| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer öffnet unaufgefordert Seiten und komischer Virus gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.10.2012, 21:42
| #1 |
 |  Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Hallo Community, natürlich habe ich mich vorher über mein Problem im Internet informiert, fand mit meinen Stichpunkten aber nicht wirklich eine Antwort. Deswegen schildere ich mein Problem nun hier: Wenn ich mit meinem Laptop, Acer Aspire 7738G, ins Internet gehe und die Website "Google" besuche, dort beispielsweise "Wikipedia" oder irgendwas anderes eingebe, das Suchergebniss dann anklicke, öffnet sich irgendeine Seite! Beim letzten mal war es bei einer Suche eine Seite mit Gartenstühlen oder Ebay... Da ich mich über das Problem wunderte, habe ich mir erstmal ein Antivirenprogramm installiert, in meinem Fall nun "AVIRA". ....damit auch zu Problem 2: Wenn ich im Internet surfe, meldet der AVIRA Echtzeitscanner dauernt den folgendes Virus: "C:\$Recycle.Bin\S-1-5-18\...\80000032.@" mit dem unerwünschten Programm namens "TR/ATRAPS.Gen2" Wenn ich dann auf "Entfernen" drücke, kommt die Meldung nach einigen Sekunden wieder... Was ist mit meinem Computer los? Was ist das für ein Virus und warum werden seltsame Internetseiten geöffnet? Ich bin sehr sehr dankbar für euer Hilfe, euer F4c3d0wn! Danke!   PS: Ich kenne ja vieles, aber bitte sagt mir genau was ich mache soll, den von Virenbekämpfung habe ich nicht viel Ahnung... Geändert von F4c3d0wn (07.10.2012 um 21:48 Uhr) Grund: Das fehlte noch ;) |
|
08.10.2012, 06:48
| #2 |
| /// Malwareteam    |  Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Du hast das so genannte ZeroAccess-Rootkit am System. Welches Betriebssystem läuft? Bitte auch angeben, ob 32- oder 64bit!
__________________ |
|
08.10.2012, 12:42
| #3 |
| | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Danke Marius, dass du mir hilftst!!! Mein Name ist übrigens Jonas.
__________________Ich habe mir deine Schritte oben 1-7 durchgelesen, verstehe aber keine Aufforderung. Was soll ich nun machen? Ich habe ein 64-Bit Betriebsystem, Ccleaner ist auch schon vorhanden. |
|
08.10.2012, 12:46
| #4 |
| /// Malwareteam | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Schritt 1: OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Schritt 2: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 3: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
08.10.2012, 16:55
| #5 |
| | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Das Ergebnis (Report) vom TDSSKiller: 17:52:36.0922 3380 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 17:52:37.0181 3380 ============================================================ 17:52:37.0181 3380 Current date / time: 2012/10/08 17:52:37.0181 17:52:37.0181 3380 SystemInfo: 17:52:37.0181 3380 17:52:37.0181 3380 OS Version: 6.1.7601 ServicePack: 1.0 17:52:37.0181 3380 Product type: Workstation 17:52:37.0181 3380 ComputerName: JONAS-PC 17:52:37.0181 3380 UserName: Jonas 17:52:37.0181 3380 Windows directory: C:\Windows 17:52:37.0181 3380 System windows directory: C:\Windows 17:52:37.0181 3380 Running under WOW64 17:52:37.0181 3380 Processor architecture: Intel x64 17:52:37.0181 3380 Number of processors: 2 17:52:37.0181 3380 Page size: 0x1000 17:52:37.0181 3380 Boot type: Normal boot 17:52:37.0181 3380 ============================================================ 17:52:40.0290 3380 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:52:40.0374 3380 ============================================================ 17:52:40.0374 3380 \Device\Harddisk0\DR0: 17:52:40.0375 3380 MBR partitions: 17:52:40.0375 3380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E70800, BlocksNum 0x32000 17:52:40.0398 3380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1EA3000, BlocksNum 0x1FF97670 17:52:40.0484 3380 ============================================================ 17:52:40.0588 3380 C: <-> \Device\Harddisk0\DR0\Partition2 17:52:40.0649 3380 D: <-> \Device\Harddisk0\DR0\Partition1 17:52:40.0650 3380 ============================================================ 17:52:40.0650 3380 Initialize success 17:52:40.0650 3380 ============================================================ 17:52:47.0125 5104 ============================================================ 17:52:47.0126 5104 Scan started 17:52:47.0126 5104 Mode: Manual; 17:52:47.0126 5104 ============================================================ 17:52:48.0171 5104 ================ Scan system memory ======================== 17:52:48.0171 5104 System memory - ok 17:52:48.0172 5104 ================ Scan services ============================= 17:52:48.0556 5104 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 17:52:48.0559 5104 1394ohci - ok 17:52:48.0646 5104 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:52:48.0650 5104 ACPI - ok 17:52:48.0714 5104 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:52:48.0714 5104 AcpiPmi - ok 17:52:48.0941 5104 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:52:48.0942 5104 AdobeARMservice - ok 17:52:49.0199 5104 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:52:49.0202 5104 AdobeFlashPlayerUpdateSvc - ok 17:52:49.0290 5104 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 17:52:49.0296 5104 adp94xx - ok 17:52:49.0397 5104 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 17:52:49.0401 5104 adpahci - ok 17:52:49.0487 5104 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 17:52:49.0489 5104 adpu320 - ok 17:52:49.0540 5104 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:52:49.0541 5104 AeLookupSvc - ok 17:52:49.0624 5104 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 17:52:49.0630 5104 AFD - ok 17:52:49.0713 5104 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 17:52:49.0735 5104 AgereSoftModem - ok 17:52:49.0847 5104 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:52:49.0848 5104 agp440 - ok 17:52:49.0914 5104 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:52:49.0916 5104 ALG - ok 17:52:49.0958 5104 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 17:52:49.0958 5104 aliide - ok 17:52:49.0991 5104 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 17:52:49.0991 5104 amdide - ok 17:52:50.0072 5104 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 17:52:50.0072 5104 AmdK8 - ok 17:52:50.0090 5104 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 17:52:50.0091 5104 AmdPPM - ok 17:52:50.0151 5104 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:52:50.0152 5104 amdsata - ok 17:52:50.0237 5104 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 17:52:50.0240 5104 amdsbs - ok 17:52:50.0297 5104 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:52:50.0297 5104 amdxata - ok 17:52:50.0856 5104 [ 98A8B7D168D035FEFDEFA18F759115F6 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 17:52:50.0857 5104 AntiVirSchedulerService - ok 17:52:50.0950 5104 [ AAACAE485AE81D0A449FBC754880C791 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 17:52:50.0951 5104 AntiVirService - ok 17:52:51.0126 5104 [ 596FE09BAE862BF29220FC94075ED1CE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 17:52:51.0130 5104 AntiVirWebService - ok 17:52:51.0223 5104 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 17:52:51.0224 5104 AppID - ok 17:52:51.0282 5104 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:52:51.0283 5104 AppIDSvc - ok 17:52:51.0372 5104 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 17:52:51.0373 5104 Appinfo - ok 17:52:51.0473 5104 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:52:51.0474 5104 Apple Mobile Device - ok 17:52:51.0552 5104 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 17:52:51.0553 5104 arc - ok 17:52:51.0610 5104 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 17:52:51.0611 5104 arcsas - ok 17:52:51.0649 5104 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:52:51.0650 5104 AsyncMac - ok 17:52:51.0662 5104 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 17:52:51.0662 5104 atapi - ok 17:52:52.0064 5104 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:52:52.0133 5104 AudioEndpointBuilder - ok 17:52:52.0149 5104 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:52:52.0154 5104 AudioSrv - ok 17:52:52.0194 5104 [ 25B63A3C24A5E0223A35DE2F0D9E0FAF ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 17:52:52.0195 5104 avgntflt - ok 17:52:52.0254 5104 [ A83691240C1568E6A3EAA5C86D9F8AE3 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 17:52:52.0255 5104 avipbb - ok 17:52:52.0287 5104 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 17:52:52.0288 5104 avkmgr - ok 17:52:52.0363 5104 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:52:52.0365 5104 AxInstSV - ok 17:52:52.0518 5104 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 17:52:52.0523 5104 b06bdrv - ok 17:52:52.0610 5104 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:52:52.0613 5104 b57nd60a - ok 17:52:52.0714 5104 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 17:52:52.0715 5104 BDESVC - ok 17:52:52.0728 5104 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 17:52:52.0729 5104 Beep - ok 17:52:52.0770 5104 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:52:52.0771 5104 blbdrive - ok 17:52:52.0899 5104 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 17:52:52.0903 5104 Bonjour Service - ok 17:52:52.0968 5104 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:52:52.0969 5104 bowser - ok 17:52:53.0067 5104 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 17:52:53.0068 5104 BrFiltLo - ok 17:52:53.0091 5104 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 17:52:53.0092 5104 BrFiltUp - ok 17:52:53.0187 5104 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 17:52:53.0189 5104 Browser - ok 17:52:53.0493 5104 [ 0E39DB25920F7952C72A524565CCBAA6 ] Browser Manager C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe 17:52:53.0548 5104 Browser Manager - ok 17:52:53.0671 5104 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:52:53.0674 5104 Brserid - ok 17:52:53.0731 5104 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:52:53.0732 5104 BrSerWdm - ok 17:52:53.0778 5104 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:52:53.0778 5104 BrUsbMdm - ok 17:52:53.0841 5104 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:52:53.0841 5104 BrUsbSer - ok 17:52:53.0883 5104 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 17:52:53.0884 5104 BTHMODEM - ok 17:52:53.0999 5104 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 17:52:54.0000 5104 bthserv - ok 17:52:54.0017 5104 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:52:54.0018 5104 cdfs - ok 17:52:54.0090 5104 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:52:54.0092 5104 cdrom - ok 17:52:54.0175 5104 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 17:52:54.0176 5104 CertPropSvc - ok 17:52:54.0228 5104 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 17:52:54.0228 5104 circlass - ok 17:52:54.0270 5104 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 17:52:54.0274 5104 CLFS - ok 17:52:54.0505 5104 