Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "APPCRASH" beim Taskmanager.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.10.2011, 13:15   #1
Karry
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Hallo zusammen,

ich hoffe ihr könnt mir helfen und ich hoffe, ich hab jetzt alles richtig gemacht...

Ich fang mal an. Mein Problem:
Taskmanager lässt sich nicht mehr öffnen, es kommt sofort eine Fehlermeldung mit folgenden Details.

Zitat:
Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: taskmgr.exe
Anwendungsversion: 6.1.7601.17514
Anwendungszeitstempel: 4ce79737
Fehlermodulname: taskmgr.exe
Fehlermodulversion: 6.1.7601.17514
Fehlermodulzeitstempel: 4ce79737
Ausnahmecode: c0000005
Ausnahmeoffset: 000000000000d2b1
Betriebsystemversion: 6.1.7601.2.1.0.768.3
Gebietsschema-ID: 1031
Zusatzinformation 1: 6d1b
Zusatzinformation 2: 6d1b0fa04cd4668f1c60a18f6182d18d
Zusatzinformation 3: 379f
Zusatzinformation 4: 379f75718b21c5330d36ae0f1502a99a
So, ich sag's gleich vorweg, viel Ahnung hab ich nicht. Bitte seid nachsichtig.

Defogger hat glaub ich nicht das getan, was es tun sollte...?
Raus kam folgendes:

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:11 on 28/10/2011 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Ist das richtig so oder hab ich was falsch gemacht?

Weiter geht's - und hier bin ich echt verblüfft über die Menge. :-/

OTL
Zitat:
OTL logfile created on: 28.10.2011 12:18:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 2,82 Gb Available Physical Memory | 72,85% Memory free
7,73 Gb Paging File | 6,51 Gb Available in Paging File | 84,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,87 Gb Total Space | 416,42 Gb Free Space | 90,75% Space Free | Partition Type: NTFS
Drive D: | 458,87 Gb Total Space | 411,34 Gb Free Space | 89,64% Space Free | Partition Type: NTFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.28 00:00:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.10.19 15:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.02.11 17:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Disabled | Stopped] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.10.13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.09.30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 20:38:06 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.13 01:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.10.11 15:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 15:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.02.11 17:27:37 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.11.18 12:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.10.19 15:50:12 | 006,098,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.10.13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.23 11:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3900&r=173610107707pe458v1k5w45j1u876
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3900&r=173610107707pe458v1k5w45j1u876

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3900&r=173610107707pe458v1k5w45j1u876
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3900&r=173610107707pe458v1k5w45j1u876
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.3
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.05.18 14:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.13 12:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.13 13:03:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.27 20:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: H:\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: H:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.12 15:45:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.20 12:24:55 | 000,000,000 | ---D | M]

[2010.11.02 19:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.11.02 19:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.10.27 19:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions
[2011.09.27 21:11:00 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2011.10.13 12:10:22 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr
[2010.11.29 18:52:10 | 000,001,196 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lif7zaww.default\searchplugins\winamp-search.xml
[2011.06.08 17:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.10.18 18:42:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.08 17:10:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LIF7ZAWW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LIF7ZAWW.DEFAULT\EXTENSIONS\CSHARPFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LIF7ZAWW.DEFAULT\EXTENSIONS\JAVAFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LIF7ZAWW.DEFAULT\EXTENSIONS\PYTHONFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LIF7ZAWW.DEFAULT\EXTENSIONS\RUBYFORMATTERS@SELENIUMHQ.ORG.XPI
[2011.10.13 13:03:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.10.13 13:03:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.13 13:03:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.13 13:03:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.13 13:03:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.13 13:03:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.13 13:03:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D93D55B-4E3F-4B52-BB18-7520BAC04972}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a9cbd998-3b7b-11e0-9679-90fba686ba2b}\Shell - "" = AutoRun
O33 - MountPoints2\{a9cbd998-3b7b-11e0-9679-90fba686ba2b}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a9cbd9a0-3b7b-11e0-9679-90fba686ba2b}\Shell - "" = AutoRun
O33 - MountPoints2\{a9cbd9a0-3b7b-11e0-9679-90fba686ba2b}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP


MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: Hotkey Utility - hkey= - key= - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: MultiScreen - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.10.27 23:59:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.25 18:43:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nokia
[2011.10.16 21:07:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011.10.16 21:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.16 21:07:30 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.16 21:07:30 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.16 21:07:30 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.16 21:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.16 21:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.10.13 14:45:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Jans Dokumente
[2011.10.13 12:37:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DDMSettings
[2009.11.26 19:31:51 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2011.10.28 12:16:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.28 12:16:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.28 12:15:45 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.28 12:15:45 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.28 12:15:45 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.28 12:15:45 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.28 12:15:45 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.28 12:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.28 12:08:40 | 3113,558,016 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.28 00:01:09 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.10.28 00:00:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.27 23:57:00 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.10.27 23:06:23 | 000,003,672 | ---- | M] () -- C:\bootsqm.dat
[2011.10.27 19:48:42 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.26 20:19:44 | 000,062,450 | ---- | M] () -- C:\Users\***\Documents\mymuesli von O2-Aktion - Fertig.pdf
[2011.10.25 18:02:55 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.16 21:07:38 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.16 20:40:43 | 000,363,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.13 12:19:06 | 000,001,624 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk
[2011.10.11 15:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.11 15:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

========== Files Created - No Company Name ==========

[2011.10.28 00:01:09 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.10.27 23:56:37 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.10.27 23:06:23 | 000,003,672 | ---- | C] () -- C:\bootsqm.dat
[2011.10.26 20:19:43 | 000,062,450 | ---- | C] () -- C:\Users\***\Documents\mymuesli von O2-Aktion - Fertig.pdf
[2011.10.16 21:07:38 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.13 12:19:06 | 000,001,624 | ---- | C] () -- C:\Users\***\Desktop\DivX Movies.lnk
[2011.09.18 13:56:38 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.20 20:33:57 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2011.04.05 19:04:54 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.10.18 18:24:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.10 13:08:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011.02.20 21:45:12 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2011.10.27 20:38:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.11.29 23:01:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2011.06.20 20:33:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DonationCoder
[2011.10.26 21:45:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.10.27 19:08:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.10.27 19:32:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.21 17:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2010.10.18 19:59:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole
[2011.09.20 22:18:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.09.23 20:48:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.10.25 18:43:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.10.25 18:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2010.11.02 19:48:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.01.25 23:00:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.07.19 22:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2010.10.26 20:33:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst
[2011.06.29 20:33:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2010.10.18 18:45:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA
[2011.05.18 14:56:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2010.11.02 19:50:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.12.07 20:09:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Utherverse
[2010.10.18 21:33:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ViquaSoft
[2011.07.08 19:32:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010.11.09 16:16:06 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2007.10.10 13:10:01 | 000,000,000 | ---D | M] -- C:\book
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.10.07 18:23:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.11.26 19:17:08 | 000,000,000 | ---D | M] -- C:\Intel
[2011.02.20 21:27:39 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.06.20 19:56:44 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.27 20:26:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2011.10.27 20:26:17 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.10.07 18:23:56 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.10.07 18:23:56 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.28 12:19:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.12 22:50:49 | 000,000,000 | ---D | M] -- C:\temp
[2010.10.07 18:24:02 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.29 20:40:27 | 000,000,000 | ---D | M] -- C:\Win2k Drivers
[2011.09.12 22:45:31 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
OTL Extras
Zitat:
OTL Extras logfile created on: 28.10.2011 12:18:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 2,82 Gb Available Physical Memory | 72,85% Memory free
7,73 Gb Paging File | 6,51 Gb Available in Paging File | 84,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,87 Gb Total Space | 416,42 Gb Free Space | 90,75% Space Free | Partition Type: NTFS
Drive D: | 458,87 Gb Total Space | 411,34 Gb Free Space | 89,64% Space Free | Partition Type: NTFS

