-14 11:38 . 2012-09-14 11:39        --------        d-----w-        c:\users\Jonas\AppData\Roaming\Steganos
2012-09-12 15:59 . 2012-09-12 16:06        --------        d-----w-        c:\program files (x86)\FIFA 12
2012-09-12 15:56 . 2012-09-12 15:56        --------        d-----w-        c:\users\Jonas\AppData\Roaming\PowerISO
2012-09-12 15:17 . 2012-09-12 15:17        --------        d-----w-        c:\users\Jonas\AppData\Local\CrashRpt
2012-09-12 14:01 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-12 14:01 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:01 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-12 14:01 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2012-09-12 14:01 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:01 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-12 14:01 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 16:30 . 2012-09-11 16:30        --------        d-----w-        c:\users\Jonas\AppData\Roaming\convert
2012-09-11 16:30 . 2012-09-11 16:30        --------        d-----w-        c:\users\Jonas\AppData\Roaming\loadtbs
2012-09-11 14:06 . 2012-09-11 14:06        --------        d-----w-        c:\program files (x86)\pazera-software
2012-09-10 18:48 . 2012-09-10 18:48        --------        d-----w-        c:\programdata\Pinnacle
2012-09-10 18:48 . 2012-09-10 18:48        --------        d-----w-        c:\users\Jonas\AppData\Local\Downloaded Installations
2012-09-09 17:29 . 2012-09-09 17:29        --------        d-----w-        c:\program files (x86)\MSXML 4.0
2012-09-09 17:29 . 2012-09-09 17:29        --------        d-----w-        c:\program files (x86)\Common Files\Microsoft Games
2012-09-09 17:00 . 2012-09-09 17:00        --------        d-----w-        c:\program files (x86)\Microsoft Games
2012-09-09 16:58 . 2012-09-09 16:58        --------        d-----w-        c:\program files (x86)\Common Files\InstallShield
2012-09-09 16:51 . 2012-09-09 16:51        --------        d--h--w-        c:\programdata\Common Files
2012-09-09 16:51 . 2012-08-17 04:41        126944        ----a-w-        c:\windows\system32\drivers\scdemu.sys
2012-09-09 16:51 . 2012-09-09 16:52        --------        d-----w-        c:\program files (x86)\PowerISO
2012-09-09 14:06 . 2012-09-09 14:06        --------        d-----w-        c:\users\Jonas\AppData\Local\APN
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 20:42 . 2012-09-02 14:26        4194304        ----a-w-        c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-17 11:48 . 2012-06-23 18:50        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-09-17 11:48 . 2012-06-23 18:50        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-09-12 19:03 . 2012-06-23 20:03        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-08-30 13:22 . 2012-07-09 16:19        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 13:22 . 2012-07-09 16:19        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-30 07:27 . 2012-10-02 16:36        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2FFD5F8-B247-4BC3-A2AB-24C0D5D7332E}\mpengine.dll
2012-08-29 23:15 . 2012-08-29 23:15        3782214        ----a-w-        C:\chatzum_nt.exe
2012-08-24 13:58 . 2012-06-13 18:27        405152        ----a-w-        c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-08-21 11:01 . 2012-06-13 18:22        125872        ----a-w-        c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-06-13 18:22        106928        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2012-08-18 14:18 . 2012-08-18 14:18        2297552        ----a-w-        c:\windows\SysWow64\d3dx9_26.dll
2012-07-27 09:48 . 2011-03-28 16:36        19720        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-18 18:15 . 2012-08-16 13:27        3148800        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\Jonas\AppData\Roaming\loadtbs\toolbar.dll" [2012-08-03 616448]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-07 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
tbhcn.lnk - c:\users\Jonas\AppData\Roaming\BrowserCompanion\tbhcn.exe [2012-7-2 695448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23762~1.17\{16cdf~1\browsemngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-14 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-02 2201112]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 13:22]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 18:00]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 18:00]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000Core.job
- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 10:15]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000UA.job
- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 10:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
user_pref(browser.newtab.url, search.chatzum.com);FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL -  hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5afdc74600000000000000262d631707&q=
FF - user.js: extensions.BabylonToolbar.id - 5afdc74600000000000000262d631707
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15616
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.716:17
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Toolbar-10 - (no file)
WebBrowser-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"=hex:51,66,7a,6c,4c,1d,38,12,80,ce,fc,
  db,28,81,a6,0a,f7,bb,51,d8,77,47,c7,66
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
  ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{00CBB66B-1D3B-46D3-9577-323A336ACB50}"=hex:51,66,7a,6c,4c,1d,38,12,05,b5,d8,
  04,09,53,bd,03,ea,61,71,7a,36,34,8f,44
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
  72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{963B125B-8B21-49A2-A3A8-E37092276531}"=hex:51,66,7a,6c,4c,1d,38,12,35,11,28,
  92,13,c5,cc,0c,dc,be,a0,30,97,79,21,25
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
  ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:15,10,d4,ff,7d,9d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,32,d9,11,c5,e8,c4,40,8b,b0,24,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,32,d9,11,c5,e8,c4,40,8b,b0,24,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-08  22:50:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-08 20:50
.
Vor Suchlauf: 31 Verzeichnis(se), 47.028.129.792 Bytes frei
Nach Suchlauf: 39 Verzeichnis(se), 46.743.916.544 Bytes frei
.
- - End Of File - - 62F9418D558859934DB76CA2170B7B34
--- --- ---