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:52:54.0507 5104 clr_optimization_v2.0.50727_32 - ok 17:52:54.0655 5104 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:52:54.0657 5104 clr_optimization_v2.0.50727_64 - ok 17:52:54.0834 5104 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:52:54.0879 5104 clr_optimization_v4.0.30319_32 - ok 17:52:54.0986 5104 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:52:54.0988 5104 clr_optimization_v4.0.30319_64 - ok 17:52:55.0043 5104 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:52:55.0043 5104 CmBatt - ok 17:52:55.0067 5104 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:52:55.0068 5104 cmdide - ok 17:52:55.0124 5104 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 17:52:55.0130 5104 CNG - ok 17:52:55.0200 5104 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:52:55.0200 5104 Compbatt - ok 17:52:55.0248 5104 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 17:52:55.0249 5104 CompositeBus - ok 17:52:55.0282 5104 COMSysApp - ok 17:52:55.0311 5104 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 17:52:55.0311 5104 crcdisk - ok 17:52:55.0408 5104 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:52:55.0410 5104 CryptSvc - ok 17:52:55.0526 5104 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:52:55.0533 5104 DcomLaunch - ok 17:52:55.0664 5104 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 17:52:55.0668 5104 defragsvc - ok 17:52:55.0726 5104 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:52:55.0728 5104 DfsC - ok 17:52:55.0824 5104 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 17:52:55.0828 5104 Dhcp - ok 17:52:55.0901 5104 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 17:52:55.0903 5104 discache - ok 17:52:55.0965 5104 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 17:52:55.0966 5104 Disk - ok 17:52:56.0075 5104 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:52:56.0078 5104 Dnscache - ok 17:52:56.0133 5104 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:52:56.0136 5104 dot3svc - ok 17:52:56.0148 5104 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 17:52:56.0150 5104 DPS - ok 17:52:56.0180 5104 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:52:56.0181 5104 drmkaud - ok 17:52:56.0286 5104 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 17:52:56.0288 5104 dtsoftbus01 - ok 17:52:56.0360 5104 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:52:56.0367 5104 DXGKrnl - ok 17:52:56.0418 5104 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 17:52:56.0420 5104 EapHost - ok 17:52:56.0807 5104 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 17:52:56.0907 5104 ebdrv - ok 17:52:56.0966 5104 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 17:52:56.0968 5104 EFS - ok 17:52:57.0077 5104 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:52:57.0085 5104 ehRecvr - ok 17:52:57.0116 5104 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 17:52:57.0117 5104 ehSched - ok 17:52:57.0446 5104 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 17:52:57.0451 5104 elxstor - ok 17:52:57.0458 5104 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:52:57.0458 5104 ErrDev - ok 17:52:57.0540 5104 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 17:52:57.0545 5104 EventSystem - ok 17:52:57.0625 5104 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 17:52:57.0626 5104 exfat - ok 17:52:57.0686 5104 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:52:57.0688 5104 fastfat - ok 17:52:57.0814 5104 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 17:52:57.0821 5104 Fax - ok 17:52:57.0842 5104 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 17:52:57.0843 5104 fdc - ok 17:52:57.0871 5104 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 17:52:57.0873 5104 fdPHost - ok 17:52:57.0890 5104 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 17:52:57.0891 5104 FDResPub - ok 17:52:57.0920 5104 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:52:57.0921 5104 FileInfo - ok 17:52:57.0959 5104 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:52:57.0960 5104 Filetrace - ok 17:52:58.0032 5104 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 17:52:58.0032 5104 flpydisk - ok 17:52:58.0108 5104 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:52:58.0111 5104 FltMgr - ok 17:52:58.0191 5104 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 17:52:58.0213 5104 FontCache - ok 17:52:58.0317 5104 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:52:58.0318 5104 FontCache3.0.0.0 - ok 17:52:58.0356 5104 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:52:58.0357 5104 FsDepends - ok 17:52:58.0423 5104 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:52:58.0424 5104 Fs_Rec - ok 17:52:58.0507 5104 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:52:58.0509 5104 fvevol - ok 17:52:58.0543 5104 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 17:52:58.0544 5104 gagp30kx - ok 17:52:58.0608 5104 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:52:58.0609 5104 GEARAspiWDM - ok 17:52:58.0668 5104 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 17:52:58.0677 5104 gpsvc - ok 17:52:58.0819 5104 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:52:58.0820 5104 gupdate - ok 17:52:58.0832 5104 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:52:58.0833 5104 gupdatem - ok 17:52:58.0874 5104 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:52:58.0875 5104 hcw85cir - ok 17:52:58.0998 5104 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:52:59.0002 5104 HdAudAddService - ok 17:52:59.0027 5104 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:52:59.0028 5104 HDAudBus - ok 17:52:59.0053 5104 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 17:52:59.0054 5104 HidBatt - ok 17:52:59.0088 5104 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 17:52:59.0089 5104 HidBth - ok 17:52:59.0117 5104 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 17:52:59.0118 5104 HidIr - ok 17:52:59.0163 5104 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 17:52:59.0164 5104 hidserv - ok 17:52:59.0243 5104 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:52:59.0244 5104 HidUsb - ok 17:52:59.0301 5104 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:52:59.0303 5104 hkmsvc - ok 17:52:59.0422 5104 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:52:59.0426 5104 HomeGroupListener - ok 17:52:59.0473 5104 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:52:59.0477 5104 HomeGroupProvider - ok 17:52:59.0516 5104 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:52:59.0517 5104 HpSAMD - ok 17:52:59.0566 5104 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:52:59.0574 5104 HTTP - ok 17:52:59.0611 5104 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:52:59.0611 5104 hwpolicy - ok 17:52:59.0664 5104 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:52:59.0665 5104 i8042prt - ok 17:52:59.0803 5104 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:52:59.0808 5104 iaStorV - ok 17:52:59.0981 5104 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 17:52:59.0982 5104 IDriverT - ok 17:53:00.0180 5104 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:53:00.0200 5104 idsvc - ok 17:53:00.0264 5104 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 17:53:00.0265 5104 iirsp - ok 17:53:00.0435 5104 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 17:53:00.0446 5104 IKEEXT - ok 17:53:00.0481 5104 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 17:53:00.0481 5104 intelide - ok 17:53:00.0541 5104 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:53:00.0542 5104 intelppm - ok 17:53:00.0577 5104 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:53:00.0579 5104 IPBusEnum - ok 17:53:00.0635 5104 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:53:00.0636 5104 IpFilterDriver - ok 17:53:00.0703 5104 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:53:00.0704 5104 IPMIDRV - ok 17:53:00.0789 5104 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:53:00.0792 5104 IPNAT - ok 17:53:01.0025 5104 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 17:53:01.0031 5104 iPod Service - ok 17:53:01.0100 5104 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:53:01.0101 5104 IRENUM - ok 17:53:01.0147 5104 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:53:01.0147 5104 isapnp - ok 17:53:01.0303 5104 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:53:01.0305 5104 iScsiPrt - ok 17:53:01.0360 5104 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 17:53:01.0363 5104 k57nd60a - ok 17:53:01.0419 5104 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:53:01.0420 5104 kbdclass - ok 17:53:01.0462 5104 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:53:01.0463 5104 kbdhid - ok 17:53:01.0477 5104 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 17:53:01.0478 5104 KeyIso - ok 17:53:01.0523 5104 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:53:01.0524 5104 KSecDD - ok 17:53:01.0576 5104 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:53:01.0577 5104 KSecPkg - ok 17:53:01.0631 5104 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:53:01.0632 5104 ksthunk - ok 17:53:01.0774 5104 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 17:53:01.0779 5104 KtmRm - ok 17:53:01.0879 5104 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 17:53:01.0883 5104 LanmanServer - ok 17:53:01.0962 5104 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:53:01.0966 5104 LanmanWorkstation - ok 17:53:02.0021 5104 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:53:02.0022 5104 lltdio - ok 17:53:02.0083 5104 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:53:02.0088 5104 lltdsvc - ok 17:53:02.0128 5104 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:53:02.0130 5104 lmhosts - ok 17:53:02.0178 5104 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 17:53:02.0179 5104 LSI_FC - ok 17:53:02.0229 5104 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 17:53:02.0230 5104 LSI_SAS - ok 17:53:02.0252 5104 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 17:53:02.0253 5104 LSI_SAS2 - ok 17:53:02.0281 5104 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 17:53:02.0283 5104 LSI_SCSI - ok 17:53:02.0319 5104 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 17:53:02.0320 5104 luafv - ok 17:53:02.0373 5104 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:53:02.0375 5104 Mcx2Svc - ok 17:53:02.0404 5104 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 17:53:02.0405 5104 megasas - ok 17:53:02.0580 5104 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 17:53:02.0601 5104 MegaSR - ok 17:53:02.0716 5104 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 17:53:02.0718 5104 MMCSS - ok 17:53:02.0791 5104 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 17:53:02.0793 5104 Modem - ok 17:53:02.0848 5104 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:53:02.0849 5104 monitor - ok 17:53:02.0876 5104 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:53:02.0877 5104 mouclass - ok 17:53:02.0904 5104 