Computer Name: ***| User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03136F9A-A046-B531-412F-C205BD64316C}" = ATI Catalyst Install Manager
"{111ABAC1-37EA-7E8C-C9E6-AB80915EEDD3}" = ATI AVIVO64 Codecs
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5EC1C89-DA8E-DD40-5157-530A1C2E500B}" = ccc-utility64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039137CA-30DC-1540-1E8C-33869CAEA7B2}" = CCC Help English
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{098497EF-0004-FADA-7BD6-ABE17F1910FF}" = CCC Help Italian
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{165B6E55-1E3B-0929-66FF-77CCE0AD793C}" = Catalyst Control Center Graphics Light
"{1D1D2C61-5DF5-20BD-1CAE-995C7F09856A}" = CCC Help Greek
"{1E2D8EE2-6FE2-15C8-B091-0B80D8AB58A4}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F9BE94D-A52E-C005-878F-A9AC4E7BD3FE}" = Catalyst Control Center Core Implementation
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C193B20-9FAC-9AFB-EF0D-B9D57D59C427}" = CCC Help Turkish
"{2C494A86-50CB-0C64-FB04-3993C4429DE5}" = CCC Help Norwegian
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{324BB225-2A79-E08A-2421-7A4F38BBF541}" = CCC Help Hungarian
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359B81BB-C2FD-691B-65AB-EAC26A685BE4}" = Catalyst Control Center Graphics Full New
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DC26E05-22CD-38E4-63FE-A752EF4E918C}" = CCC Help Korean
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D65780C-E307-1379-BAC8-B30E51363ECD}" = Catalyst Control Center Graphics Full Existing
"{4E38B509-B471-A963-FB30-34E3D7F91421}" = Catalyst Control Center Localization All
"{506E0320-F8A1-0983-09D9-33DFBBC425B4}" = CCC Help Chinese Standard
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59A1E95E-D712-BF6B-5656-C690E1575B8D}" = Catalyst Control Center InstallProxy
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7024FFDC-0D2D-B3AE-6B52-AF1F5503D9FF}" = CCC Help Portuguese
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{79A2DA7D-5EA4-B8A6-52D6-75A8F94CA6C5}" = CCC Help Thai
"{7DEAB00D-BE9B-8BE7-2941-76A6422B6F00}" = CCC Help Japanese
"{7EDF7572-CC22-C22C-DF2B-BB28C14FBE4A}" = CCC Help Polish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{888F8AC3-9E79-572B-4DF6-B30C3B82C4AB}" = CCC Help Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B8EAE18-A459-2045-FA53-72ED67AD9138}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9d5299f9-f94e-43ed-9632-a5e045b51f7d}" = Nero 9 Essentials
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85BD682-BB11-EFDD-9ED1-93758072FA2D}" = CCC Help Danish
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B77D544F-6D58-B8E4-62F4-8704A59CD186}" = CCC Help Russian
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C58B395E-7C8F-F714-4A34-64520ED4E9DF}" = ccc-core-static
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D2734CE1-D0DD-9FEE-C5E6-038D442308F8}" = Catalyst Control Center Graphics Previews Vista
"{D9144AC7-8565-B644-FB32-F38121545524}" = CCC Help German
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E07C281D-F796-DB19-AFD7-3D186DE2D45F}" = CCC Help Finnish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E6BF9670-C9E9-461A-9B14-B5ADAC3176CF}" = Cisco AnyConnect VPN Client
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB6C866D-1695-5781-7023-F1F806522213}" = CCC Help Spanish
"{EE10D76C-39B7-40A8-A24C-1BEEACBED160}" = Catalyst Control Center - Branding
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB354938-180A-5AE5-9BAC-6E3D1557CF08}" = CCC Help Dutch
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE383B51-D6DA-CCAB-5B01-2F2042F1FAE4}" = CCC Help Swedish
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX-Setup
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"Nokia Ovi Suite" = Nokia Ovi Suite
"PhotoScape" = PhotoScape
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29.09.2011 03:41:41 | Computer Name = ***| Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 29.09.2011 13:11:37 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 29.09.2011 13:11:37 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 29.09.2011 21:49:31 | Computer Name = ***| Source = Application Hang | ID = 1002
Description = Programm AcroRd32.exe, Version 9.4.5.236 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a0c Startzeit:
01cc7f00a932f395 Endzeit: 7 Anwendungspfad: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

Berichts-ID:
6edf178d-eb06-11e0-9f2d-90fba686ba2b

Error - 30.09.2011 03:28:41 | Computer Name = ***| Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskmgr.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79737 Name des fehlerhaften Moduls: taskmgr.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79737 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000d2b1
ID
des fehlerhaften Prozesses: 0x171c Startzeit der fehlerhaften Anwendung: 0x01cc7f4293919dc1
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\taskmgr.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\taskmgr.exe Berichtskennung: d1d79459-eb35-11e0-9f2d-90fba686ba2b

Error - 30.09.2011 03:28:50 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskmgr.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79737 Name des fehlerhaften Moduls: taskmgr.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79737 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000d2b1
ID
des fehlerhaften Prozesses: 0x1568 Startzeit der fehlerhaften Anwendung: 0x01cc7f42996a6fbc
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\taskmgr.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\taskmgr.exe Berichtskennung: d734a4d4-eb35-11e0-9f2d-90fba686ba2b

Error - 30.09.2011 03:29:57 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 30.09.2011 03:29:57 | Computer Name = ***| Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.10.2011 06:02:42 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 13.10.2011 06:02:42 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

[ Cisco AnyConnect VPN Client Events ]
Error - 18.10.2011 04:35:37 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 18.10.2011 04:35:37 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 18.10.2011 04:35:37 | Computer Name = ***| Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 18.10.2011 04:35:37 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 18.10.2011 04:35:37 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 18.10.2011 04:35:37 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 18.10.2011 04:35:38 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 18.10.2011 04:35:38 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 18.10.2011 04:35:38 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 18.10.2011 04:35:38 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 325 Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED

[ System Events ]
Error - 14.07.2011 05:21:08 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%109

Error - 20.07.2011 06:30:58 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 20.07.2011 06:31:43 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 15.08.2011 05:55:45 | Computer Name = ***| Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 15.08.2011 15:17:08 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 24.08.2011 10:45:14 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 24.08.2011 10:46:02 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 26.08.2011 05:57:54 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ServiceLayer" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 10.09.2011 10:06:02 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 10.09.2011 10:06:46 | Computer Name = *** | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =


< End of report >

Was ich schon probiert habe:
Ich hab versucht den Taskmanager zurückzusetzen und ich habe über regedit.exe irgendwelche binären Werte verändert, vielmehr erstellt, weil das was ich verändern sollte, nicht existierte. Vielleicht hab ich mich dabei auch einfach nur zu blöd angestellt...? :-(
Die Tipps kommen von hier:
hxxp://scareware.de/2011/03/task-manager-taskmgr-exe-zurucksetzen/
hxxp://scareware.de/2011/03/task-manager-geht-nicht-mehr/

Außerdem hab ich Avira und Malwarebytes durchlaufen lassen, haben beide nichts gefunden.