Ist der Trojaner/Virus damit weg, das Problem nun behoben, oder was haben die bisherigen Schritte gebracht?


Achja, und was ich anfangs vergessen hatte: Ich habe Windows 7 mit einem 64-Bit-Betriebsystem!

Nochmals RIESEN DANKESCHÖN, dass Du mir hilfst!!!

Psychotic 09.10.2012 08:54
sind noch Reste da...

Scan mit adwCleaner



Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

F4c3d0wn 09.10.2012 08:59
So das Ergebniss:

Code:
# AdwCleaner v2.004 - Datei am 09/10/2012 um 09:57:46 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jonas - JONAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\browsemngr.xml
Datei Gefunden : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Jonas\AppData\Local\APN
Ordner Gefunden : C:\Users\Jonas\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Jonas\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Jonas\AppData\LocalLow\bbrs_002.tb
Ordner Gefunden : C:\Users\Jonas\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\BrowserCompanion
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\loadtbs
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\extensions\ffxtlbr@babylon.com
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\extensions\staged

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23762~1.17\{16cdf~1\browsemngr.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\Software\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gefunden : HKU\S-1-5-21-684478495-2098680302-1758085873-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-684478495-2098680302-1758085873-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-684478495-2098680302-1758085873-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKU\S-1-5-21-684478495-2098680302-1758085873-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://isearch.babylon.com/?affID=112555&tt=031012_ccp_4012_6&babsrc=HP_ss&mntrId=5afdc74600000000000000262d631707

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\prefs.js

Gefunden : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale[...]
Gefunden : user_pref("browser.newtab.url", "search.chatzum.com");user_pref("browser.search.selectedEngine", "As[...]
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("keyword.URL",  "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");

-\\ Google Chrome v22.0.1229.92

Datei : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.8] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",
Gefunden [l.13] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/414", "hxxps://www.google.de/" ]
Gefunden [l.44] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gefunden [l.47] : keyword = "ask.com",
Gefunden [l.50] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=2c691f30-d602-4086-92dd-b3451bcdcdb2&apn_ptnrs=%5EAGS&apn_sauid=D552E4E5-ADBD-4CC0-98DF-C6C07FCC1609&apn_dtid=%5EYYYYYY%5EVL%5EDE&q={searchTerms}",
Gefunden [l.51] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"
Gefunden [l.1386] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",
Gefunden [l.1795] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/414", "hxxps://www.google.de/" ]

*************************

AdwCleaner[R1].txt - [13218 octets] - [09/10/2012 09:57:46]

########## EOF - C:\AdwCleaner[R1].txt - [13279 octets] ##########
Noch eine Frage: Kann es sein, wenn ich später in einem halben Jahr mal Windows neu aufspielen sollte (auch wenn bei meinem Acer Aspire 7738G keine CD dabei war, nur ein Windows-Key unter dem Laptop, dann werde ich mir wohl von jemandem die CD leihen müssen), dass sich dann der Virus evtl. auch noch im BIOS festgesetzt hat?