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:53:02.0904 5104 mouhid - ok 17:53:02.0935 5104 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:53:02.0937 5104 mountmgr - ok 17:53:03.0092 5104 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:53:03.0093 5104 MozillaMaintenance - ok 17:53:03.0177 5104 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 17:53:03.0178 5104 mpio - ok 17:53:03.0208 5104 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:53:03.0209 5104 mpsdrv - ok 17:53:03.0318 5104 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys 17:53:03.0320 5104 MQAC - ok 17:53:03.0402 5104 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:53:03.0404 5104 MRxDAV - ok 17:53:03.0482 5104 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:53:03.0484 5104 mrxsmb - ok 17:53:03.0553 5104 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:53:03.0557 5104 mrxsmb10 - ok 17:53:03.0578 5104 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:53:03.0580 5104 mrxsmb20 - ok 17:53:03.0628 5104 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 17:53:03.0629 5104 msahci - ok 17:53:03.0705 5104 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:53:03.0707 5104 msdsm - ok 17:53:03.0760 5104 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 17:53:03.0763 5104 MSDTC - ok 17:53:03.0816 5104 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:53:03.0817 5104 Msfs - ok 17:53:03.0846 5104 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:53:03.0847 5104 mshidkmdf - ok 17:53:03.0859 5104 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:53:03.0859 5104 msisadrv - ok 17:53:03.0943 5104 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:53:03.0946 5104 MSiSCSI - ok 17:53:03.0952 5104 msiserver - ok 17:53:04.0022 5104 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:53:04.0023 5104 MSKSSRV - ok 17:53:04.0125 5104 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe 17:53:04.0127 5104 MSMQ - ok 17:53:04.0175 5104 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:53:04.0176 5104 MSPCLOCK - ok 17:53:04.0247 5104 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:53:04.0248 5104 MSPQM - ok 17:53:04.0306 5104 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:53:04.0311 5104 MsRPC - ok 17:53:04.0356 5104 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:53:04.0357 5104 mssmbios - ok 17:53:04.0454 5104 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:53:04.0455 5104 MSTEE - ok 17:53:04.0480 5104 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 17:53:04.0480 5104 MTConfig - ok 17:53:04.0498 5104 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 17:53:04.0500 5104 Mup - ok 17:53:04.0560 5104 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 17:53:04.0566 5104 napagent - ok 17:53:04.0627 5104 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:53:04.0630 5104 NativeWifiP - ok 17:53:04.0714 5104 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:53:04.0739 5104 NDIS - ok 17:53:04.0801 5104 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:53:04.0802 5104 NdisCap - ok 17:53:04.0860 5104 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:53:04.0860 5104 NdisTapi - ok 17:53:04.0948 5104 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:53:04.0949 5104 Ndisuio - ok 17:53:05.0032 5104 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:53:05.0033 5104 NdisWan - ok 17:53:05.0079 5104 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:53:05.0080 5104 NDProxy - ok 17:53:05.0179 5104 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:53:05.0180 5104 NetBIOS - ok 17:53:05.0194 5104 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:53:05.0197 5104 NetBT - ok 17:53:05.0211 5104 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 17:53:05.0212 5104 Netlogon - ok 17:53:05.0264 5104 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 17:53:05.0270 5104 Netman - ok 17:53:05.0294 5104 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 17:53:05.0299 5104 netprofm - ok 17:53:05.0335 5104 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:53:05.0347 5104 NetTcpPortSharing - ok 17:53:05.0728 5104 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys 17:53:05.0853 5104 netw5v64 - ok 17:53:05.0909 5104 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 17:53:05.0910 5104 nfrd960 - ok 17:53:06.0072 5104 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:53:06.0076 5104 NlaSvc - ok 17:53:06.0100 5104 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:53:06.0101 5104 Npfs - ok 17:53:06.0157 5104 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 17:53:06.0159 5104 nsi - ok 17:53:06.0236 5104 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:53:06.0237 5104 nsiproxy - ok 17:53:06.0674 5104 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:53:06.0919 5104 Ntfs - ok 17:53:06.0978 5104 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 17:53:06.0979 5104 Null - ok 17:53:07.0156 5104 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 17:53:07.0162 5104 NVHDA - ok 17:53:08.0407 5104 [ AA043614B7F65EAF7FA83068286D5981 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 17:53:08.0515 5104 nvlddmkm - ok 17:53:08.0596 5104 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:53:08.0599 5104 nvraid - ok 17:53:08.0666 5104 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:53:08.0668 5104 nvstor - ok 17:53:09.0184 5104 [ D0A5ADF4CD902C06ACD651D2FB2A85A9 ] nvsvc C:\Windows\system32\nvvsvc.exe 17:53:09.0203 5104 nvsvc - ok 17:53:09.0867 5104 [ 03FAC29EED869029D5B000805DE2DE57 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 17:53:09.0919 5104 nvUpdatusService - ok 17:53:09.0988 5104 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:53:09.0990 5104 nv_agp - ok 17:53:10.0043 5104 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:53:10.0044 5104 ohci1394 - ok 17:53:10.0172 5104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:53:10.0177 5104 p2pimsvc - ok 17:53:10.0373 5104 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 17:53:10.0380 5104 p2psvc - ok 17:53:10.0444 5104 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 17:53:10.0445 5104 Parport - ok 17:53:10.0503 5104 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:53:10.0504 5104 partmgr - ok 17:53:10.0577 5104 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:53:10.0580 5104 PcaSvc - ok 17:53:10.0628 5104 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 17:53:10.0630 5104 pci - ok 17:53:10.0689 5104 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 17:53:10.0690 5104 pciide - ok 17:53:10.0833 5104 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 17:53:10.0835 5104 pcmcia - ok 17:53:10.0895 5104 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 17:53:10.0896 5104 pcw - ok 17:53:10.0964 5104 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:53:10.0971 5104 PEAUTH - ok 17:53:13.0590 5104 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:53:13.0592 5104 PerfHost - ok 17:53:13.0978 5104 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 17:53:13.0994 5104 pla - ok 17:53:14.0172 5104 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:53:14.0178 5104 PlugPlay - ok 17:53:14.0206 5104 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:53:14.0209 5104 PNRPAutoReg - ok 17:53:14.0305 5104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:53:14.0309 5104 PNRPsvc - ok 17:53:14.0460 5104 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:53:14.0465 5104 PolicyAgent - ok 17:53:14.0563 5104 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 17:53:14.0566 5104 Power - ok 17:53:14.0652 5104 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:53:14.0653 5104 PptpMiniport - ok 17:53:14.0719 5104 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 17:53:14.0720 5104 Processor - ok 17:53:14.0822 5104 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 17:53:14.0825 5104 ProfSvc - ok 17:53:14.0854 5104 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:53:14.0856 5104 ProtectedStorage - ok 17:53:14.0988 5104 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:53:14.0990 5104 Psched - ok 17:53:15.0385 5104 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 17:53:15.0401 5104 ql2300 - ok 17:53:15.0426 5104 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 17:53:15.0427 5104 ql40xx - ok 17:53:15.0497 5104 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 17:53:15.0502 5104 QWAVE - ok 17:53:15.0532 5104 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:53:15.0533 5104 QWAVEdrv - ok 17:53:15.0592 5104 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:53:15.0593 5104 RasAcd - ok 17:53:15.0703 5104 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:53:15.0704 5104 RasAgileVpn - ok 17:53:15.0755 5104 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 17:53:15.0758 5104 RasAuto - ok 17:53:15.0831 5104 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:53:15.0832 5104 Rasl2tp - ok 17:53:15.0974 5104 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 17:53:15.0980 5104 RasMan - ok 17:53:16.0028 5104 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:53:16.0029 5104 RasPppoe - ok 17:53:16.0096 5104 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:53:16.0097 5104 RasSstp - ok 17:53:16.0218 5104 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:53:16.0231 5104 rdbss - ok 17:53:16.0280 5104 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 17:53:16.0281 5104 rdpbus - ok 17:53:16.0316 5104 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:53:16.0317 5104 RDPCDD - ok 17:53:16.0402 5104 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:53:16.0403 5104 RDPENCDD - ok 17:53:16.0431 5104 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:53:16.0432 5104 RDPREFMP - ok 17:53:16.0521 5104 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:53:16.0524 5104 RDPWD - ok 17:53:16.0604 5104 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:53:16.0607 5104 rdyboost - ok 17:53:16.0736 5104 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:53:16.0739 5104 RemoteAccess - ok 17:53:16.0839 5104 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:53:16.0842 5104 RemoteRegistry - ok 17:53:16.0892 5104 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:53:16.0894 5104 RpcEptMapper - ok 17:53:16.0953 5104 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 17:53:16.0954 5104 RpcLocator - ok 17:53:17.0081 5104 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 17:53:17.0087 5104 RpcSs - ok 17:53:17.0155 5104 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:53:17.0156 5104 rspndr - ok 17:53:17.0176 5104 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 17:53:17.0178 5104 SamSs - ok 17:53:17.0224 5104 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:53:17.0226 5104 sbp2port - ok 17:53:17.0317 5104 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:53:17.0320 5104 SCardSvr - ok 17:53:17.0464 5104 [ BB19E8CDFE4DADE1DDD5825289854E86 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys 17:53:17.0466 5104 SCDEmu - ok 17:53:17.0512 5104 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:53:17.0513 