Ich weiß nicht weiter. Was mach ich jetzt?
Vielen Dank im Voraus!

Alt 28.10.2011, 14:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Zitat:
Außerdem hab ich Avira und Malwarebytes durchlaufen lassen, haben beide nichts gefunden.
Bitte trotzdem alle Logs von Malwarebytes posten
__________________

__________________

Alt 28.10.2011, 14:38   #3
Karry
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8030

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

28.10.2011 14:36:54
mbam-log-2011-10-28 (14-36-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 177250
Laufzeit: 2 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Das war jetzt ein Quick-Scan - reicht?

Hier ist sonst noch der von gestern:

Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8030

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

27.10.2011 21:10:53
mbam-log-2011-10-27 (21-10-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 328751
Laufzeit: 1 Stunde(n), 20 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 28.10.2011, 15:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.10.2011, 21:54   #5
Karry
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2b48c274bf1d8646b7773daecbc89a2d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-30 08:40:34
# local_time=2011-10-30 09:40:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1211361 1211361 0 0
# compatibility_mode=5893 16776574 100 94 3974 71633257 0 0
# compatibility_mode=8192 67108863 100 0 4498 4498 0 0
# scanned=167221
# found=0
# cleaned=0
# scan_time=3826
Nichts?
Bin ich jetzt im falschen Unterforum...?
Oh man.


Alt 30.10.2011, 23:45   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Mach bitte ein neues OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> "APPCRASH" beim Taskmanager.

Alt 31.10.2011, 16:36   #7
Karry
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Gab nur ein OTL-Dokument:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.10.2011 11:48:14 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,92 Gb Available Physical Memory | 75,48% Memory free
7,73 Gb Paging File | 6,62 Gb Available in Paging File | 85,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,87 Gb Total Space | 415,59 Gb Free Space | 90,57% Space Free | Partition Type: NTFS
Drive D: | 458,87 Gb Total Space | 410,36 Gb Free Space | 89,43% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.27 23:00:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.10.19 14:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.02.11 16:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () [Disabled | Stopped] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.09.30 13:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 13:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.09.10 14:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.18 09:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.05.18 09:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.05.18 09:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.05.18 09:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.05.18 09:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.05.18 09:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.02.11 16:27:37 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.10.19 14:50:12 | 006,098,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.23 10:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.3
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.05.18 13:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.13 11:19:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.13 12:03:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.27 19:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: H:\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: H:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.12 14:45:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.20 11:24:55 | 000,000,000 | ---D | M]
 
[2010.11.02 18:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.11.02 18:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.10.27 18:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions
[2011.09.27 20:11:00 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2011.10.13 11:10:22 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr
[2010.11.29 17:52:10 | 000,001,196 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lif7zaww.default\searchplugins\winamp-search.xml
[2011.06.08 16:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.10.18 17:42:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.08 16:10:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LIF7ZAWW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LIF7ZAWW.DEFAULT\EXTENSIONS\CSHARPFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LIF7ZAWW.DEFAULT\EXTENSIONS\JAVAFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LIF7ZAWW.DEFAULT\EXTENSIONS\PYTHONFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LIF7ZAWW.DEFAULT\EXTENSIONS\RUBYFORMATTERS@SELENIUMHQ.ORG.XPI
[2011.10.13 12:03:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.10.13 12:03:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.13 12:03:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.13 12:03:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.13 12:03:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.13 12:03:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.13 12:03:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D93D55B-4E3F-4B52-BB18-7520BAC04972}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a9cbd998-3b7b-11e0-9679-90fba686ba2b}\Shell - "" = AutoRun
O33 - MountPoints2\{a9cbd998-3b7b-11e0-9679-90fba686ba2b}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a9cbd9a0-3b7b-11e0-9679-90fba686ba2b}\Shell - "" = AutoRun
O33 - MountPoints2\{a9cbd9a0-3b7b-11e0-9679-90fba686ba2b}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: Hotkey Utility - hkey= - key= - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: MultiScreen - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.30 20:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.10.27 22:59:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.25 17:43:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nokia
[2011.10.16 20:07:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011.10.16 20:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.16 20:07:30 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.16 20:07:30 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.16 20:07:30 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.16 20:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.16 20:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.10.13 13:45:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Jans Dokumente
[2011.10.13 11:37:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DDMSettings
[2009.11.26 18:31:51 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.31 11:14:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.31 11:14:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.31 11:11:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.31 11:11:34 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.31 11:11:34 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.31 11:11:34 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.31 11:11:34 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.31 11:07:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.31 11:07:16 | 3113,558,016 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.27 23:01:09 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.10.27 23:00:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.10.27 22:57:00 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.10.27 22:06:23 | 000,003,672 | ---- | M] () -- C:\bootsqm.dat
[2011.10.27 18:48:42 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.26 19:19:44 | 000,062,450 | ---- | M] () -- C:\Users\***\Documents\mymuesli von O2-Aktion - Fertig.pdf
[2011.10.25 17:02:55 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.16 20:07:38 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.16 19:40:43 | 000,363,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.13 11:19:06 | 000,001,624 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk
[2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2011.10.27 23:01:09 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.10.27 22:56:37 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.10.27 22:06:23 | 000,003,672 | ---- | C] () -- C:\bootsqm.dat
[2011.10.26 19:19:43 | 000,062,450 | ---- | C] () -- C:\Users\***\Documents\mymuesli von O2-Aktion - Fertig.pdf
[2011.10.16 20:07:38 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.13 11:19:06 | 000,001,624 | ---- | C] () -- C:\Users\***\Desktop\DivX Movies.lnk
[2011.09.18 12:56:38 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.20 19:33:57 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2011.04.05 18:04:54 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.10.18 17:24:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.10 12:08:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.02.20 20:45:12 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2011.10.27 19:38:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.11.29 22:01:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2011.06.20 19:33:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DonationCoder
[2011.10.26 20:45:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.10.27 18:08:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.10.27 18:32:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.21 16:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2010.10.18 18:59:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole
[2011.09.20 21:18:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.09.23 19:48:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.10.25 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.10.25 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2010.11.02 18:48:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.01.25 22:00:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.07.19 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2010.10.26 19:33:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst
[2011.06.29 19:33:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2010.10.18 17:45:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA
[2011.05.18 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2010.11.02 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.12.07 19:09:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Utherverse
[2010.10.18 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ViquaSoft
[2011.07.08 18:32:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.20 20:45:12 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2010.10.18 19:40:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.10.27 19:38:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.10.07 17:26:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2011.10.16 20:07:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.11.29 22:01:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2010.10.18 17:44:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2011.09.18 12:56:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2011.06.20 19:33:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DonationCoder
[2011.10.26 20:45:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.10.27 18:08:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.10.27 18:32:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.21 16:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2010.10.18 18:59:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole
[2010.10.18 17:16:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2011.09.20 21:18:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.09.23 19:48:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.10.07 17:25:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.10.18 18:38:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.10.07 17:25:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.04.17 17:13:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.09.12 21:44:03 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2010.10.18 17:24:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2010.10.19 17:02:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2011.10.25 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.10.25 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2010.11.02 18:48:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.01.25 22:00:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.07.19 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2010.10.26 19:33:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst
[2011.06.29 19:33:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2011.09.15 12:57:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2010.10.18 17:45:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA
[2011.05.18 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2010.11.02 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.12.07 19:09:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Utherverse
[2010.10.18 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ViquaSoft
[2011.04.05 17:53:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 21:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.13 20:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
         