Psychotic 09.10.2012 09:20
Schritt 1: Fix mit adwCleaner

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2: Neues OTL-Log


[*]Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"[*]Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output[*]Unter Extra Registry, wähle bitte Use SafeList[*]Klicke nun auf Run Scan links oben[*]Wenn der Scan beendet wurde werden 2 Logfiles erstellt[*]Poste die Logfiles hier in den Thread.[/list]

Keine Sorge!
Es gibt zwar Viren, die das BIOS angreifen, jedoch sind diese extrem selten.

F4c3d0wn 09.10.2012 09:32
Anscheinend hat der AWDCleaner versucht, meine Startseite in GoogleChrome zu endern (endlich, hatt ich auch schon lange vor), er ist aber irgendwie dabei gescheitert, habe nämlich eine Meldung bekommen und die Starteseite nun eigenhändig in "hxxp://www.google.de/" verändert.

Nun der Code vom ADWCleaner:

Code:

# AdwCleaner v2.004 - Datei am 09/10/2012 um 10:23:51 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jonas - JONAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\browsemngr.xml
Datei Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\Search_Results.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Jonas\AppData\Local\APN
Ordner Gelöscht : C:\Users\Jonas\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Jonas\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Jonas\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Jonas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\extensions\staged

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23762~1.17\{16cdf~1\browsemngr.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKU\S-1-5-21-684478495-2098680302-1758085873-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\prefs.js

C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale[...]
Gelöscht : user_pref("browser.newtab.url", "search.chatzum.com");user_pref("browser.search.selectedEngine", "As[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("keyword.URL",  "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");

-\\ Google Chrome v22.0.1229.92

Datei : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.8] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",
Gelöscht [l.13] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/414", "hxxps://www.google.de/" ]
Gelöscht [l.44] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.47] : keyword = "ask.com",
Gelöscht [l.50] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=2c691f30-d602-4086-92dd-b3451bcdcdb2&apn_ptnrs=%5EAGS&apn_sauid=D552E4E5-ADBD-4CC0-98DF-C6C07FCC1609&apn_dtid=%5EYYYYYY%5EVL%5EDE&q={searchTerms}",
Gelöscht [l.51] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"
Gelöscht [l.1386] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",
Gelöscht [l.1824] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/414", "hxxps://www.google.de/" ]

*************************

AdwCleaner[R1].txt - [13327 octets] - [09/10/2012 09:57:46]
AdwCleaner[S1].txt - [12880 octets] - [09/10/2012 10:23:51]

########## EOF - C:\AdwCleaner[S1].txt - [12941 octets] ##########
BZW Diese Seite hier also der Beitrag ändert http immer in hxxp. Komisch!

So: Der 1. OTL.txt Bericht:

OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 09/10/2012 10:33:58 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,60% Memory free
7,99 Gb Paging File | 6,07 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 249,80 Gb Total Space | 43,35 Gb Free Space | 17,36% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,17 Mb Free Space | 70,17% Space Free | Partition Type: NTFS
Drive E: | 106,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.15.10_0\sqlite3.dll ()
MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.15.10_0\ch20UPD.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\pdf.dll ()
MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\libglesv2.dll ()
MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\libegl.dll ()
MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\avutil-51.dll ()
MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\avformat-54.dll ()
MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\avcodec-54.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 C7 6B 3C 81 49 CD 01  [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0F1D570E-5D58-4E0A-A6A7-7D86BB0D99F0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VL^DE&apn_uid=2c691f30-d602-4086-92dd-b3451bcdcdb2&apn_sauid=D552E4E5-ADBD-4CC0-98DF-C6C07FCC1609
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jonas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Password Manager 12\spmplugin3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/01 16:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/01 16:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012/10/06 17:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jonas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
 