5104 scfilter - ok 17:53:17.0828 5104 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 17:53:17.0840 5104 Schedule - ok 17:53:17.0885 5104 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 17:53:17.0886 5104 SCPolicySvc - ok 17:53:17.0991 5104 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:53:17.0994 5104 SDRSVC - ok 17:53:18.0091 5104 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:53:18.0091 5104 secdrv - ok 17:53:18.0147 5104 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 17:53:18.0150 5104 seclogon - ok 17:53:18.0211 5104 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 17:53:18.0213 5104 SENS - ok 17:53:18.0274 5104 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:53:18.0276 5104 SensrSvc - ok 17:53:18.0346 5104 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 17:53:18.0347 5104 Serenum - ok 17:53:18.0442 5104 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 17:53:18.0444 5104 Serial - ok 17:53:18.0512 5104 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 17:53:18.0513 5104 sermouse - ok 17:53:18.0582 5104 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 17:53:18.0585 5104 SessionEnv - ok 17:53:18.0767 5104 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:53:18.0768 5104 sffdisk - ok 17:53:18.0845 5104 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:53:18.0845 5104 sffp_mmc - ok 17:53:18.0910 5104 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:53:18.0911 5104 sffp_sd - ok 17:53:18.0937 5104 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 17:53:18.0937 5104 sfloppy - ok 17:53:18.0988 5104 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:53:18.0993 5104 ShellHWDetection - ok 17:53:19.0027 5104 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 17:53:19.0028 5104 SiSRaid2 - ok 17:53:19.0105 5104 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 17:53:19.0106 5104 SiSRaid4 - ok 17:53:19.0231 5104 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:53:19.0232 5104 Smb - ok 17:53:19.0364 5104 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:53:19.0366 5104 SNMPTRAP - ok 17:53:19.0430 5104 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 17:53:19.0432 5104 spldr - ok 17:53:19.0536 5104 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 17:53:19.0542 5104 Spooler - ok 17:53:19.0739 5104 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 17:53:19.0824 5104 sppsvc - ok 17:53:19.0895 5104 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:53:19.0898 5104 sppuinotify - ok 17:53:19.0945 5104 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 17:53:19.0951 5104 srv - ok 17:53:20.0009 5104 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:53:20.0013 5104 srv2 - ok 17:53:20.0072 5104 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:53:20.0074 5104 srvnet - ok 17:53:20.0178 5104 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:53:20.0183 5104 SSDPSRV - ok 17:53:20.0249 5104 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:53:20.0252 5104 SstpSvc - ok 17:53:20.0326 5104 Steam Client Service - ok 17:53:20.0365 5104 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 17:53:20.0366 5104 stexstor - ok 17:53:20.0485 5104 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 17:53:20.0493 5104 stisvc - ok 17:53:20.0567 5104 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:53:20.0568 5104 swenum - ok 17:53:20.0691 5104 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 17:53:20.0699 5104 swprv - ok 17:53:20.0803 5104 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 17:53:20.0834 5104 SysMain - ok 17:53:20.0870 5104 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:53:20.0873 5104 TabletInputService - ok 17:53:20.0943 5104 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:53:20.0962 5104 TapiSrv - ok 17:53:20.0991 5104 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 17:53:20.0995 5104 TBS - ok 17:53:21.0112 5104 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:53:21.0179 5104 Tcpip - ok 17:53:21.0279 5104 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:53:21.0292 5104 TCPIP6 - ok 17:53:21.0343 5104 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:53:21.0344 5104 tcpipreg - ok 17:53:21.0464 5104 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:53:21.0465 5104 TDPIPE - ok 17:53:21.0526 5104 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:53:21.0527 5104 TDTCP - ok 17:53:21.0585 5104 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:53:21.0587 5104 tdx - ok 17:53:21.0651 5104 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:53:21.0652 5104 TermDD - ok 17:53:21.0756 5104 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 17:53:21.0764 5104 TermService - ok 17:53:21.0811 5104 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 17:53:21.0814 5104 Themes - ok 17:53:21.0828 5104 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 17:53:21.0830 5104 THREADORDER - ok 17:53:21.0875 5104 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 17:53:21.0878 5104 TrkWks - ok 17:53:22.0015 5104 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:53:22.0017 5104 TrustedInstaller - ok 17:53:22.0053 5104 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:53:22.0054 5104 tssecsrv - ok 17:53:22.0161 5104 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 17:53:22.0162 5104 TsUsbFlt - ok 17:53:22.0193 5104 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 17:53:22.0194 5104 TsUsbGD - ok 17:53:22.0354 5104 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:53:22.0356 5104 tunnel - ok 17:53:22.0393 5104 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 17:53:22.0394 5104 uagp35 - ok 17:53:22.0489 5104 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:53:22.0493 5104 udfs - ok 17:53:22.0545 5104 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:53:22.0548 5104 UI0Detect - ok 17:53:22.0603 5104 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:53:22.0604 5104 uliagpkx - ok 17:53:22.0733 5104 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:53:22.0734 5104 umbus - ok 17:53:22.0759 5104 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 17:53:22.0760 5104 UmPass - ok 17:53:22.0809 5104 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 17:53:22.0814 5104 upnphost - ok 17:53:22.0867 5104 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 17:53:22.0867 5104 USBAAPL64 - ok 17:53:22.0988 5104 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 17:53:22.0989 5104 usbaudio - ok 17:53:23.0060 5104 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:53:23.0061 5104 usbccgp - ok 17:53:23.0139 5104 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:53:23.0140 5104 usbcir - ok 17:53:23.0171 5104 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:53:23.0172 5104 usbehci - ok 17:53:23.0314 5104 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:53:23.0318 5104 usbhub - ok 17:53:23.0368 5104 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:53:23.0368 5104 usbohci - ok 17:53:23.0424 5104 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:53:23.0425 5104 usbprint - ok 17:53:23.0485 5104 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 17:53:23.0486 5104 usbscan - ok 17:53:23.0549 5104 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:53:23.0550 5104 USBSTOR - ok 17:53:23.0607 5104 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 17:53:23.0608 5104 usbuhci - ok 17:53:23.0725 5104 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 17:53:23.0727 5104 usbvideo - ok 17:53:23.0768 5104 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 17:53:23.0771 5104 UxSms - ok 17:53:23.0788 5104 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 17:53:23.0790 5104 VaultSvc - ok 17:53:23.0837 5104 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 17:53:23.0838 5104 vdrvroot - ok 17:53:23.0890 5104 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 17:53:23.0898 5104 vds - ok 17:53:24.0047 5104 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:53:24.0048 5104 vga - ok 17:53:24.0117 5104 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 17:53:24.0118 5104 VgaSave - ok 17:53:24.0179 5104 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 17:53:24.0180 5104 vhdmp - ok 17:53:24.0270 5104 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 17:53:24.0272 5104 viaide - ok 17:53:24.0303 5104 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:53:24.0304 5104 volmgr - ok 17:53:24.0325 5104 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:53:24.0333 5104 volmgrx - ok 17:53:24.0351 5104 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:53:24.0355 5104 volsnap - ok 17:53:24.0391 5104 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 17:53:24.0393 5104 vsmraid - ok 17:53:24.0662 5104 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 17:53:24.0720 5104 VSS - ok 17:53:25.0089 5104 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 17:53:25.0090 5104 vwifibus - ok 17:53:25.0204 5104 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 17:53:25.0210 5104 W32Time - ok 17:53:25.0276 5104 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 17:53:25.0277 5104 WacomPen - ok 17:53:25.0375 5104 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:53:25.0376 5104 WANARP - ok 17:53:25.0380 5104 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:53:25.0382 5104 Wanarpv6 - ok 17:53:25.0445 5104 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 17:53:25.0462 5104 wbengine - ok 17:53:25.0529 5104 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:53:25.0533 5104 WbioSrvc - ok 17:53:25.0631 5104 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:53:25.0638 5104 wcncsvc - ok 17:53:25.0678 5104 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:53:25.0681 5104 WcsPlugInService - ok 17:53:25.0743 5104 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 17:53:25.0743 5104 Wd - ok 17:53:25.0818 5104 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:53:25.0825 5104 Wdf01000 - ok 17:53:25.0872 5104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:53:25.0875 5104 WdiServiceHost - ok 17:53:25.0881 5104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:53:25.0884 5104 WdiSystemHost - ok 17:53:25.0905 5104 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 17:53:25.0909 5104 WebClient - ok 17:53:25.0965 5104 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:53:25.0970 5104 Wecsvc - ok 17:53:26.0022 5104 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:53:26.0025 5104 wercplsupport - ok 17:53:26.0084 5104 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 17:53:26.0087 5104 WerSvc - ok 17:53:26.0156 5104 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:53:26.0157 5104 WfpLwf - ok 17:53:26.0176 5104 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:53:26.0177 5104 WIMMount - ok 17:53:26.0185 5104 WinHttpAutoProxySvc - ok 17:53:26.0442 5104 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:53:26.0444 5104 Winmgmt - ok 17:53:26.0717 5104 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 17:53:26.0787 5104 WinRM - ok 17:53:27.0044 