--- --- ---

Alt 31.10.2011, 18:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
[2011.09.27 20:11:00 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2011.10.13 11:10:22 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr
[2010.11.29 17:52:10 | 000,001,196 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lif7zaww.default\searchplugins\winamp-search.xml
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: []  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a9cbd998-3b7b-11e0-9679-90fba686ba2b}\Shell - "" = AutoRun
O33 - MountPoints2\{a9cbd998-3b7b-11e0-9679-90fba686ba2b}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a9cbd9a0-3b7b-11e0-9679-90fba686ba2b}\Shell - "" = AutoRun
O33 - MountPoints2\{a9cbd9a0-3b7b-11e0-9679-90fba686ba2b}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
[2009.11.26 18:31:51 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2011.02.20 20:45:12 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.11.2011, 11:07   #9
Karry
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Zitat:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\components folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\skin\classic\platforms\win folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\skin\classic\platforms\unix folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\skin\classic\platforms\mac folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\skin\classic\platforms folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\skin\classic folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\skin folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\locale\sv-SE folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\locale\pt-BR folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\locale\ja-JP folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\locale\fr-FR folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\locale\en-US folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\locale folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\icons\default folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\icons folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\tests\unit\html folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\tests\unit folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\tests\functional\aut folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\tests\functional folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\tests folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\selenium-src\scripts folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\selenium-src folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\selenium-core\xpath folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\selenium-core\test folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\selenium-core\scripts folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\selenium-core\lib\scriptaculous folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\selenium-core\lib\cssQuery\src folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\selenium-core\lib\cssQuery folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\selenium-core\lib folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\selenium-core\icons folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\selenium-core folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\images folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\icons folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content\formats folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome\content folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f} folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-fdislike-tests folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-fdislike-lib folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-fdislike-data folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\windows folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\utils folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\traits folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\tabs folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\events folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\dom folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-api-utils-lib\content folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-api-utils-lib folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-api-utils-data folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-addon-kit-lib folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources\fbdislike-at-doweb-dot-fr-addon-kit-data folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\resources folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr\components folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lif7zaww.default\extensions\fbdislike@doweb.fr folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lif7zaww.default\searchplugins\winamp-search.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9cbd998-3b7b-11e0-9679-90fba686ba2b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9cbd998-3b7b-11e0-9679-90fba686ba2b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9cbd998-3b7b-11e0-9679-90fba686ba2b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9cbd998-3b7b-11e0-9679-90fba686ba2b}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9cbd9a0-3b7b-11e0-9679-90fba686ba2b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9cbd9a0-3b7b-11e0-9679-90fba686ba2b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9cbd9a0-3b7b-11e0-9679-90fba686ba2b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9cbd9a0-3b7b-11e0-9679-90fba686ba2b}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\AutoRun.exe not found.
C:\ProgramData\FullRemove.exe moved successfully.
Folder C:\Users\***\AppData\Roaming\.#\ not found.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:444C53BA deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ***
->Temp folder emptied: 563573372 bytes
->Temporary Internet Files folder emptied: 50076658 bytes
->Java cache emptied: 9125721 bytes
->FireFox cache emptied: 86322337 bytes
->Flash cache emptied: 83337 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11105675 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 150752 bytes

Total Files Cleaned = 687,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11012011_105508

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
So und jetzt?

Alt 01.11.2011, 12:24   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.11.2011, 15:12   #11
Karry
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Scheint nichts gefunden zu haben:

Zitat:
15:08:44.0449 0680 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
15:08:44.0652 0680 ============================================================
15:08:44.0652 0680 Current date / time: 2011/11/02 15:08:44.0652
15:08:44.0652 0680 SystemInfo:
15:08:44.0652 0680
15:08:44.0776 0680 OS Version: 6.1.7601 ServicePack: 1.0
15:08:44.0776 0680 Product type: Workstation
15:08:44.0776 0680 ComputerName: ***
15:08:44.0776 0680 UserName: ***
15:08:44.0776 0680 Windows directory: C:\Windows
15:08:44.0776 0680 System windows directory: C:\Windows
15:08:44.0776 0680 Running under WOW64
15:08:44.0776 0680 Processor architecture: Intel x64
15:08:44.0776 0680 Number of processors: 4
15:08:44.0776 0680 Page size: 0x1000
15:08:44.0776 0680 Boot type: Normal boot
15:08:44.0776 0680 ============================================================
15:08:45.0338 0680 Initialize success
15:09:26.0179 1400 ============================================================
15:09:26.0179 1400 Scan started
15:09:26.0179 1400 Mode: Manual; SigCheck; TDLFS;
15:09:26.0179 1400 ============================================================
15:09:26.0772 1400 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:09:26.0865 1400 1394ohci - ok
15:09:26.0896 1400 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:09:26.0912 1400 ACPI - ok
15:09:26.0928 1400 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:09:26.0990 1400 AcpiPmi - ok
15:09:27.0037 1400 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:09:27.0068 1400 adp94xx - ok
15:09:27.0084 1400 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:09:27.0099 1400 adpahci - ok
15:09:27.0115 1400 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:09:27.0130 1400 adpu320 - ok
15:09:27.0177 1400 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:09:27.0240 1400 AFD - ok
15:09:27.0271 1400 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:09:27.0302 1400 agp440 - ok
15:09:27.0333 1400 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:09:27.0349 1400 aliide - ok
15:09:27.0396 1400 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:09:27.0411 1400 amdide - ok
15:09:27.0458 1400 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:09:27.0520 1400 AmdK8 - ok
15:09:27.0536 1400 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:09:27.0567 1400 AmdPPM - ok
15:09:27.0614 1400 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:09:27.0630 1400 amdsata - ok
15:09:27.0661 1400 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:09:27.0676 1400 amdsbs - ok
15:09:27.0708 1400 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:09:27.0723 1400 amdxata - ok
15:09:27.0786 1400 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:09:27.0957 1400 AppID - ok
15:09:27.0988 1400 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:09:28.0004 1400 arc - ok
15:09:28.0004 1400 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:09:28.0020 1400 arcsas - ok
15:09:28.0066 1400 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:09:28.0191 1400 AsyncMac - ok
15:09:28.0222 1400 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:09:28.0238 1400 atapi - ok
15:09:28.0285 1400 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
15:09:28.0316 1400 AtiHdmiService - ok
15:09:28.0425 1400 atikmdag (dbfadf1a452484a3d0e069866e26cc43) C:\Windows\system32\DRIVERS\atikmdag.sys
15:09:28.0690 1400 atikmdag - ok
15:09:28.0768 1400 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
15:09:28.0800 1400 avgntflt - ok
15:09:28.0878 1400 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
15:09:28.0893 1400 avipbb - ok
15:09:28.0909 1400 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:09:28.0924 1400 avkmgr - ok
15:09:29.0002 1400 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:09:29.0080 1400 b06bdrv - ok
15:09:29.0112 1400 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:09:29.0174 1400 b57nd60a - ok
15:09:29.0205 1400 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:09:29.0299 1400 Beep - ok
15:09:29.0346 1400 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:09:29.0361 1400 blbdrive - ok
15:09:29.0392 1400 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:09:29.0408 1400 bowser - ok
15:09:29.0424 1400 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:09:29.0486 1400 BrFiltLo - ok
15:09:29.0486 1400 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:09:29.0502 1400 BrFiltUp - ok
15:09:29.0517 1400 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:09:29.0580 1400 Brserid - ok
15:09:29.0580 1400 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:09:29.0611 1400 BrSerWdm - ok
15:09:29.0611 1400 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:09:29.0642 1400 BrUsbMdm - ok
15:09:29.0658 1400 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:09:29.0689 1400 BrUsbSer - ok
15:09:29.0689 1400 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:09:29.0736 1400 BTHMODEM - ok
15:09:29.0767 1400 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:09:29.0798 1400 cdfs - ok
15:09:29.0876 1400 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:09:29.0938 1400 cdrom - ok
15:09:29.0970 1400 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:09:30.0016 1400 circlass - ok
15:09:30.0063 1400 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:09:30.0079 1400 CLFS - ok
15:09:30.0094 1400 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:09:30.0110 1400 CmBatt - ok
15:09:30.0126 1400 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:09:30.0141 1400 cmdide - ok
15:09:30.0172 1400 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:09:30.0219 1400 CNG - ok
15:09:30.0219 1400 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:09:30.0235 1400 Compbatt - ok
15:09:30.0266 1400 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:09:30.0297 1400 CompositeBus - ok
15:09:30.0313 1400 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:09:30.0328 1400 crcdisk - ok
15:09:30.0375 1400 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:09:30.0438 1400 DfsC - ok
15:09:30.0453 1400 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:09:30.0484 1400 discache - ok
15:09:30.0516 1400 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:09:30.0516 1400 Disk - ok
15:09:30.0547 1400 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:09:30.0562 1400 drmkaud - ok
15:09:30.0625 1400 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:09:30.0656 1400 DXGKrnl - ok
15:09:30.0703 1400 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
15:09:30.0718 1400 e1kexpress - ok
15:09:30.0796 1400 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:09:30.0937 1400 ebdrv - ok
15:09:30.0968 1400 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:09:30.0999 1400 elxstor - ok
15:09:31.0030 1400 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:09:31.0062 1400 ErrDev - ok
15:09:31.0093 1400 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:09:31.0155 1400 exfat - ok
15:09:31.0186 1400 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:09:31.0218 1400 fastfat - ok
15:09:31.0233 1400 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:09:31.0264 1400 fdc - ok
15:09:31.0296 1400 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:09:31.0296 1400 FileInfo - ok
15:09:31.0311 1400 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:09:31.0358 1400 Filetrace - ok
15:09:31.0358 1400 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:09:31.0374 1400 flpydisk - ok
15:09:31.0420 1400 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:09:31.0452 1400 FltMgr - ok
15:09:31.0467 1400 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:09:31.0483 1400 FsDepends - ok
15:09:31.0498 1400 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:09:31.0514 1400 Fs_Rec - ok
15:09:31.0545 1400 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:09:31.0561 1400 fvevol - ok
15:09:31.0576 1400 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:09:31.0592 1400 gagp30kx - ok
15:09:31.0608 1400 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:09:31.0654 1400 hcw85cir - ok
15:09:31.0686 1400 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:09:31.0717 1400 HdAudAddService - ok
15:09:31.0732 1400 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:09:31.0748 1400 HDAudBus - ok
15:09:31.0795 1400 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:09:31.0810 1400 HECIx64 - ok
15:09:31.0826 1400 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:09:31.0842 1400 HidBatt - ok
15:09:31.0842 1400 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:09:31.0873 1400 HidBth - ok
15:09:31.0888 1400 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:09:31.0904 1400 HidIr - ok
15:09:31.0951 1400 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:09:31.0966 1400 HidUsb - ok
15:09:31.0982 1400 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:09:31.0998 1400 HpSAMD - ok
15:09:32.0044 1400 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:09:32.0091 1400 HTTP - ok
15:09:32.0122 1400 hwdatacard - ok
15:09:32.0154 1400 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:09:32.0154 1400 hwpolicy - ok
15:09:32.0185 1400 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:09:32.0216 1400 i8042prt - ok
15:09:32.0247 1400 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
15:09:32.0263 1400 iaStor - ok
15:09:32.0278 1400 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:09:32.0310 1400 iaStorV - ok
15:09:32.0341 1400 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:09:32.0341 1400 iirsp - ok
15:09:32.0403 1400 IntcAzAudAddService (d2356ebe25781b2fb61687e4d07ed188) C:\Windows\system32\drivers\RTKVHD64.sys
15:09:32.0481 1400 IntcAzAudAddService - ok
15:09:32.0512 1400 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:09:32.0512 1400 intelide - ok
15:09:32.0544 1400 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:09:32.0575 1400 intelppm - ok
15:09:32.0606 1400 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:09:32.0653 1400 IpFilterDriver - ok
15:09:32.0668 1400 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:09:32.0700 1400 IPMIDRV - ok
15:09:32.0715 1400 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:09:32.0762 1400 IPNAT - ok
15:09:32.0778 1400 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:09:32.0809 1400 IRENUM - ok
15:09:32.0824 1400 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:09:32.0840 1400 isapnp - ok
15:09:32.0856 1400 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:09:32.0871 1400 iScsiPrt - ok
15:09:32.0902 1400 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:09:32.0902 1400 kbdclass - ok
15:09:32.0934 1400 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:09:32.0965 1400 kbdhid - ok
15:09:33.0012 1400 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:09:33.0027 1400 KSecDD - ok
15:09:33.0058 1400 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:09:33.0090 1400 KSecPkg - ok
15:09:33.0105 1400 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:09:33.0168 1400 ksthunk - ok
15:09:33.0214 1400 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:09:33.0292 1400 lltdio - ok
15:09:33.0339 1400 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:09:33.0370 1400 LSI_FC - ok
15:09:33.0370 1400 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:09:33.0402 1400 LSI_SAS - ok
15:09:33.0402 1400 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:09:33.0417 1400 LSI_SAS2 - ok
15:09:33.0433 1400 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:09:33.0433 1400 LSI_SCSI - ok
15:09:33.0464 1400 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:09:33.0511 1400 luafv - ok
15:09:33.0526 1400 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:09:33.0526 1400 megasas - ok
15:09:33.0542 1400 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:09:33.0558 1400 MegaSR - ok
15:09:33.0573 1400 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:09:33.0620 1400 Modem - ok
15:09:33.0667 1400 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:09:33.0682 1400 monitor - ok
15:09:33.0714 1400 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:09:33.0714 1400 mouclass - ok
15:09:33.0729 1400 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:09:33.0776 1400 mouhid - ok
15:09:33.0807 1400 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:09:33.0823 1400 mountmgr - ok
15:09:33.0854 1400 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:09:33.0885 1400 mpio - ok
15:09:33.0901 1400 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:09:33.0963 1400 mpsdrv - ok
15:09:33.0994 1400 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:09:34.0041 1400 MRxDAV - ok
15:09:34.0057 1400 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:09:34.0104 1400 mrxsmb - ok
15:09:34.0150 1400 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:09:34.0182 1400 mrxsmb10 - ok
15:09:34.0213 1400 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:09:34.0228 1400 mrxsmb20 - ok
15:09:34.0275 1400 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:09:34.0291 1400 msahci - ok
15:09:34.0322 1400 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:09:34.0338 1400 msdsm - ok
15:09:34.0369 1400 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:09:34.0400 1400 Msfs - ok
15:09:34.0416 1400 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:09:34.0462 1400 mshidkmdf - ok
15:09:34.0478 1400 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:09:34.0478 1400 msisadrv - ok
15:09:34.0509 1400 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:09:34.0540 1400 MSKSSRV - ok
15:09:34.0556 1400 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:09:34.0587 1400 MSPCLOCK - ok
15:09:34.0603 1400 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:09:34.0634 1400 MSPQM - ok
15:09:34.0665 1400 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:09:34.0681 1400 MsRPC - ok
15:09:34.0712 1400 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:09:34.0712 1400 mssmbios - ok