O1 HOSTS File: ([2012/10/08 22:42:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D53C6F-7AE8-4C70-AD89-77F453161D87}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFCF837-D0B4-4D4E-908C-8AE06C0051FB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 23:27:26 | 000,000,039 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/09 10:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin
[2012/10/09 10:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2012/10/09 10:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2012/10/08 22:42:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/08 22:42:53 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2012/10/08 22:39:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/08 21:55:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/08 21:55:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/08 21:55:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/08 21:54:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/08 21:54:31 | 000,000,000 | ---D | C] -- \Qoobox
[2012/10/08 21:54:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/08 19:20:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jonas\Desktop\dds.com
[2012/10/08 17:52:06 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012/10/08 17:49:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012/10/08 17:46:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012/10/07 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/10/07 21:59:05 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/10/07 21:59:05 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/10/07 21:59:05 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/10/07 21:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/10/07 21:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/10/06 21:42:28 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Logitech
[2012/10/06 21:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/10/06 21:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012/10/06 21:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/10/06 20:09:14 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\Bus Simulator 2012
[2012/10/06 20:09:14 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Bus Simulator 2012
[2012/10/06 20:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus-Simulator 2012
[2012/10/06 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\DeutschProjekt =.=
[2012/10/06 19:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\astragon
[2012/10/06 16:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
[2012/10/06 16:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Video Converter
[2012/10/06 13:57:48 | 000,000,000 | ---D | C] -- C:\NDSCreator
[2012/10/06 13:57:48 | 000,000,000 | ---D | C] -- \NDSCreator
[2012/10/05 14:23:33 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\PACE Anti-Piracy
[2012/10/05 14:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012/10/05 14:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
[2012/10/05 14:21:14 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Unity
[2012/10/05 14:19:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2012/10/05 14:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2012/10/05 14:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity
[2012/10/04 19:54:09 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\GameMaker8.1
[2012/10/04 19:53:57 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\YoYo_Games_Ltd
[2012/10/04 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Jonas\GameMaker 8.1
[2012/10/04 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker 8.1
[2012/10/04 17:56:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/10/04 17:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devkitPro
[2012/10/04 17:44:28 | 000,000,000 | ---D | C] -- C:\devkitPro
[2012/10/04 17:44:28 | 000,000,000 | ---D | C] -- \devkitPro
[2012/10/04 17:13:45 | 000,560,128 | ---- | C] (ScintillaNet Team) -- C:\Windows\SysWow64\ScintillaNet.dll
[2012/10/04 17:13:45 | 000,560,128 | ---- | C] (ScintillaNet Team) -- C:\Windows\ScintillaNet.dll
[2012/10/04 17:13:45 | 000,408,576 | ---- | C] (Neil Hodgson neilh@scintilla.org) -- C:\Windows\SysWow64\SciLexer.dll
[2012/10/04 17:13:45 | 000,408,576 | ---- | C] (Neil Hodgson neilh@scintilla.org) -- C:\Windows\SciLexer.dll
[2012/10/04 17:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DS Game Maker
[2012/10/04 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\European Bus Simulator 2012
[2012/10/04 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\European Bus Simulator 2012
[2012/10/03 20:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sinvise Systems
[2012/10/03 20:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sinvise Systems
[2012/10/03 16:19:46 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\DownTango
[2012/10/03 16:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2012/10/03 16:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/10/03 16:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/10/03 15:13:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\N3V Games
[2012/10/02 20:26:10 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\SprecheSpeech
[2012/10/02 20:01:03 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\{08B1FC16-6D7A-4844-89E5-ECE7A180CE56}
[2012/10/01 18:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012/10/01 18:22:59 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Fernsehturm Bilder