5104 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 17:53:27.0045 5104 WinUsb - ok 17:53:27.0458 5104 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 17:53:27.0524 5104 Wlansvc - ok 17:53:28.0464 5104 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:53:28.0526 5104 wlidsvc - ok 17:53:28.0748 5104 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys 17:53:28.0749 5104 WmBEnum - ok 17:53:28.0933 5104 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys 17:53:28.0934 5104 WmFilter - ok 17:53:29.0098 5104 [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys 17:53:29.0098 5104 WmHidLo - ok 17:53:29.0208 5104 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 17:53:29.0208 5104 WmiAcpi - ok 17:53:29.0401 5104 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:53:29.0478 5104 wmiApSrv - ok 17:53:29.0674 5104 WMPNetworkSvc - ok 17:53:29.0757 5104 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys 17:53:29.0758 5104 WmVirHid - ok 17:53:29.0835 5104 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys 17:53:29.0837 5104 WmXlCore - ok 17:53:29.0904 5104 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:53:29.0907 5104 WPCSvc - ok 17:53:29.0946 5104 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:53:29.0950 5104 WPDBusEnum - ok 17:53:30.0032 5104 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:53:30.0033 5104 ws2ifsl - ok 17:53:30.0041 5104 WSearch - ok 17:53:30.0071 5104 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:53:30.0073 5104 WudfPf - ok 17:53:30.0228 5104 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:53:30.0230 5104 WUDFRd - ok 17:53:30.0355 5104 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:53:30.0358 5104 wudfsvc - ok 17:53:30.0541 5104 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 17:53:30.0545 5104 WwanSvc - ok 17:53:30.0552 5104 ================ Scan global =============================== 17:53:30.0627 5104 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 17:53:30.0773 5104 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 17:53:30.0792 5104 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 17:53:31.0086 5104 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 17:53:31.0210 5104 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 17:53:31.0215 5104 [Global] - ok 17:53:31.0216 5104 ================ Scan MBR ================================== 17:53:31.0378 5104 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:53:34.0630 5104 \Device\Harddisk0\DR0 - ok 17:53:34.0631 5104 ================ Scan VBR ================================== 17:53:34.0659 5104 [ 4133A627BC8C5C91B5A80AA5554E633C ] \Device\Harddisk0\DR0\Partition1 17:53:34.0662 5104 \Device\Harddisk0\DR0\Partition1 - ok 17:53:34.0698 5104 [ 9F1F1C6B779179BCF9E65FAA94603F37 ] \Device\Harddisk0\DR0\Partition2 17:53:34.0735 5104 \Device\Harddisk0\DR0\Partition2 - ok 17:53:34.0735 5104 ============================================================ 17:53:34.0735 5104 Scan finished 17:53:34.0735 5104 ============================================================ 17:53:34.0751 4228 Detected object count: 0 17:53:34.0751 4228 Actual detected object count: 0 Die anderen beiden Scans sind in arbeit. Werden gleich gepostet. Ich darf während der Scans doch im Internet sein, oder? Das Programm "OTL.exe" funktioniert bei mir nicht: Nach ca 30sek scannen (ich entferne mich während des Scans vom PC, klicke auch nix) kommt "Keine Rückmeldung". Also........ Hier das Ergebniss vom aswMBR.exe: aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-08 17:49:58 ----------------------------- 17:49:58.142 OS Version: Windows x64 6.1.7601 Service Pack 1 17:49:58.142 Number of processors: 2 586 0x170A 17:49:58.149 ComputerName: JONAS-PC UserName: Jonas 17:50:00.411 Initialize success 17:51:23.469 AVAST engine defs: 12100800 17:51:40.589 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:51:40.592 Disk 0 Vendor: WDC_WD6400BEVT-22A0RT0 01.01A01 Size: 610480MB BusType: 11 17:51:40.603 Disk 0 MBR read successfully 17:51:40.606 Disk 0 MBR scan 17:51:40.627 Disk 0 Windows 7 default MBR code 17:51:40.646 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048 17:51:40.675 Disk 0 Partition 2 00 12 Compaq diag NTFS 3584 MB offset 24578048 17:51:40.694 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 100 MB offset 31918080 17:51:40.708 Disk 0 Partition - 00 0F Extended LBA 594795 MB offset 32122880 17:51:40.755 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 261934 MB offset 32124928 17:51:40.769 Disk 0 Partition - 00 05 Extended 2050 MB offset 568567408 17:51:40.827 Disk 0 Partition 5 00 82 Linux swap 2050 MB offset 568567808 17:51:40.836 Disk 0 Partition - 00 05 Extended 20481 MB offset 1109210736 17:51:40.926 Disk 0 Partition 6 00 83 Linux 20480 MB offset 572768256 17:51:40.945 Disk 0 Partition - 00 05 Extended 310318 MB offset 1155354624 17:51:41.011 Disk 0 Partition 7 00 83 Linux 310317 MB offset 614713344 17:51:41.122 Disk 0 scanning C:\Windows\system32\drivers 17:52:12.285 Service scanning 17:53:05.459 Modules scanning 17:53:05.469 Disk 0 trace - called modules: 17:53:05.490 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 17:53:05.498 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c76060] 17:53:05.506 3 CLASSPNP.SYS[fffff8800186343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004741060] 17:53:19.651 AVAST engine scan C:\Windows 17:53:38.264 AVAST engine scan C:\Windows\system32 17:58:44.905 AVAST engine scan C:\Windows\system32\drivers 17:59:01.615 AVAST engine scan C:\Users\Jonas 18:08:39.464 AVAST engine scan C:\ProgramData 18:10:22.276 Scan finished successfully 18:28:20.421 Disk 0 MBR has been saved successfully to "C:\Users\Jonas\Desktop\MBR.dat" 18:28:20.435 The log file has been saved successfully to "C:\Users\Jonas\Desktop\aswMBR.txt" |
|
08.10.2012, 18:02
| #6 |
| /// Malwareteam | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Lass OTL mal weg - mach folgendes: Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.scr dds.pif
__________________ --> Computer öffnet unaufgefordert Seiten und komischer Virus gefunden |
|
08.10.2012, 18:25
| #7 |
| | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Wie ist es eigentlich zu handhaben, dass ich mich ja mit meinem Passwort hier anmelden muss und der Verbreiter meines Trojaners/Virus, was auch immer, das Passwort dieser Seite ja hier weiß? Außerdem: Hier das DDS.txt : .DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Jonas at 19:20:33 on 2012-10-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2480 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mqsvc.exe
C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Jonas\AppData\Roaming\BrowserCompanion\tbhcn.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
mStart Page = hxxp://search.chatzum.com/
uInternet Settings,ProxyServer = http=;ftp=;https=;
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Browser Companion Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: loadtbs: {dfefcdee-cf1a-4fc8-88ad-129872198372} - C:\Users\Jonas\AppData\Roaming\loadtbs\toolbar.dll
TB: {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Google Update] "C:\Users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Jonas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Jonas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\tbhcn.lnk - C:\Users\Jonas\AppData\Roaming\BrowserCompanion\tbhcn.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: mswsock.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{30D53C6F-7AE8-4C70-AD89-77F453161D87} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{FCFCF837-D0B4-4D4E-908C-8AE06C0051FB} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FCFCF837-D0B4-4D4E-908C-8AE06C0051FB}\46C696E6B6 : DhcpNameServer = 192.168.0.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll
{00cbb66b-1d3b-46d3-9577-323a336acb50}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{963B125B-8B21-49A2-A3A8-E37092276531}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
TB-X64: {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
{99079a25-328f-4bd4-be04-00955acaa0a7}
{D4027C7F-154A-4066-A1AD-4243D8127440}
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [(Standard)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
AppInit_DLLs-X64: c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
user_pref(browser.newtab.url, search.chatzum.com);FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=2c691f30-d602-4086-92dd-b3451bcdcdb2&apn_ptnrs=%5EAGS&apn_sauid=D552E4E5-ADBD-4CC0-98DF-C6C07FCC1609&apn_dtid=%5EYYYYYY%5EVL%5EDE&&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5afdc74600000000000000262d631707&q=
FF - user.js: extensions.BabylonToolbar.id - 5afdc74600000000000000262d631707
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15616
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.716:17:12
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
.
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-7 84256]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-7 108320]
R2 AntiVirWebService;Avira Browser-Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-10-7 554784]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-3 2201112]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-8-27 2253120]
R3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-30 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-9 250568]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-30 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-28 114144]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-10-07 20:05:09 -------- d-----w- C:\Users\Jonas\AppData\Roaming\Avira
2012-10-07 19:59:23 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-10-07 19:59:05 99248 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-10-07 19:59:05 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-10-07 19:59:04 -------- d-----w- C:\ProgramData\Avira
2012-10-07 19:59:04 -------- d-----w- C:\Program Files (x86)\Avira
2012-10-06 19:42:28 -------- d-----w- C:\Users\Jonas\AppData\Local\Logitech
2012-10-06 19:27:49 -------- d-----w- C:\Program Files\Common Files\Logitech
2012-10-06 18:09:14 -------- d-----w- C:\Users\Jonas\AppData\Local\Bus Simulator 2012
2012-10-06 17:58:21 -------- d-----w- C:\Program Files (x86)\astragon
2012-10-06 14:01:02 -------- d-----w- C:\ProgramData\boost_interprocess
2012-10-06 14:00:53 -------- d-----w- C:\Users\Jonas\AppData\Roaming\FreeVideoConverter
2012-10-06 14:00:51 -------- d-----w- C:\Program Files (x86)\Free Video Converter
2012-10-06 11:57:48 -------- d-----w- C:\NDSCreator
2012-10-05 12:25:52 -------- d-----w- C:\Users\Jonas\AppData\Roaming\Unity
2012-10-05 12:23:33 -------- d-----w- C:\Users\Jonas\AppData\Roaming\PACE Anti-Piracy
2012-10-05 12:23:33 -------- d-----w- C:\Users\Jonas\AppData\Local\PACE Anti-Piracy
2012-10-05 12:23:33 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-10-05 12:23:32 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
2012-10-05 12:21:14 -------- d-----w- C:\Users\Jonas\AppData\Local\Unity
2012-10-05 12:15:32 -------- d-----w- C:\Program Files (x86)\Unity