15:09:34.0712 1400 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:09:34.0759 1400 MSTEE - ok
15:09:34.0774 1400 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:09:34.0806 1400 MTConfig - ok
15:09:34.0821 1400 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:09:34.0837 1400 Mup - ok
15:09:34.0868 1400 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:09:34.0884 1400 mwlPSDFilter - ok
15:09:34.0899 1400 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:09:34.0915 1400 mwlPSDNServ - ok
15:09:34.0946 1400 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:09:34.0962 1400 mwlPSDVDisk - ok
15:09:34.0993 1400 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:09:35.0055 1400 NativeWifiP - ok
15:09:35.0102 1400 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:09:35.0133 1400 NDIS - ok
15:09:35.0149 1400 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:09:35.0180 1400 NdisCap - ok
15:09:35.0196 1400 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:09:35.0242 1400 NdisTapi - ok
15:09:35.0274 1400 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:09:35.0320 1400 Ndisuio - ok
15:09:35.0367 1400 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:09:35.0414 1400 NdisWan - ok
15:09:35.0461 1400 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:09:35.0508 1400 NDProxy - ok
15:09:35.0539 1400 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:09:35.0601 1400 NetBIOS - ok
15:09:35.0648 1400 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:09:35.0695 1400 NetBT - ok
15:09:35.0757 1400 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:09:35.0773 1400 nfrd960 - ok
15:09:35.0820 1400 nmwcd (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys
15:09:35.0882 1400 nmwcd - ok
15:09:35.0913 1400 nmwcdc (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys
15:09:35.0960 1400 nmwcdc - ok
15:09:35.0991 1400 nmwcdnsucx64 (863aa6c58ac85a22355ae943c605e44b) C:\Windows\system32\drivers\nmwcdnsucx64.sys
15:09:36.0022 1400 nmwcdnsucx64 - ok
15:09:36.0038 1400 nmwcdnsux64 (7983d9201788407c4d1fc4d0baa04e32) C:\Windows\system32\drivers\nmwcdnsux64.sys
15:09:36.0085 1400 nmwcdnsux64 - ok
15:09:36.0132 1400 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
15:09:36.0147 1400 NPF - ok
15:09:36.0178 1400 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:09:36.0241 1400 Npfs - ok
15:09:36.0272 1400 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:09:36.0319 1400 nsiproxy - ok
15:09:36.0397 1400 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
15:09:36.0475 1400 Ntfs - ok
15:09:36.0490 1400 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
15:09:36.0506 1400 NTIDrvr - ok
15:09:36.0522 1400 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:09:36.0553 1400 Null - ok
15:09:36.0600 1400 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
15:09:36.0615 1400 nvraid - ok
15:09:36.0646 1400 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
15:09:36.0662 1400 nvstor - ok
15:09:36.0678 1400 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:09:36.0693 1400 nv_agp - ok
15:09:36.0740 1400 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:09:36.0771 1400 ohci1394 - ok
15:09:36.0802 1400 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:09:36.0818 1400 Parport - ok
15:09:36.0849 1400 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:09:36.0865 1400 partmgr - ok
15:09:36.0927 1400 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:09:36.0990 1400 pccsmcfd - ok
15:09:37.0005 1400 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:09:37.0036 1400 pci - ok
15:09:37.0052 1400 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:09:37.0068 1400 pciide - ok
15:09:37.0068 1400 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:09:37.0083 1400 pcmcia - ok
15:09:37.0099 1400 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:09:37.0114 1400 pcw - ok
15:09:37.0130 1400 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:09:37.0192 1400 PEAUTH - ok
15:09:37.0239 1400 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:09:37.0286 1400 PptpMiniport - ok
15:09:37.0302 1400 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:09:37.0317 1400 Processor - ok
15:09:37.0364 1400 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:09:37.0426 1400 Psched - ok
15:09:37.0473 1400 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:09:37.0536 1400 ql2300 - ok
15:09:37.0536 1400 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:09:37.0551 1400 ql40xx - ok
15:09:37.0567 1400 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:09:37.0614 1400 QWAVEdrv - ok
15:09:37.0614 1400 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:09:37.0660 1400 RasAcd - ok
15:09:37.0707 1400 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:09:37.0754 1400 RasAgileVpn - ok
15:09:37.0801 1400 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:09:37.0832 1400 Rasl2tp - ok
15:09:37.0848 1400 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:09:37.0910 1400 RasPppoe - ok
15:09:37.0941 1400 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:09:37.0972 1400 RasSstp - ok
15:09:38.0004 1400 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:09:38.0035 1400 rdbss - ok
15:09:38.0050 1400 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:09:38.0066 1400 rdpbus - ok
15:09:38.0082 1400 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:09:38.0128 1400 RDPCDD - ok
15:09:38.0144 1400 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:09:38.0191 1400 RDPENCDD - ok
15:09:38.0206 1400 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:09:38.0238 1400 RDPREFMP - ok
15:09:38.0253 1400 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:09:38.0300 1400 RDPWD - ok
15:09:38.0331 1400 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:09:38.0362 1400 rdyboost - ok
15:09:38.0409 1400 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:09:38.0503 1400 rspndr - ok
15:09:38.0518 1400 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:09:38.0534 1400 sbp2port - ok
15:09:38.0581 1400 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:09:38.0628 1400 scfilter - ok
15:09:38.0643 1400 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:09:38.0690 1400 secdrv - ok
15:09:38.0706 1400 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:09:38.0721 1400 Serenum - ok
15:09:38.0721 1400 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:09:38.0752 1400 Serial - ok
15:09:38.0784 1400 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:09:38.0815 1400 sermouse - ok
15:09:38.0877 1400 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:09:38.0924 1400 sffdisk - ok
15:09:38.0940 1400 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:09:38.0986 1400 sffp_mmc - ok
15:09:38.0986 1400 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:09:39.0018 1400 sffp_sd - ok
15:09:39.0018 1400 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:09:39.0049 1400 sfloppy - ok
15:09:39.0064 1400 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:09:39.0064 1400 SiSRaid2 - ok
15:09:39.0080 1400 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:09:39.0096 1400 SiSRaid4 - ok
15:09:39.0111 1400 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:09:39.0158 1400 Smb - ok
15:09:39.0174 1400 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:09:39.0189 1400 spldr - ok
15:09:39.0220 1400 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:09:39.0252 1400 srv - ok
15:09:39.0267 1400 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:09:39.0283 1400 srv2 - ok
15:09:39.0298 1400 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:09:39.0330 1400 srvnet - ok
15:09:39.0361 1400 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:09:39.0361 1400 stexstor - ok
15:09:39.0392 1400 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:09:39.0408 1400 swenum - ok
15:09:39.0470 1400 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
15:09:39.0564 1400 Tcpip - ok
15:09:39.0595 1400 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
15:09:39.0626 1400 TCPIP6 - ok
15:09:39.0657 1400 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:09:39.0735 1400 tcpipreg - ok
15:09:39.0751 1400 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:09:39.0798 1400 TDPIPE - ok
15:09:39.0813 1400 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:09:39.0844 1400 TDTCP - ok
15:09:39.0891 1400 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:09:39.0954 1400 tdx - ok
15:09:39.0985 1400 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:09:39.0985 1400 TermDD - ok
15:09:40.0032 1400 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:09:40.0078 1400 tssecsrv - ok
15:09:40.0110 1400 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:09:40.0141 1400 TsUsbFlt - ok
15:09:40.0156 1400 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:09:40.0203 1400 tunnel - ok
15:09:40.0219 1400 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:09:40.0219 1400 uagp35 - ok
15:09:40.0266 1400 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
15:09:40.0266 1400 UBHelper - ok
15:09:40.0297 1400 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:09:40.0359 1400 udfs - ok
15:09:40.0390 1400 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:09:40.0406 1400 uliagpkx - ok
15:09:40.0437 1400 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:09:40.0469 1400 umbus - ok
15:09:40.0484 1400 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:09:40.0515 1400 UmPass - ok
15:09:40.0547 1400 upperdev (fbd861e69e1f583bec906fcd04e4f84e) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:09:40.0578 1400 upperdev - ok
15:09:40.0609 1400 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
15:09:40.0640 1400 usbccgp - ok
15:09:40.0656 1400 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:09:40.0687 1400 usbcir - ok
15:09:40.0687 1400 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
15:09:40.0718 1400 usbehci - ok
15:09:40.0734 1400 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
15:09:40.0749 1400 usbhub - ok
15:09:40.0781 1400 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
15:09:40.0781 1400 usbohci - ok
15:09:40.0812 1400 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:09:40.0827 1400 usbprint - ok
15:09:40.0843 1400 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:09:40.0890 1400 usbscan - ok
15:09:40.0921 1400 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
15:09:40.0952 1400 usbser - ok
15:09:40.0999 1400 UsbserFilt (0fbb0080b287bbcbf5c7076e3d74a35c) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:09:41.0030 1400 UsbserFilt - ok
15:09:41.0061 1400 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:09:41.0093 1400 USBSTOR - ok
15:09:41.0108 1400 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
15:09:41.0139 1400 usbuhci - ok
15:09:41.0171 1400 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:09:41.0186 1400 vdrvroot - ok
15:09:41.0217 1400 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:09:41.0233 1400 vga - ok
15:09:41.0249 1400 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:09:41.0295 1400 VgaSave - ok
15:09:41.0311 1400 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:09:41.0327 1400 vhdmp - ok
15:09:41.0373 1400 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:09:41.0373 1400 viaide - ok
15:09:41.0389 1400 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:09:41.0389 1400 volmgr - ok
15:09:41.0420 1400 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:09:41.0436 1400 volmgrx - ok
15:09:41.0451 1400 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:09:41.0467 1400 volsnap - ok
15:09:41.0529 1400 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
15:09:41.0545 1400 vpnva - ok
15:09:41.0561 1400 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:09:41.0576 1400 vsmraid - ok
15:09:41.0592 1400 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:09:41.0607 1400 vwifibus - ok
15:09:41.0607 1400 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:09:41.0623 1400 WacomPen - ok
15:09:41.0654 1400 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:09:41.0701 1400 WANARP - ok
15:09:41.0717 1400 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:09:41.0732 1400 Wanarpv6 - ok
15:09:41.0763 1400 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:09:41.0763 1400 Wd - ok
15:09:41.0795 1400 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:09:41.0826 1400 Wdf01000 - ok
15:09:41.0841 1400 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:09:41.0873 1400 WfpLwf - ok
15:09:41.0873 1400 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:09:41.0888 1400 WIMMount - ok
15:09:41.0935 1400 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:09:41.0966 1400 WinUsb - ok
15:09:41.0997 1400 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:09:42.0013 1400 WmiAcpi - ok
15:09:42.0029 1400 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:09:42.0075 1400 ws2ifsl - ok
15:09:42.0122 1400 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:09:42.0185 1400 WudfPf - ok
15:09:42.0200 1400 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:09:42.0247 1400 WUDFRd - ok
15:09:42.0263 1400 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:09:42.0356 1400 \Device\Harddisk0\DR0 - ok
15:09:42.0372 1400 Boot (0x1200) (b57f793d31ccf623b804a8d8d8da0edc) \Device\Harddisk0\DR0\Partition0
15:09:42.0372 1400 \Device\Harddisk0\DR0\Partition0 - ok
15:09:42.0387 1400 Boot (0x1200) (7022a5450dc7888f8d4b602c4c83f4c5) \Device\Harddisk0\DR0\Partition1
15:09:42.0387 1400 \Device\Harddisk0\DR0\Partition1 - ok
15:09:42.0403 1400 Boot (0x1200) (547d1a14fb16fe5ea2f45c9d5ff709c2) \Device\Harddisk0\DR0\Partition2
15:09:42.0403 1400 \Device\Harddisk0\DR0\Partition2 - ok
15:09:42.0403 1400 ============================================================
15:09:42.0403 1400 Scan finished
15:09:42.0403 1400 ============================================================
15:09:42.0419 3356 Detected object count: 0
15:09:42.0419 3356 Actual detected object count: 0