[2012/10/01 17:06:09 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\{1198A11C-6516-48AF-A8F6-46ED37D18BC9}
[2012/10/01 16:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/10/01 15:49:53 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12
[2012/09/30 09:52:50 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Satmap_Systems_Ltd
[2012/09/29 14:19:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\SF
[2012/09/29 14:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SF
[2012/09/29 14:08:01 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\CAM Development
[2012/09/29 13:57:45 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel
[2012/09/29 13:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel
[2012/09/29 13:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sigel
[2012/09/28 14:06:29 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Mozilla
[2012/09/28 14:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/28 14:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/09/26 15:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/09/26 15:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/26 15:55:53 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/09/26 15:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/26 15:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/26 15:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/09/26 15:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/26 15:38:08 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/23 17:13:43 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Picture
[2012/09/23 17:11:04 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Spiele
[2012/09/23 17:10:41 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Programme
[2012/09/22 22:54:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 22:54:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 22:54:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 22:54:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 22:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 22:54:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 22:54:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 22:54:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 22:54:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 22:54:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 22:54:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 22:54:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 22:54:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 22:54:44 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 22:54:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/21 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Neuer Ordner
[2012/09/18 20:58:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012/09/18 20:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Synetic
[2012/09/18 20:56:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/09/17 13:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/17 13:48:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/17 13:48:26 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/17 13:48:26 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/17 13:48:26 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/17 13:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/09/15 22:26:27 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\fontconfig
[2012/09/15 22:26:25 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\gegl-0.2
[2012/09/15 22:26:25 | 000,000,000 | ---D | C] -- C:\Users\Jonas\.gimp-2.8
[2012/09/15 22:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/15 17:50:30 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\Oberstufe_Bewerbung
[2012/09/15 11:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\{648658F6-667E-419B-BEDA-8F16A2F92A31}
[2012/09/14 17:07:13 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/09/14 13:38:50 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\vom Stick
[2012/09/12 18:10:01 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\FIFA 12
[2012/09/12 17:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FIFA 12
[2012/09/12 17:17:54 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\CrashRpt
[2012/09/12 16:01:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 16:01:49 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 16:01:48 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 16:01:48 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/11 16:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pazera Free MP4 to AVI Converter
[2012/09/11 16:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pazera-software
[2012/09/10 20:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2012/09/10 20:48:13 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Downloaded Installations
[2012/09/10 20:07:35 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\{7468D293-9D03-4BEC-8C37-56DE9E712827}
[2012/09/10 17:42:09 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Youtube
[2012/09/09 19:45:49 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\Flight Simulator X Files