2012-10-04 17:54:09 -------- d-----w- C:\Users\Jonas\AppData\Local\GameMaker8.1
2012-10-04 17:53:57 -------- d-----w- C:\Users\Jonas\AppData\Local\YoYo_Games_Ltd
2012-10-04 17:40:18 -------- d-----w- C:\Program Files (x86)\ChatZum Toolbar
2012-10-04 17:39:53 -------- d-----w- C:\Users\Jonas\GameMaker 8.1
2012-10-04 17:39:53 -------- d-----w- C:\Users\Jonas\AppData\Roaming\GameMaker
2012-10-04 15:56:07 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-10-04 15:44:28 -------- d-----w- C:\devkitPro
2012-10-04 15:13:45 560128 ----a-w- C:\Windows\SysWow64\ScintillaNet.dll
2012-10-04 15:13:45 560128 ----a-w- C:\Windows\ScintillaNet.dll
2012-10-04 15:13:45 408576 ----a-w- C:\Windows\SysWow64\SciLexer.dll
2012-10-04 15:13:45 408576 ----a-w- C:\Windows\SciLexer.dll
2012-10-04 15:13:26 -------- d-----w- C:\Program Files (x86)\DS Game Maker
2012-10-04 15:11:14 -------- d-----w- C:\Users\Jonas\AppData\Local\Babylon
2012-10-04 12:23:04 -------- d-----w- C:\Users\Jonas\AppData\Local\European Bus Simulator 2012
2012-10-03 18:40:25 -------- d-----w- C:\Users\Jonas\AppData\Roaming\Sinvise Systems
2012-10-03 18:40:25 -------- d-----w- C:\Program Files (x86)\Sinvise Systems
2012-10-03 14:19:46 -------- d-----w- C:\Users\Jonas\AppData\Local\DownTango
2012-10-03 14:19:36 -------- d-----w- C:\Program Files (x86)\Red Sky
2012-10-03 14:17:15 -------- d-----w- C:\ProgramData\Browser Manager
2012-10-03 14:15:44 -------- d-----w- C:\ProgramData\Tarma Installer
2012-10-03 13:13:11 -------- d-----w- C:\Program Files (x86)\N3V Games
2012-10-03 13:13:59 -------- d-----w- C:\Program Files (x86)\N3V Games
2012-10-02 18:01:03 -------- d-----w- C:\Users\Jonas\AppData\Local\{08B1FC16-6D7A-4844-89E5-ECE7A180CE56}
2012-10-02 16:36:02 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2FFD5F8-B247-4BC3-A2AB-24C0D5D7332E}\mpengine.dll
2012-10-01 16:50:44 -------- d-----w- C:\Users\Jonas\AppData\Roaming\Fighters
2012-10-01 16:50:06 -------- d-----w- C:\ProgramData\Fighters
2012-10-01 16:50:06 -------- d-----w- C:\ProgramData\Fighters
2012-10-01 16:50:06 -------- d-----w- C:\ProgramData\Fighters
2012-10-01 16:50:06 -------- d-----w- C:\ProgramData\Fighters
2012-10-01 15:06:09 -------- d-----w- C:\Users\Jonas\AppData\Local\{1198A11C-6516-48AF-A8F6-46ED37D18BC9}
2012-10-01 14:22:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-01 14:22:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-01 14:22:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-01 14:22:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-01 14:22:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-01 14:22:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-01 14:22:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-30 07:53:48 -------- d-----w- C:\Users\Jonas\AppData\Roaming\Satmap
2012-09-30 07:52:50 -------- d-----w- C:\Users\Jonas\AppData\Local\Satmap_Systems_Ltd
2012-09-29 12:19:42 -------- d-----w- C:\Users\Jonas\AppData\Roaming\SF Software
2012-09-29 12:19:42 -------- d-----w- C:\Users\Jonas\AppData\Local\SF
2012-09-29 12:10:30 -------- d-----w- C:\ProgramData\SF
2012-09-29 11:57:42 -------- d-----w- C:\Program Files (x86)\Sigel
2012-09-26 13:55:53 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-26 13:54:01 -------- d-----w- C:\Program Files\iPod
2012-09-26 13:53:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-26 13:53:58 -------- d-----w- C:\Program Files\iTunes
2012-09-26 13:53:58 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-26 13:38:08 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-20 16:32:46 -------- d-----w- C:\Users\Jonas\AppData\Roaming\PDAppFlex
2012-09-18 19:00:34 15112 ----a-w- C:\Users\Jonas\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2012-09-18 18:58:06 -------- d-----w- C:\ProgramData\Synetic
2012-09-18 18:58:01 -------- d-----w- C:\Users\Jonas\AppData\Roaming\ProtectDISC
2012-09-18 18:56:34 -------- d--h--w- C:\Windows\msdownld.tmp
2012-09-18 18:56:28 -------- d-----w- C:\Windows\SysWow64\directx
2012-09-17 11:48:26 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-15 20:26:27 -------- d-----w- C:\Users\Jonas\AppData\Local\fontconfig
2012-09-15 20:26:25 -------- d-----w- C:\Users\Jonas\AppData\Local\gegl-0.2
2012-09-15 20:26:25 -------- d-----w- C:\Users\Jonas\.gimp-2.8
2012-09-15 20:25:14 -------- d-----w- C:\Program Files\GIMP 2
2012-09-15 09:26:00 -------- d-----w- C:\Users\Jonas\AppData\Local\{648658F6-667E-419B-BEDA-8F16A2F92A31}
2012-09-14 15:07:13 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-09-14 11:38:14 -------- d-----w- C:\Users\Jonas\AppData\Roaming\Steganos
2012-09-12 15:59:09 -------- d-----w- C:\Program Files (x86)\FIFA 12
2012-09-12 15:59:09 -------- d-----w- C:\Program Files (x86)\FIFA 12
2012-09-12 15:59:09 -------- d-----w- C:\Program Files (x86)\FIFA 12
2012-09-12 15:59:09 -------- d-----w- C:\Program Files (x86)\FIFA 12
2012-09-12 15:17:54 -------- d-----w- C:\Users\Jonas\AppData\Local\CrashRpt
2012-09-12 14:01:50 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 14:01:50 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 14:01:49 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 14:01:49 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 14:01:48 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 14:01:48 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 14:01:48 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-11 16:30:33 -------- d-----w- C:\Users\Jonas\AppData\Roaming\convert
2012-09-11 16:30:29 -------- d-----w- C:\Users\Jonas\AppData\Roaming\loadtbs
2012-09-11 14:06:53 -------- d-----w- C:\Program Files (x86)\pazera-software
2012-09-10 18:48:13 -------- d-----w- C:\Users\Jonas\AppData\Local\Downloaded Installations
2012-09-10 18:07:35 -------- d-----w- C:\Users\Jonas\AppData\Local\{7468D293-9D03-4BEC-8C37-56DE9E712827}
2012-09-09 17:32:45 980376 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\main.dll
2012-09-09 17:32:45 1470872 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsui.dll
2012-09-09 17:32:45 1364376 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\api.dll
2012-09-09 17:29:08 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-09-09 17:29:05 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games
2012-09-09 17:00:57 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-09-09 17:00:57 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-09-09 17:00:57 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-09-09 16:51:25 -------- d--h--w- C:\ProgramData\Common Files
2012-09-09 16:51:22 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sy
2012-09-09 14:06:53 -------- d-----w- C:\Users\Jonas\AppData\Local\APN
.
==================== Find3M ====================
.
2012-09-17 11:48:20 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-17 11:48:20 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-30 13:22:18 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-30 13:22:17 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-29 23:15:30 3782214 ----a-w- C:\chatzum_nt.exe
2012-08-24 13:58:36 405152 ----a-w- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 11:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 11:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-18 14:18:28 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 19:22:05,53 ===============
--- --- --- Nun das Attach.txt : . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 13/06/2012 17:50:01 System Uptime: 08/10/2012 18:01:26 (1 hours ago) . Motherboard: Acer | | JM70 Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | U2E1 | 1188/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 250 GiB total, 43,012 GiB free. D: is FIXED (NTFS) - 0 GiB total, 0,069 GiB free. E: is CDROM (CDFS) F: is CDROM () G: is Removable H: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: FingerPrinter Reader Device ID: USB\VID_1C7A&PID_0801\00000000000006 Manufacturer: Name: FingerPrinter Reader PNP Device ID: USB\VID_1C7A&PID_0801\00000000000006 Service: . Class GUID: Description: Device ID: ACPI\WEC1040\4&891F657&0 Manufacturer: Name: PNP Device ID: ACPI\WEC1040\4&891F657&0 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) - Deutsch Apple Application Support Apple Software Update Ask Toolbar Audacity 2.0 Audible Download Manager Avira Free Antivirus Avira SearchFree Toolbar plus Web Protection Updater Browser Manager BrowserCompanion Bus-Simulator 2012 Camtasia Studio 7 CardRecovery 6.00 Cinema 4D version R12 devkitProUpdater 1.5.3 Die Sims™ 3 DVDStyler v2.2 E3MC - Windows Shutdown Timer v5.7 Full FIFA 12 (c) EA version 1 Free Audio Converter version 5.0.14.627 Free DVD Video Burner version 3.2.2.706 Free Video Converter V 3.1 Free Video to MP3 Converter version 5.0.17.825 Free YouTube Download version 3.1.37.918 Free YouTube to MP3 Converter version 3.11.29.825 GameMaker 8.1 Google Chrome Google Earth Plug-in Google Update Helper Heyer's Video-Cover 4 Java 7 Update 7 Java Auto Updater JavaFX 2.1.1 loadtbs-3.0 Microsoft Flight Simulator X Microsoft Flight Simulator X Service Pack 1 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 15.0.1 (x86 de) Mozilla Maintenance Service Mozilla Thunderbird 15.0 (x86 de) MSVCRT MSVCRT Redists MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser und SDK MTA:SA v1.3 NVIDIA PhysX OpenOffice.org 3.4.1 Pazera Free MP4 to AVI Converter 1.6 QuickTime Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Shutdown Timer Steam Unity Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Vegas Pro 11.0 Visitenkarten in 2 Minuten Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Installer Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== End Of File =========================== DANKE DAS DU MIR HILFST!!!!!!!!!! Geändert von F4c3d0wn (08.10.2012 um 18:57 Uhr) |
|
08.10.2012, 19:59
| #8 | ||
| /// Malwareteam | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Ich helfe gerne!  Wegen dem Kennwort brauchst du dir keine Sorgen zu machen... Schritt 1: Software deinstallieren
Schritt 2: Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
08.10.2012, 20:51
| #9 |
| | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Also: Wegen Schritt 1: Der Updater von Avira habe ich deinstalliert. Aber die Ask Toolbar ist mir vor einigen Tagen schonmal aufgefallen, aber nun finde ich sie WIRKLICH nicht in dem Fenster (Programme deinstallieren), ich habe mehreremale alles durchsucht. |
|
09.10.2012, 06:21
| #10 |
| /// Malwareteam | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Wenn du sie nicht findest, mach weiter mit Schritt 2!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
09.10.2012, 08:31
| #11 |
| | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Habe Combofix.exe durchlaufen lassen, als erfertig war hat er sich selber neugestartet, eine Fehlermeldung oder etc. habe ich nicht bekommen. Hier der Code: [Code] Combofix Logfile: Code:
ATTFilter ComboFix 12-10-08.03 - Jonas 08/10/2012 21:58:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2381 [GMT 2:00]
ausgeführt von:: c:\users\Jonas\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-08 bis 2012-10-08 ))))))))))))))))))))))))))))))
.
.