Alt 02.11.2011, 15:27   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.11.2011, 16:43   #13
Karry
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-02.01 - *** 02.11.2011  16:11:44.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2810 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\.#
c:\users\***\AppData\Roaming\.#\MBX@840@2062770.###
c:\users\***\AppData\Roaming\.#\MBX@840@20627A0.###
c:\users\***\AppData\Roaming\.#\MBX@EBC@2B2770.###
c:\users\***\AppData\Roaming\.#\MBX@EBC@2B27A0.###
c:\users\***\AppData\Roaming\.#\MBX@ECC@1F12770.###
c:\users\***\AppData\Roaming\.#\MBX@ECC@1F127A0.###
c:\users\***\AppData\Roaming\.#\MBX@EF4@2052770.###
c:\users\***\AppData\Roaming\.#\MBX@EF4@20527A0.###
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-02 bis 2011-11-02  ))))))))))))))))))))))))))))))
.
.
2011-11-02 14:08 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{54F90B6E-3592-4036-92F4-E8C01A435CDD}\mpengine.dll
2011-11-01 10:54 . 2011-11-01 10:54	--------	d-----w-	c:\users\***\AppData\Roaming\Publish Providers
2011-11-01 10:51 . 2011-11-01 10:51	--------	d-----w-	c:\users\***\AppData\Local\Sony
2011-11-01 10:50 . 2011-11-01 10:54	--------	d-----w-	c:\users\***\AppData\Roaming\Sony
2011-11-01 09:55 . 2011-11-01 09:55	--------	d-----w-	C:\_OTL
2011-10-30 19:21 . 2011-10-30 19:21	--------	d-----w-	c:\program files (x86)\ESET
2011-10-25 16:43 . 2011-10-25 16:43	--------	d-----w-	c:\users\***\AppData\Roaming\Nokia
2011-10-16 19:07 . 2011-10-16 19:07	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2011-10-16 19:07 . 2011-10-11 13:00	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-16 19:07 . 2011-10-11 13:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-16 19:07 . 2011-10-11 13:00	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-16 19:07 . 2011-10-16 19:07	--------	d-----w-	c:\programdata\Avira
2011-10-16 19:07 . 2011-10-16 19:07	--------	d-----w-	c:\program files (x86)\Avira
2011-10-13 10:37 . 2011-10-13 10:37	--------	d-----w-	c:\users\***\AppData\Local\DDMSettings
2011-10-13 10:20 . 2011-09-06 03:03	3138048	----a-w-	c:\windows\system32\win32k.sys
2011-10-13 10:20 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-13 10:20 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-13 10:20 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-10-13 10:20 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-10-13 10:18 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-10-13 10:18 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-10-13 10:18 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-13 10:18 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 18:43 . 2011-05-24 10:58	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 15:00 . 2011-04-17 16:13	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R4 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
R4 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-02-11 603896]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lif7zaww.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477} - c:\program files (x86)\Acer GameZone\Merriam Websters Spell Jam\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-02  16:19:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-02 15:19
.
Vor Suchlauf: 11 Verzeichnis(se), 445.415.002.112 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 444.671.488.000 Bytes frei
.
- - End Of File - - 10F94524A634BD5681E1155F69C74766
         