[2012/09/09 19:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/09/09 19:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2012/09/09 19:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2012/09/09 18:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/09/09 18:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/09/09 18:51:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/09 18:51:22 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/09 10:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/09 10:33:58 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 10:33:58 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 10:30:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000UA.job
[2012/10/09 10:25:57 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/09 10:25:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/09 10:25:37 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/09 10:12:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/09 09:57:26 | 000,538,327 | ---- | M] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012/10/08 22:42:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/08 19:20:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jonas\Desktop\dds.com
[2012/10/08 18:30:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000Core.job
[2012/10/08 18:28:20 | 000,000,512 | ---- | M] () -- C:\Users\Jonas\Desktop\MBR.dat
[2012/10/08 17:52:05 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe
[2012/10/08 17:47:59 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe
[2012/10/08 17:46:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012/10/07 21:59:43 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/10/07 21:58:41 | 001,498,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/07 21:58:41 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/10/07 21:58:41 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/07 21:58:41 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/10/07 21:58:41 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/06 20:08:18 | 000,001,432 | ---- | M] () -- C:\Users\Jonas\Desktop\Bus-Simulator 2012 (Basic-Version).lnk
[2012/10/06 20:08:18 | 000,001,425 | ---- | M] () -- C:\Users\Jonas\Desktop\Bus-Simulator 2012 (High-Version).lnk
[2012/10/06 11:16:19 | 000,131,944 | ---- | M] () -- C:\Users\Jonas\Desktop\Deutschprojekt.avi.sfk
[2012/10/05 14:19:22 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/10/05 13:53:13 | 000,013,508 | ---- | M] () -- C:\Users\Jonas\Documents\Erstes_PCSpiel.Jonas.gm81
[2012/10/04 22:29:08 | 000,011,747 | ---- | M] () -- C:\Users\Jonas\Documents\Erstes_PCSpiel.Jonas.gb1
[2012/10/03 16:19:59 | 000,000,014 | ---- | M] () -- C:\end
[2012/10/02 22:07:37 | 000,007,625 | ---- | M] () -- C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
[2012/10/02 21:29:36 | 001,332,248 | ---- | M] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv.sfk
[2012/10/02 21:20:55 | 170,519,576 | ---- | M] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv.sfap0
[2012/10/02 21:04:19 | 2494,600,995 | ---- | M] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv
[2012/10/01 18:46:16 | 000,008,680 | ---- | M] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv.sfk
[2012/10/01 18:44:52 | 001,102,232 | ---- | M] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv.sfap0
[2012/10/01 18:41:13 | 001,680,597 | ---- | M] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv
[2012/10/01 17:21:57 | 000,116,268 | ---- | M] () -- C:\Users\Jonas\Desktop\Fernsehturm-Duesseldorf-a18252073.jpg
[2012/10/01 16:22:05 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/09/29 15:55:51 | 000,000,421 | ---- | M] () -- C:\Users\Jonas\Documents\Visitenkarte_JH.v2m
[2012/09/29 13:57:45 | 000,001,191 | ---- | M] () -- C:\Users\Jonas\Desktop\Visitenkarten In 2 Minuten.lnk
[2012/09/28 20:41:02 | 000,085,619 | ---- | M] () -- C:\Users\Jonas\Desktop\Namensschild.c4d
[2012/09/28 20:18:18 | 000,972,932 | ---- | M] () -- C:\Users\Jonas\Desktop\WalserwegIcon.tif
[2012/09/28 20:14:00 | 000,019,861 | ---- | M] () -- C:\Users\Jonas\Desktop\mountains-hi.png
[2012/09/28 20:02:49 | 000,000,835 | ---- | M] () -- C:\Users\Jonas\Desktop\16.9WEIßwp.jpg
[2012/09/28 19:36:18 | 000,002,741 | ---- | M] () -- C:\Users\Jonas\Desktop\icon_big_berge.png
[2012/09/28 19:25:09 | 000,809,688 | ---- | M] () -- C:\Users\Jonas\Documents\DerWalserwegDerFilm.veg
[2012/09/28 19:24:41 | 000,809,688 | ---- | M] () -- C:\Users\Jonas\Documents\DerWalserwegDerFilm.veg.bak
[2012/09/24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/09/23 21:19:56 | 169,015,127 | ---- | M] () -- C:\Users\Jonas\Desktop\iPhone 4 - Test HD - Deutsch_German.mp4
[2012/09/22 14:54:39 | 000,006,560 | ---- | M] () -- C:\Users\Jonas\AppData\Local\recently-used.xbel
[2012/09/22 13:15:12 | 005,058,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/21 15:12:46 | 000,152,284 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/18 21:00:58 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000017B4.LCS
[2012/09/17 13:48:20 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/09/17 13:48:20 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/17 13:48:20 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/17 13:48:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/17 13:48:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/17 13:48:20 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/14 17:07:13 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/09/14 13:37:47 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI
[2012/09/13 15:52:59 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/09/13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/09/10 20:48:24 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/09/10 20:47:36 | 000,022,440 | ---- | M] () -- C:\Users\Jonas\Documents\KommaFavouAbonnDanke_bearb.veg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/09 09:57:29 | 000,538,327 | ---- | C] () -- C:\Users\Jonas\Desktop\adwcleaner.exe
[2012/10/08 21:55:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/08 21:55:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/08 21:55:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/08 21:55:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/08 21:55:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/08 18:28:20 | 000,000,512 | ---- | C] () -- C:\Users\Jonas\Desktop\MBR.dat
[2012/10/07 21:59:43 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/10/06 20:08:18 | 000,001,432 | ---- | C] () -- C:\Users\Jonas\Desktop\Bus-Simulator 2012 (Basic-Version).lnk
[2012/10/06 20:08:18 | 000,001,425 | ---- | C] () -- C:\Users\Jonas\Desktop\Bus-Simulator 2012 (High-Version).lnk
[2012/10/06 11:10:51 | 000,131,944 | ---- | C] () -- C:\Users\Jonas\Desktop\Deutschprojekt.avi.sfk
[2012/10/05 14:19:22 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/10/04 20:43:04 | 000,013,508 | ---- | C] () -- C:\Users\Jonas\Documents\Erstes_PCSpiel.Jonas.gm81
[2012/10/04 20:43:04 | 000,011,747 | ---- | C] () -- C:\Users\Jonas\Documents\Erstes_PCSpiel.Jonas.gb1
[2012/10/03 16:19:36 | 000,000,014 | ---- | C] () -- C:\end
[2012/10/03 16:19:36 | 000,000,014 | ---- | C] () -- \end
[2012/10/02 22:07:37 | 000,007,625 | ---- | C] () -- C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
[2012/10/02 20:08:26 | 2494,600,995 | ---- | C] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv
[2012/10/01 18:45:32 | 000,008,680 | ---- | C] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv.sfk
[2012/10/01 18:44:55 | 001,332,248 | ---- | C] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv.sfk
[2012/10/01 18:43:10 | 170,519,576 | ---- | C] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv.sfap0
[2012/10/01 18:43:10 | 001,102,232 | ---- | C] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv.sfap0
[2012/10/01 18:40:49 | 001,680,597 | ---- | C] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv
[2012/10/01 17:21:49 | 000,116,268 | ---- | C] () -- C:\Users\Jonas\Desktop\Fernsehturm-Duesseldorf-a18252073.jpg
[2012/10/01 16:22:05 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/09/29 15:55:51 | 000,000,421 | ---- | C] () -- C:\Users\Jonas\Documents\Visitenkarte_JH.v2m
[2012/09/29 13:57:45 | 000,001,191 | ---- | C] () -- C:\Users\Jonas\Desktop\Visitenkarten In 2 Minuten.lnk
[2012/09/28 20:41:02 | 000,085,619 | ---- | C] () -- C:\Users\Jonas\Desktop\Namensschild.c4d
[2012/09/28 20:18:18 | 000,972,932 | ---- | C] () -- C:\Users\Jonas\Desktop\WalserwegIcon.tif
[2012/09/28 20:14:00 | 000,019,861 | ---- | C] () -- C:\Users\Jonas\Desktop\mountains-hi.png
[2012/09/28 20:02:49 | 000,000,835 | ---- | C] () -- C:\Users\Jonas\Desktop\16.9WEIßwp.jpg
[2012/09/28 19:36:17 | 000,002,741 | ---- | C] () -- C:\Users\Jonas\Desktop\icon_big_berge.png
[2012/09/28 14:06:26 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/23 21:13:00 | 169,015,127 | ---- | C] () -- C:\Users\Jonas\Desktop\iPhone 4 - Test HD - Deutsch_German.mp4
[2012/09/22 14:54:39 | 000,006,560 | ---- | C] () -- C:\Users\Jonas\AppData\Local\recently-used.xbel
[2012/09/21 15:12:46 | 000,152,284 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/18 20:58:04 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000017B4.LCS
[2012/09/15 22:26:13 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/09/14 13:37:46 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012/09/12 18:06:50 | 000,001,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12.lnk
[2012/09/10 20:48:23 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/09/10 20:47:36 | 000,022,440 | ---- | C] () -- C:\Users\Jonas\Documents\KommaFavouAbonnDanke_bearb.veg
[2012/08/31 15:52:40 | 000,008,192 | ---- | C] () -- C:\Users\Jonas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/30 01:15:30 | 003,782,214 | ---- | C] () -- \chatzum_nt.exe
[2012/06/16 12:54:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/06 11:48:02 | 000,000,121 | ---- | C] () -- \RunDism.bat
[2010/11/16 19:38:50 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2010/11/16 19:38:50 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2010/07/16 12:21:33 | 000,171,136 | RHS- | C] () -- \w7ldr
[2009/11/07 00:12:32 | 000,003,839 | RHS- | C] () -- \Patch.rev
[2009/11/06 15:24:28 | 3217,235,968 | -HS- | C] () -- \hiberfil.sys
[2009/08/22 08:01:21 | 000,000,212 | RHS- | C] () -- \Preload.rev
[2009/07/27 22:40:53 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009/07/27 22:40:51 | 000,383,562 | RHS- | C] () -- \bootmgr
[2009/07/14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2006/12/01 23:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/10/07 08:18:40 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012/10/07 08:18:40 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 980 bytes -> C:\ProgramData\Microsoft:bFoGjZwR6S3gcbacqfsA4
@Alternate Data Stream - 975 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:yAK9ddzapcQegcs3aYBO
@Alternate Data Stream - 1200 bytes -> C:\ProgramData\Microsoft:xGE3NTMxV4ye5D1WpRO
@Alternate Data Stream - 1067 bytes -> C:\ProgramData\Microsoft:SmWSlDY5XD5NAN2zkN