2012-10-08 20:39 . 2012-10-08 20:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-08 20:39 . 2012-10-08 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-07 20:05 . 2012-10-07 20:05 -------- d-----w- c:\users\Jonas\AppData\Roaming\Avira
2012-10-07 19:59 . 2012-09-24 07:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-07 19:59 . 2012-09-13 13:52 99248 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-07 19:59 . 2012-09-13 13:52 129576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-07 19:59 . 2012-10-07 19:59 -------- d-----w- c:\programdata\Avira
2012-10-07 19:59 . 2012-10-07 19:59 -------- d-----w- c:\program files (x86)\Avira
2012-10-06 19:42 . 2012-10-06 19:42 -------- d-----w- c:\users\Jonas\AppData\Local\Logitech
2012-10-06 19:27 . 2012-10-06 19:27 -------- d-----w- c:\program files\Common Files\Logitech
2012-10-06 19:27 . 2012-10-06 19:27 -------- d-----w- c:\program files\Logitech
2012-10-06 18:09 . 2012-10-06 18:09 -------- d-----w- c:\users\Jonas\AppData\Local\Bus Simulator 2012
2012-10-06 17:58 . 2012-10-06 17:58 -------- d-----w- c:\program files (x86)\astragon
2012-10-06 14:01 . 2012-10-07 06:18 -------- d-----w- c:\programdata\boost_interprocess
2012-10-06 14:00 . 2012-10-06 14:01 -------- d-----w- c:\users\Jonas\AppData\Roaming\FreeVideoConverter
2012-10-06 14:00 . 2012-10-06 14:00 -------- d-----w- c:\program files (x86)\Free Video Converter
2012-10-06 11:57 . 2012-10-06 12:01 -------- d-----w- C:\NDSCreator
2012-10-05 12:25 . 2012-10-05 12:31 -------- d-----w- c:\users\Jonas\AppData\Roaming\Unity
2012-10-05 12:23 . 2012-10-05 12:25 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-10-05 12:23 . 2012-10-05 12:25 -------- d-----w- c:\users\Jonas\AppData\Roaming\PACE Anti-Piracy
2012-10-05 12:23 . 2012-10-05 12:23 -------- d-----w- c:\users\Jonas\AppData\Local\PACE Anti-Piracy
2012-10-05 12:23 . 2012-10-05 12:23 -------- d-----w- c:\program files (x86)\Common Files\PACE Anti-Piracy
2012-10-05 12:21 . 2012-10-05 12:25 -------- d-----w- c:\users\Jonas\AppData\Local\Unity
2012-10-05 12:15 . 2012-10-05 12:21 -------- d-----w- c:\program files (x86)\Unity
2012-10-04 17:54 . 2012-10-04 17:54 -------- d-----w- c:\users\Jonas\AppData\Local\GameMaker8.1
2012-10-04 17:53 . 2012-10-04 17:53 -------- d-----w- c:\users\Jonas\AppData\Local\YoYo_Games_Ltd
2012-10-04 17:40 . 2012-10-06 06:41 -------- d-----w- c:\program files (x86)\ChatZum Toolbar
2012-10-04 17:39 . 2012-10-04 18:10 -------- d-----w- c:\users\Jonas\AppData\Roaming\GameMaker
2012-10-04 17:39 . 2012-10-04 17:39 -------- d-----w- c:\users\Jonas\GameMaker 8.1
2012-10-04 15:56 . 2012-10-04 15:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-04 15:44 . 2012-10-05 12:04 -------- d-----w- C:\devkitPro
2012-10-04 15:13 . 2010-08-24 18:39 560128 ----a-w- c:\windows\SysWow64\ScintillaNet.dll
2012-10-04 15:13 . 2010-08-24 18:39 560128 ----a-w- c:\windows\ScintillaNet.dll
2012-10-04 15:13 . 2010-08-24 18:39 408576 ----a-w- c:\windows\SysWow64\SciLexer.dll
2012-10-04 15:13 . 2010-08-24 18:39 408576 ----a-w- c:\windows\SciLexer.dll
2012-10-04 15:13 . 2012-10-05 11:56 -------- d-----w- c:\program files (x86)\DS Game Maker
2012-10-04 15:11 . 2012-10-04 15:11 -------- d-----w- c:\users\Jonas\AppData\Local\Babylon
2012-10-04 12:23 . 2012-10-04 12:23 -------- d-----w- c:\users\Jonas\AppData\Local\European Bus Simulator 2012
2012-10-03 18:40 . 2012-10-03 18:40 -------- d-----w- c:\users\Jonas\AppData\Roaming\Sinvise Systems
2012-10-03 18:40 . 2012-10-03 18:40 -------- d-----w- c:\program files (x86)\Sinvise Systems
2012-10-03 14:19 . 2012-10-03 14:19 -------- d-----w- c:\users\Jonas\AppData\Local\DownTango
2012-10-03 14:19 . 2012-10-03 14:19 -------- d-----w- c:\program files (x86)\Red Sky
2012-10-03 14:17 . 2012-10-03 14:17 -------- d-----w- c:\programdata\Browser Manager
2012-10-03 14:15 . 2012-10-03 14:18 -------- d-----w- c:\programdata\Tarma Installer
2012-10-03 13:13 . 2012-10-03 13:13 -------- d-----w- c:\program files (x86)\N3V Games
2012-10-01 16:50 . 2012-10-01 16:50 -------- d-----w- c:\users\Jonas\AppData\Roaming\Fighters
2012-10-01 16:50 . 2012-10-01 16:50 -------- d-----w- c:\programdata\Fighters
2012-10-01 14:22 . 2012-10-01 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-01 14:22 . 2012-10-01 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-01 14:22 . 2012-10-01 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-01 14:22 . 2012-10-01 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-01 14:22 . 2012-10-01 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-01 14:22 . 2012-10-01 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-01 14:22 . 2012-10-01 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-30 07:53 . 2012-09-30 07:53 -------- d-----w- c:\users\Jonas\AppData\Roaming\Satmap
2012-09-30 07:52 . 2012-09-30 07:52 -------- d-----w- c:\users\Jonas\AppData\Local\Satmap_Systems_Ltd
2012-09-29 12:19 . 2012-09-29 12:19 -------- d-----w- c:\users\Jonas\AppData\Roaming\SF Software
2012-09-29 12:19 . 2012-09-29 12:19 -------- d-----w- c:\users\Jonas\AppData\Local\SF
2012-09-29 12:10 . 2012-09-29 12:20 -------- d-----w- c:\programdata\SF
2012-09-29 11:57 . 2012-09-29 11:57 -------- d-----w- c:\program files (x86)\Sigel
2012-09-26 13:55 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-26 13:54 . 2012-09-26 13:54 -------- d-----w- c:\program files\iPod
2012-09-26 13:53 . 2012-09-26 13:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-26 13:53 . 2012-09-26 13:55 -------- d-----w- c:\program files\iTunes
2012-09-26 13:53 . 2012-09-26 13:55 -------- d-----w- c:\program files (x86)\iTunes
2012-09-26 13:38 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-20 16:32 . 2012-09-20 16:32 -------- d-----w- c:\users\Jonas\AppData\Roaming\PDAppFlex
2012-09-20 14:05 . 2012-09-20 14:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-09-18 18:58 . 2012-09-18 18:58 -------- d-----w- c:\programdata\Synetic
2012-09-18 18:58 . 2012-09-18 18:58 -------- d-----w- c:\users\Jonas\AppData\Roaming\ProtectDISC
2012-09-18 18:56 . 2012-09-18 18:56 -------- d--h--w- c:\windows\msdownld.tmp
2012-09-17 11:48 . 2012-09-17 11:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-17 11:48 . 2012-09-17 11:48 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 11:48 . 2012-09-17 11:48 -------- d-----w- c:\program files (x86)\Java
2012-09-15 20:26 . 2012-09-15 20:26 -------- d-----w- c:\users\Jonas\AppData\Local\fontconfig
2012-09-15 20:26 . 2012-09-22 12:55 -------- d-----w- c:\users\Jonas\.gimp-2.8
2012-09-15 20:26 . 2012-09-15 20:26 -------- d-----w- c:\users\Jonas\AppData\Local\gegl-0.2
2012-09-15 20:25 . 2012-09-15 20:26 -------- d-----w- c:\program files\GIMP 2
2012-09-14 15:07 . 2012-09-14 15:07 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-14 11:38 . 2012-09-14 11:39 -------- d-----w- c:\users\Jonas\AppData\Roaming\Steganos
2012-09-12 15:59 . 2012-09-12 16:06 -------- d-----w- c:\program files (x86)\FIFA 12
2012-09-12 15:56 . 2012-09-12 15:56 -------- d-----w- c:\users\Jonas\AppData\Roaming\PowerISO
2012-09-12 15:17 . 2012-09-12 15:17 -------- d-----w- c:\users\Jonas\AppData\Local\CrashRpt
2012-09-12 14:01 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:01 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:01 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:01 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 14:01 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:01 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:01 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 16:30 . 2012-09-11 16:30 -------- d-----w- c:\users\Jonas\AppData\Roaming\convert
2012-09-11 16:30 . 2012-09-11 16:30 -------- d-----w- c:\users\Jonas\AppData\Roaming\loadtbs
2012-09-11 14:06 . 2012-09-11 14:06 -------- d-----w- c:\program files (x86)\pazera-software
2012-09-10 18:48 . 2012-09-10 18:48 -------- d-----w- c:\programdata\Pinnacle
2012-09-10 18:48 . 2012-09-10 18:48 -------- d-----w- c:\users\Jonas\AppData\Local\Downloaded Installations
2012-09-09 17:29 . 2012-09-09 17:29 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-09-09 17:29 . 2012-09-09 17:29 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
2012-09-09 17:00 . 2012-09-09 17:00 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-09-09 16:58 . 2012-09-09 16:58 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-09-09 16:51 . 2012-09-09 16:51 -------- d--h--w- c:\programdata\Common Files
2012-09-09 16:51 . 2012-08-17 04:41 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-09-09 16:51 . 2012-09-09 16:52 -------- d-----w- c:\program files (x86)\PowerISO
2012-09-09 14:06 . 2012-09-09 14:06 -------- d-----w- c:\users\Jonas\AppData\Local\APN
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 20:42 . 2012-09-02 14:26 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-17 11:48 . 2012-06-23 18:50 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-17 11:48 . 2012-06-23 18:50 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-12 19:03 . 2012-06-23 20:03 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-30 13:22 . 2012-07-09 16:19 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 13:22 . 2012-07-09 16:19 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-30 07:27 . 2012-10-02 16:36 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2FFD5F8-B247-4BC3-A2AB-24C0D5D7332E}\mpengine.dll
2012-08-29 23:15 . 2012-08-29 23:15 3782214 ----a-w- C:\chatzum_nt.exe
2012-08-24 13:58 . 2012-06-13 18:27 405152 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-08-21 11:01 . 2012-06-13 18:22 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-06-13 18:22 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-18 14:18 . 2012-08-18 14:18 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-07-27 09:48 . 2011-03-28 16:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-18 18:15 . 2012-08-16 13:27 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\Jonas\AppData\Roaming\loadtbs\toolbar.dll" [2012-08-03 616448]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-07 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
tbhcn.lnk - c:\users\Jonas\AppData\Roaming\BrowserCompanion\tbhcn.exe [2012-7-2 695448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23762~1.17\{16cdf~1\browsemngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-14 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-02 2201112]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 13:22]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 18:00]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 18:00]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000Core.job
- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 10:15]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000UA.job
- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 10:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
user_pref(browser.newtab.url, search.chatzum.com);FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5afdc74600000000000000262d631707&q=
FF - user.js: extensions.BabylonToolbar.id - 5afdc74600000000000000262d631707
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15616
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.716:17
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Toolbar-10 - (no file)
WebBrowser-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"=hex:51,66,7a,6c,4c,1d,38,12,80,ce,fc,
db,28,81,a6,0a,f7,bb,51,d8,77,47,c7,66
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{00CBB66B-1D3B-46D3-9577-323A336ACB50}"=hex:51,66,7a,6c,4c,1d,38,12,05,b5,d8,
04,09,53,bd,03,ea,61,71,7a,36,34,8f,44
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{963B125B-8B21-49A2-A3A8-E37092276531}"=hex:51,66,7a,6c,4c,1d,38,12,35,11,28,
92,13,c5,cc,0c,dc,be,a0,30,97,79,21,25
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:15,10,d4,ff,7d,9d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,32,d9,11,c5,e8,c4,40,8b,b0,24,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,32,d9,11,c5,e8,c4,40,8b,b0,24,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-08 22:50:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-08 20:50
.