--- --- ---

Alt 02.11.2011, 19:56   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.11.2011, 18:10   #15
Karry
 
"APPCRASH" beim Taskmanager. - Standard

"APPCRASH" beim Taskmanager.



aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-08 17:42:26
-----------------------------
17:42:26.363 OS Version: Windows x64 6.1.7601 Service Pack 1
17:42:26.363 Number of processors: 4 586 0x2502
17:42:26.363 ComputerName: *** UserName: ***
17:42:27.175 Initialize success
17:52:13.039 AVAST engine defs: 11110801
18:02:18.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:02:18.453 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
18:02:18.468 Disk 0 MBR read successfully
18:02:18.468 Disk 0 MBR scan
18:02:18.484 Disk 0 Windows 7 default MBR code
18:02:18.500 Service scanning
18:02:21.900 Modules scanning
18:02:21.900 Disk 0 trace - called modules:
18:02:21.916 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:02:21.932 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b9a060]
18:02:21.932 3 CLASSPNP.SYS[fffff88001bc743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048f7050]
18:02:23.289 AVAST engine scan C:\Windows
18:02:27.532 AVAST engine scan C:\Windows\system32
18:03:55.610 AVAST engine scan C:\Windows\system32\drivers
18:04:04.143 AVAST engine scan C:\Users\***
18:05:47.493 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:05:47.493 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-08 17:42:26
-----------------------------
17:42:26.363 OS Version: Windows x64 6.1.7601 Service Pack 1
17:42:26.363 Number of processors: 4 586 0x2502
17:42:26.363 ComputerName: *** UserName: ***
17:42:27.175 Initialize success
17:52:13.039 AVAST engine defs: 11110801
18:02:18.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:02:18.453 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
18:02:18.468 Disk 0 MBR read successfully
18:02:18.468 Disk 0 MBR scan
18:02:18.484 Disk 0 Windows 7 default MBR code
18:02:18.500 Service scanning
18:02:21.900 Modules scanning
18:02:21.900 Disk 0 trace - called modules:
18:02:21.916 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:02:21.932 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b9a060]
18:02:21.932 3 CLASSPNP.SYS[fffff88001bc743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048f7050]
18:02:23.289 AVAST engine scan C:\Windows
18:02:27.532 AVAST engine scan C:\Windows\system32
18:03:55.610 AVAST engine scan C:\Windows\system32\drivers
18:04:04.143 AVAST engine scan C:\Users\***
18:05:47.493 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:05:47.493 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
18:06:07.209 AVAST engine scan C:\ProgramData
18:06:42.231 Scan finished successfully
18:07:49.654 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:07:49.670 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

Antwort

Themen zu "APPCRASH" beim Taskmanager.
7-zip, alternate, antivir, avg, avira, bho, c:\windows\system32\rundll32.exe, error, explorer, failed, fehlermeldung, fehlermodul, firefox, home, iexplore.exe, install.exe, locker, logfile, mozilla thunderbird, mywinlocker, nicht mehr öffnen, opera, problem, programme, realtek, registry, rundll, scan, security, shortcut, software, suche, taskmanager, webcheck, windows, winlogon.exe



Ähnliche Themen: "APPCRASH" beim Taskmanager.


  1. Problem beim Öffnen aller Programme ("Ungültiges Bild -..*.dll."st entweder..")
    Log-Analyse und Auswertung - 09.02.2015 (11)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. RegSvr32 "Fehler beim Laden des Moduls """ (mal wieder...)
    Log-Analyse und Auswertung - 21.08.2014 (6)
  4. Fehlermeldung bei Systemstart von WINDOWS 7 64-bit: RegSvr32 "Fehler beim Laden des Moduls ""."
    Log-Analyse und Auswertung - 17.08.2014 (10)
  5. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""."
    Alles rund um Windows - 12.08.2014 (18)
  6. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""."
    Log-Analyse und Auswertung - 16.06.2014 (11)
  7. Beim Treiber Update "wiederspenstige" Software eingefangen. "SpeedUpMyComputer"
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (3)
  8. Win 7: "PlusHD.8" & "rvzr-a-akamaihd.net" nerven - brauche Support beim Entfernen
    Log-Analyse und Auswertung - 24.01.2014 (17)
  9. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  10. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  11. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  12. Prozess "System" im Taskmanager Win7 ohne Dateipfad
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (2)
  13. Keine Funde - aber Taskmanager und Antivir sind "aus"
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (4)
  14. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  15. Taskmanager "blockiert" und Internetverbindung lässt sich nicht trennen
    Log-Analyse und Auswertung - 25.02.2008 (4)
  16. "regchk.exe beim Hochfahren, hängt evtll. mit "chkdisk" zusammen
    Plagegeister aller Art und deren Bekämpfung - 16.06.2007 (5)
  17. "regchk.exe" beim Hochfahren, hängt evtll. mit "chkdisk" zusammen???
    Mülltonne - 16.06.2007 (4)

Zum Thema "APPCRASH" beim Taskmanager. - Hallo zusammen, ich hoffe ihr könnt mir helfen und ich hoffe, ich hab jetzt alles richtig gemacht... Ich fang mal an. Mein Problem: Taskmanager lässt sich nicht mehr öffnen, es - "APPCRASH" beim Taskmanager....
Archiv
Du betrachtest: "APPCRASH" beim Taskmanager. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.