< End of report >
--- --- ---

--- --- ---

Der 2. Bericht (Extras.txt:

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 09/10/2012 10:33:59 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jonas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,60% Memory free
7,99 Gb Paging File | 6,07 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 249,80 Gb Total Space | 43,35 Gb Free Space | 17,36% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,17 Mb Free Space | 70,17% Space Free | Partition Type: NTFS
Drive E: | 106,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{356785F8-70F0-472A-A47D-6C4348957AC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BF5F8C88-01A9-40DB-9C6D-5D9726F7D1C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D2DB454C-645C-448A-A0B9-B6F6C1D75BA8}" = Garmin Communicator Plugin x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blender" = Blender
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}" = Shutdown Timer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10AF4EF8-4E0B-4BF8-9FA5-D43A4F19FFD8}" = Heyer's Video-Cover 4
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}" = Vegas Pro 11.0
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1" = Cinema 4D version R12
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00
"{8A5458F0-0F3A-486E-8436-6CF05977093F}" = E3MC - Windows Shutdown Timer v5.7 Full
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E883466C-77EC-44AC-8EC8-417A4A16AB3F}" = Garmin Communicator Plugin
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bus-Simulator 2012_is1" = Bus-Simulator 2012
"devkitProUpdater" = devkitProUpdater 1.5.3
"DVDStyler_is1" = DVDStyler v2.2
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"Free Audio Converter_is1" = Free Audio Converter version 5.0.14.627
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.2.2.706
"Free Video Converter_is1" = Free Video Converter V 3.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.17.825
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.29.825
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"loadtbs-3.0" = loadtbs-3.0
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Unity" = Unity
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameMaker81" = GameMaker 8.1
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08/10/2012 11:44:30 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 08/10/2012 11:57:28 | Computer Name = Jonas-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b98    Startzeit:
01cda56d31c86501    Endzeit: 24    Anwendungspfad: C:\Users\Jonas\Desktop\OTL.exe    Berichts-ID:
 d8354282-1160-11e2-ba64-00262d631707 
 
Error - 08/10/2012 12:03:13 | Computer Name = Jonas-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12d4    Startzeit:
 01cda56e179a0558    Endzeit: 4    Anwendungspfad: C:\Users\Jonas\Desktop\OTL.exe    Berichts-ID:
 a7bb77a7-1161-11e2-ba64-00262d631707 
 
Error - 08/10/2012 12:12:55 | Computer Name = Jonas-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 08/10/2012 15:55:42 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 08/10/2012 16:42:46 | Computer Name = Jonas-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden.  Fehlercode: 0x3fa
 
Error - 08/10/2012 16:43:42 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 09/10/2012 03:01:07 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 09/10/2012 03:22:18 | Computer Name = Jonas-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 09/10/2012 04:27:25 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 08/10/2012 16:35:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 08/10/2012 16:36:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 08/10/2012 16:37:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 08/10/2012 16:38:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 08/10/2012 16:39:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 08/10/2012 16:39:05 | Computer Name = Jonas-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08/10/2012 16:40:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 08/10/2012 16:40:11 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 08/10/2012 16:44:02 | Computer Name = Jonas-PC | Source = DCOM | ID = 10010
Description =
 
Error - 09/10/2012 04:23:46 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
NOCHMAL HERZLICHEN DANKE FÜR DEINE HILFE!!!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:45 Uhr.
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131