Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Rogue.KD.853855.1 (https://www.trojaner-board.de/131633-tr-rogue-kd-853855-1-a.html)

Val1985 28.02.2013 00:20
TR/Rogue.KD.853855.1
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Zusammen!

Leider bin ich ein vollkommener Computer-Volltrottel und brauche daher bitte eure Hilfe!

Vorab: ich bin mir nicht sicher, ob ich überhaupt noch ein Viren-Problem habe...

Von Anfang an: Ich habe eine E-Mail mit einer Zahlungsaufforderung (Mahnung irgendeines Internetanbieters) erhalten. In der anhängenden Rechnung in Form einer zip-Datei war ein Trojaner (TR/Rogue.KD.853855.1) enthalten. Beim Öffnen der Datei wurde dieser auch brav von meinem Antivirenprogramm (Avira Internet Security 2012) erkannt und in die Quarantäne verschoben. Blöd nur, dass ich ihn (in der Absicht Ihn ganz los zu werden...) aus der Quarantäne gelöscht und dadurch anscheinend freigesetzt habe. Daraufhin hatte ich keinen Einfluss mehr auf z.B. Firefox, meine Firewall wurde deaktiviert. Ich unterbrach sofort meinen LAN-Zugang und ließ einen Systemscan durchführen. Antivir fand an mehreren verschiedenen Stellen den Trojaner, konnte das Problem aber nicht beheben. Ein Bekannter von mir gab mir den Rat den Laptop "platt zu machen", da er erst ein paar Monate alt ist und ich keine wichtigen Dateien gespeichert hatte. Ich habe das so verstanden, dass er ihn in den Grundzustand zurückversetzt hat. Danach fand Antivir keinen Trojaner mehr. Ich bin mir nun trotzdem unsicher, ob wirklich alles gut ist (kann sich so ein Ding nicht trotzdem noch irgendwo verstecken???). Nutze wie die viele andere den Laptop auch für Bankgeschäfte etc. und möchte einfach sicher sein, dass er sicher ist!

Um mein "Problem" hier vorzustellen,habe ich versucht so gut ich konnte eure Anleitung zu befolgen...Leider bekam ich von OTL nut eine Textdatei (habe es mehrmals versucht...) und Gmer veranlasste Windows zweimal dazu seinen Dienst einzustellen (Fehlermeldung und herunterfahren von Windows), beim nächsten Versuch kam einer Fehlermeldung von Gmer selber. Habe Gmer zweimal neu installiert und immer diese Probleme gehabt. Ich weiß leider nicht, was ich da falsch gemacht haben soll.

Ich weiß, das ist ziemlich wirr! Tue mein Bestes um weitere Informationen zu liefern, wenn mir einer weiterhilft!

Vielleicht hat ja jemand Nerv genug, so nem Trottel wir mir zu helfen...ich wäre wirklich dankbar!!!

cosinus 28.02.2013 09:20
Hallo und :hallo:

Wo bitte steht, dass du die Textlogfiles in eine PDF gießen sollst? :wtf:
Sry das macht hinten und vorne keinen Sinn und erschwert massivst die Auswertung

Zitat:
TR/Rogue.KD.853855.1
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Val1985 28.02.2013 10:56
Hallo Cosinus,

danke, ich dachte mir schon, dass das falsch ist, als ich das anhängen wollte (was offensichtlich auch falsch gewesen wäre) stand da, dass die Datei zu groß sei. Daher dieser Umweg. Ich sagte ja bereits, ich bin ein Computer-Volltrottel und weiß grade mal wie ich das Ding anbekomme und meine Aufgaben erledigen kann...peinlich, aber so ist es nunmal...

Ich hoffe, so ist es nun richtig!?!

Antivir hatte soweit ich mich erinnere nur diesen Namen angegeben. Allerdings kann ich das nun nicht mehr nachsehen (siehe vorherige Nachricht). Das tut mir Leid!

Vielen Dank schonmal und beste Grüße!


Code:
OTL logfile created on: 27.02.2013 23:19:50 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 68,46% Memory free
7,80 Gb Paging File | 6,44 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278,03 Gb Total Space | 234,88 Gb Free Space | 84,48% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 2,12 Gb Free Space | 10,71% Space Free | Partition Type: NTFS
 
Computer Name: ***-HP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.27 18:21:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2013.02.13 18:19:11 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.13 18:19:10 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2013.02.13 18:19:10 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.02.13 18:19:10 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2013.02.13 18:19:10 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.13 18:19:10 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012.02.10 22:53:30 | 000,819,640 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\SymSilent\SymSilent.exe
PRC - [2012.02.10 15:18:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012.02.08 19:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012.02.07 02:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012.01.28 02:40:46 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.12.11 02:48:26 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
PRC - [2011.12.11 02:48:08 | 000,875,336 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe
PRC - [2011.12.11 02:47:40 | 000,148,296 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
PRC - [2011.08.26 14:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011.08.19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.02.22 10:55:50 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.07.14 02:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013.02.27 21:59:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.13 18:19:11 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.13 18:19:10 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013.02.13 18:19:10 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.02.13 18:19:10 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.02.13 18:19:10 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.24 15:12:19 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012.03.04 01:16:40 | 000,313,856 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2012.02.22 03:34:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.08 19:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.08 19:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.08 19:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012.02.07 02:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.02 01:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.02.01 17:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.12.11 02:48:26 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)
SRV - [2011.12.09 05:41:00 | 000,269,640 | ---- | M] (AuthenTec, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\AuthenTec\TrueService.exe -- (TrueService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.13 18:19:11 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2013.02.13 18:19:11 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2013.02.10 14:40:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.10 14:40:59 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.10 14:40:58 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.05.29 10:21:59 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.03.24 23:53:38 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.03.24 23:53:38 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.03.04 01:16:48 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012.03.02 02:39:42 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.03.02 02:39:36 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012.02.22 10:55:56 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012.02.22 10:55:24 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012.02.15 11:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.02.07 18:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012.02.02 04:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.02.02 04:07:18 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.02.02 04:07:18 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2012.02.02 04:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.02 04:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.02 04:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.02 04:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.02.02 01:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.01.28 02:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.28 02:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.28 02:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.12.28 08:15:50 | 000,292,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2011.12.07 04:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.11 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.09.30 02:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.07.28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {71588120-FC17-4463-B07D-2C71FE6E057B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}: "URL" = hxxp://go.findrsearch.com/search/web?q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D8678AFC-7B91-4677-8FD6-8E2546EF28FB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D8678AFC-7B91-4677-8FD6-8E2546EF28FB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.findrsearch.com
IE - HKCU\..\SearchScopes,DefaultScope = {71588120-FC17-4463-B07D-2C71FE6E057B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}: "URL" = hxxp://go.findrsearch.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D8678AFC-7B91-4677-8FD6-8E2546EF28FB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Findr"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.27 21:59:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.10 14:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.02.16 13:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yoz03ecl.default\extensions
[2013.02.16 13:31:18 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\yoz03ecl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.27 21:43:00 | 000,000,564 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\yoz03ecl.default\searchplugins\findr.xml
[2013.02.10 14:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.02.27 21:59:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.01 20:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 20:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.01 20:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 20:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 20:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 20:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\RunOnce: [SymSilent] C:\Program Files (x86)\SymSilent\SymSilent.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E12874-314F-48DF-A5BE-2272891772C5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.27 22:02:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics
[2013.02.27 21:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.27 21:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.27 21:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
[2013.02.27 21:23:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PDF Architect
[2013.02.27 21:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2013.02.27 21:22:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar
[2013.02.27 21:22:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.02.27 21:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.02.27 21:22:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.27 21:22:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.27 21:21:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge
[2013.02.27 21:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.02.27 21:21:53 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013.02.27 21:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.02.27 21:21:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy
[2013.02.27 21:20:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.02.27 19:03:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CrashDumps
[2013.02.27 18:57:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.27 17:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueSuite
[2013.02.16 13:35:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2013.02.16 13:34:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.02.13 19:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.02.13 19:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.13 19:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.13 18:24:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2013.02.10 14:49:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2013.02.10 14:49:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2013.02.10 14:48:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2013.02.10 14:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.10 14:46:00 | 000,141,376 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.02.10 14:46:00 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.10 14:46:00 | 000,114,608 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.02.10 14:46:00 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.10 14:46:00 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.10 14:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.10 14:45:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.10 14:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.10 14:35:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2013.02.10 14:35:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2013.02.10 14:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.02.10 14:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.02.10 14:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.02.10 14:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.02.10 14:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2013.02.10 14:15:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2013.02.10 14:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.02.10 14:15:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.02.10 14:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013.02.10 14:03:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2013.02.10 14:03:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Youcam
[2013.02.10 14:03:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CyberLink
[2013.02.10 14:02:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Broadcom
[2013.02.10 14:02:21 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bluetooth-Exchange-Ordner
[2013.02.10 14:02:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Synaptics
[2013.02.10 14:02:01 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.10 14:02:01 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2013.02.10 14:02:01 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.02.10 14:01:53 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2013.02.10 14:01:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2013.02.10 13:59:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hewlett-Packard
[2013.02.10 13:59:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\hpqlog
[2013.02.10 13:59:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Hewlett-Packard
[2013.02.10 13:59:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AuthenTec
[2013.02.10 13:59:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2013.02.10 13:59:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013.02.10 13:59:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2013.02.10 13:59:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\RemEngine
[2013.02.10 13:59:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Hewlett-Packard_Company
[2013.02.10 13:58:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Intel
[2013.02.10 13:58:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Symantec
[2013.02.10 13:58:34 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2013.02.10 13:58:34 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2013.02.10 13:58:34 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2013.02.10 13:58:34 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2013.02.10 13:58:34 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2013.02.10 13:58:34 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.02.10 13:58:34 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2013.02.10 13:58:34 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2013.02.10 13:58:34 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2013.02.10 13:58:34 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2013.02.10 13:58:34 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2013.02.10 13:58:34 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2013.02.10 13:58:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2013.02.10 13:58:34 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2013.02.10 13:58:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2013.02.10 13:58:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2013.02.10 13:58:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2013.02.10 13:58:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.02.10 13:58:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.02.10 13:58:31 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.02.10 13:58:31 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.02.10 13:58:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.02.10 13:58:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.02.10 13:58:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.02.10 13:58:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.02.10 13:58:31 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.02.10 13:58:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.02.10 13:58:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.02.10 13:58:29 | 000,000,000 | ---D | C] -- C:\Windows\softwaredistribution.bak
[2013.02.10 13:55:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.27 23:18:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.27 23:18:33 | 3142,828,032 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.27 23:14:58 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 23:14:58 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 23:12:58 | 001,620,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.27 23:12:58 | 000,699,298 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.27 23:12:58 | 000,654,158 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.27 23:12:58 | 000,149,214 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.27 23:12:58 | 000,121,850 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.27 23:07:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.27 23:06:37 | 000,001,535 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19115 - Verknüpfung.lnk
[2013.02.27 21:21:56 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.02.27 18:57:53 | 521,183,386 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.27 18:23:40 | 000,001,074 | ---- | M] () -- C:\Users\***\Desktop\Defogger - Verknüpfung.lnk
[2013.02.27 18:23:25 | 000,001,430 | ---- | M] () -- C:\Users\***\Desktop\OTL - Verknüpfung.lnk
[2013.02.27 18:21:15 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.02.16 13:36:50 | 000,406,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.16 13:34:44 | 000,001,140 | ---- | M] () -- C:\Users\***\Desktop\Windows Update Troubleshooting Info.lnk
[2013.02.13 19:03:50 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.13 18:19:32 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\InstallationInfs
[2013.02.13 18:19:11 | 000,141,376 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.02.13 18:19:11 | 000,114,608 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.02.10 14:41:53 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.10 14:40:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.10 14:40:59 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.10 14:40:58 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.10 13:59:11 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013.02.10 13:58:18 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.02.10 13:58:18 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2013.02.27 23:06:37 | 000,001,535 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19115 - Verknüpfung.lnk
[2013.02.27 21:21:56 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.02.27 18:57:53 | 521,183,386 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.27 18:23:39 | 000,001,074 | ---- | C] () -- C:\Users\***\Desktop\Defogger - Verknüpfung.lnk
[2013.02.27 18:23:25 | 000,001,430 | ---- | C] () -- C:\Users\***\Desktop\OTL - Verknüpfung.lnk
[2013.02.27 18:21:15 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.02.16 13:34:44 | 000,001,140 | ---- | C] () -- C:\Users\***\Desktop\Windows Update Troubleshooting Info.lnk
[2013.02.13 19:03:50 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.13 19:03:50 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.13 18:19:31 | 000,000,040 | ---- | C] () -- C:\Windows\SysNative\InstallationInfs
[2013.02.10 14:41:53 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.10 14:41:53 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.10 13:59:11 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013.02.10 13:55:30 | 3142,828,032 | -HS- | C] () -- C:\hiberfil.sys
[2012.05.29 10:34:41 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2012.05.29 10:27:38 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.15 11:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.15 11:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.15 11:47:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.02.15 11:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.15 10:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.03.24 23:50:05 | 014,173,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.03.24 23:50:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.27 21:21:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2013.02.27 21:23:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect
[2013.02.27 21:21:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2013.02.10 14:02:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synaptics
[2013.02.27 21:22:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >

cosinus 28.02.2013 11:38
Zitat:
Antivir hatte soweit ich mich erinnere nur diesen Namen angegeben.
Deswegen hatte ich dir extra einen Artikel verlinkt wo genau beschrieben ist wie du die Ereignisse exportierst!
Es ist ja absolut kein Problem, dass du kein Computerprofi bist, aber wenigstens komplettt lesen solltest du die Anleitungen und Hinweise schon!

Val1985 28.02.2013 12:22
Hallo Cosinus,

ja, das hatte ich gesehen. Aber wie bereits gesagt, ist der Laptop komplett in seinen Grundzustand versetzt worden und daher habe ich diese Informationen von Avira nicht mehr.

Ich denke, ich vergeude hier nur deine Zeit. Das tut mir sehr Leid! Daher denke ich, es ist doch das Beste den Laptop hier vor Ort zu einem entsprechenden Dienst zu bringen. Ich denke, ich führe nur zu Verwirrung.

Ich danke dir aber vielmals für deine Hilfe! Ich bin hierfür einfach zu dämlich...Sorry

Beste Grüße!

cosinus 28.02.2013 12:37
Verdammt, das mit dem Recovern ist mir jetzt entgangen :stirn:

Aslo, wenn du recovert hast gibt es keinen Anlass Logs zu posten, denn das bestehende Windows wurde dadurch komplett gelöscht und neu draufkopiert. Das überlebt kein Schädling.
Aber evtl sollte man nochmal den MBR checken mit aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131