Vor Suchlauf: 31 Verzeichnis(se), 47.028.129.792 Bytes frei
Nach Suchlauf: 39 Verzeichnis(se), 46.743.916.544 Bytes frei
.
- - End Of File - - 62F9418D558859934DB76CA2170B7B34
Ist der Trojaner/Virus damit weg, das Problem nun behoben, oder was haben die bisherigen Schritte gebracht? Achja, und was ich anfangs vergessen hatte: Ich habe Windows 7 mit einem 64-Bit-Betriebsystem! Nochmals RIESEN DANKESCHÖN, dass Du mir hilfst!!! Geändert von F4c3d0wn (09.10.2012 um 08:39 Uhr) |
|
09.10.2012, 08:54
| #12 |
| /// Malwareteam | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden sind noch Reste da... Scan mit adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
09.10.2012, 08:59
| #13 |
| | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden So das Ergebniss: Code:
ATTFilter # AdwCleaner v2.004 - Datei am 09/10/2012 um 09:57:46 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jonas - JONAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : Browser Manager
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\browsemngr.xml
Datei Gefunden : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Jonas\AppData\Local\APN
Ordner Gefunden : C:\Users\Jonas\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Jonas\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Jonas\AppData\LocalLow\bbrs_002.tb
Ordner Gefunden : C:\Users\Jonas\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\BrowserCompanion
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\loadtbs
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\extensions\ffxtlbr@babylon.com
Ordner Gefunden : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\extensions\staged
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23762~1.17\{16cdf~1\browsemngr.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\Software\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gefunden : HKU\S-1-5-21-684478495-2098680302-1758085873-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-684478495-2098680302-1758085873-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-684478495-2098680302-1758085873-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKU\S-1-5-21-684478495-2098680302-1758085873-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://isearch.babylon.com/?affID=112555&tt=031012_ccp_4012_6&babsrc=HP_ss&mntrId=5afdc74600000000000000262d631707
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\prefs.js
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale[...]
Gefunden : user_pref("browser.newtab.url", "search.chatzum.com");user_pref("browser.search.selectedEngine", "As[...]
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
-\\ Google Chrome v22.0.1229.92
Datei : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.8] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",
Gefunden [l.13] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/414", "hxxps://www.google.de/" ]
Gefunden [l.44] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gefunden [l.47] : keyword = "ask.com",
Gefunden [l.50] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=2c691f30-d602-4086-92dd-b3451bcdcdb2&apn_ptnrs=%5EAGS&apn_sauid=D552E4E5-ADBD-4CC0-98DF-C6C07FCC1609&apn_dtid=%5EYYYYYY%5EVL%5EDE&q={searchTerms}",
Gefunden [l.51] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"
Gefunden [l.1386] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",
Gefunden [l.1795] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/414", "hxxps://www.google.de/" ]
*************************
AdwCleaner[R1].txt - [13218 octets] - [09/10/2012 09:57:46]
########## EOF - C:\AdwCleaner[R1].txt - [13279 octets] ##########
Geändert von F4c3d0wn (09.10.2012 um 09:11 Uhr) |
|
09.10.2012, 09:20
| #14 |
| /// Malwareteam | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Schritt 1: Fix mit adwCleaner
Schritt 2: Neues OTL-Log [*]Doppelklick auf die OTL.exe Vista und Win7 User mit Rechtsklick "als Administrator starten"[*]Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output[*]Unter Extra Registry, wähle bitte Use SafeList[*]Klicke nun auf Run Scan links oben[*]Wenn der Scan beendet wurde werden 2 Logfiles erstellt[*]Poste die Logfiles hier in den Thread.[/list] Keine Sorge! Es gibt zwar Viren, die das BIOS angreifen, jedoch sind diese extrem selten.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
09.10.2012, 09:32
| #15 |
| | Computer öffnet unaufgefordert Seiten und komischer Virus gefunden Anscheinend hat der AWDCleaner versucht, meine Startseite in GoogleChrome zu endern (endlich, hatt ich auch schon lange vor), er ist aber irgendwie dabei gescheitert, habe nämlich eine Meldung bekommen und die Starteseite nun eigenhändig in "hxxp://www.google.de/" verändert. Nun der Code vom ADWCleaner: Code:
ATTFilter
# AdwCleaner v2.004 - Datei am 09/10/2012 um 10:23:51 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jonas - JONAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Browser Manager
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\browsemngr.xml
Datei Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\searchplugins\Search_Results.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Jonas\AppData\Local\APN
Ordner Gelöscht : C:\Users\Jonas\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Jonas\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Jonas\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Jonas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\extensions\staged
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23762~1.17\{16cdf~1\browsemngr.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKU\S-1-5-21-684478495-2098680302-1758085873-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\prefs.js
C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\fvr87tqd.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale[...]
Gelöscht : user_pref("browser.newtab.url", "search.chatzum.com");user_pref("browser.search.selectedEngine", "As[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
-\\ Google Chrome v22.0.1229.92
Datei : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.8] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",
Gelöscht [l.13] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/414", "hxxps://www.google.de/" ]
Gelöscht [l.44] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.47] : keyword = "ask.com",
Gelöscht [l.50] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=2c691f30-d602-4086-92dd-b3451bcdcdb2&apn_ptnrs=%5EAGS&apn_sauid=D552E4E5-ADBD-4CC0-98DF-C6C07FCC1609&apn_dtid=%5EYYYYYY%5EVL%5EDE&q={searchTerms}",
Gelöscht [l.51] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"
Gelöscht [l.1386] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",
Gelöscht [l.1824] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/414", "hxxps://www.google.de/" ]
*************************
AdwCleaner[R1].txt - [13327 octets] - [09/10/2012 09:57:46]
AdwCleaner[S1].txt - [12880 octets] - [09/10/2012 10:23:51]
########## EOF - C:\AdwCleaner[S1].txt - [12941 octets] ##########
So: Der 1. OTL.txt Bericht: OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 09/10/2012 10:33:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,60% Memory free 7,99 Gb Paging File | 6,07 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 249,80 Gb Total Space | 43,35 Gb Free Space | 17,36% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 70,17 Mb Free Space | 70,17% Space Free | Partition Type: NTFS Drive E: | 106,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.15.10_0\sqlite3.dll () MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.15.10_0\ch20UPD.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\pdf.dll () MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\libglesv2.dll () MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\libegl.dll () MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\avutil-51.dll () MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\avformat-54.dll () MOD - C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\avcodec-54.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 C7 6B 3C 81 49 CD 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0F1D570E-5D58-4E0A-A6A7-7D86BB0D99F0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VL^DE&apn_uid=2c691f30-d602-4086-92dd-b3451bcdcdb2&apn_sauid=D552E4E5-ADBD-4CC0-98DF-C6C07FCC1609 IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jonas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Password Manager 12\spmplugin3 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/01 16:22:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/01 16:22:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/10/06 17:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/09/06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/09/06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/09/06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/09/06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/09/06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\22.0.1229.92\pdf.dll CHR - plugin: Free Studio (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Jonas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ O1 HOSTS File: ([2012/10/08 22:42:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D53C6F-7AE8-4C70-AD89-77F453161D87}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFCF837-D0B4-4D4E-908C-8AE06C0051FB}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/03/17 23:27:26 | 000,000,039 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/09 10:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin [2012/10/09 10:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin [2012/10/09 10:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin [2012/10/08 22:42:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/10/08 22:42:53 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN [2012/10/08 22:39:56 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/10/08 21:55:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/10/08 21:55:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/10/08 21:55:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/10/08 21:54:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/10/08 21:54:31 | 000,000,000 | ---D | C] -- \Qoobox [2012/10/08 21:54:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/10/08 19:20:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jonas\Desktop\dds.com [2012/10/08 17:52:06 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe [2012/10/08 17:49:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe [2012/10/08 17:46:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe [2012/10/07 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/10/07 21:59:05 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/10/07 21:59:05 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/10/07 21:59:05 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/10/07 21:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/10/07 21:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012/10/06 21:42:28 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Logitech [2012/10/06 21:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012/10/06 21:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech [2012/10/06 21:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2012/10/06 20:09:14 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\Bus Simulator 2012 [2012/10/06 20:09:14 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Bus Simulator 2012 [2012/10/06 20:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus-Simulator 2012 [2012/10/06 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\DeutschProjekt =.= [2012/10/06 19:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\astragon [2012/10/06 16:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter [2012/10/06 16:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Video Converter [2012/10/06 13:57:48 | 000,000,000 | ---D | C] -- C:\NDSCreator [2012/10/06 13:57:48 | 000,000,000 | ---D | C] -- \NDSCreator [2012/10/05 14:23:33 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\PACE Anti-Piracy [2012/10/05 14:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy [2012/10/05 14:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PACE Anti-Piracy [2012/10/05 14:21:14 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Unity [2012/10/05 14:19:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects [2012/10/05 14:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity [2012/10/05 14:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity [2012/10/04 19:54:09 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\GameMaker8.1 [2012/10/04 19:53:57 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\YoYo_Games_Ltd [2012/10/04 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Jonas\GameMaker 8.1 [2012/10/04 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker 8.1 [2012/10/04 17:56:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/10/04 17:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devkitPro [2012/10/04 17:44:28 | 000,000,000 | ---D | C] -- C:\devkitPro [2012/10/04 17:44:28 | 000,000,000 | ---D | C] -- \devkitPro [2012/10/04 17:13:45 | 000,560,128 | ---- | C] (ScintillaNet Team) -- C:\Windows\SysWow64\ScintillaNet.dll [2012/10/04 17:13:45 | 000,560,128 | ---- | C] (ScintillaNet Team) -- C:\Windows\ScintillaNet.dll [2012/10/04 17:13:45 | 000,408,576 | ---- | C] (Neil Hodgson neilh@scintilla.org) -- C:\Windows\SysWow64\SciLexer.dll [2012/10/04 17:13:45 | 000,408,576 | ---- | C] (Neil Hodgson neilh@scintilla.org) -- C:\Windows\SciLexer.dll [2012/10/04 17:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DS Game Maker [2012/10/04 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\European Bus Simulator 2012 [2012/10/04 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\European Bus Simulator 2012 [2012/10/03 20:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sinvise Systems [2012/10/03 20:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sinvise Systems [2012/10/03 16:19:46 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\DownTango [2012/10/03 16:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky [2012/10/03 16:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012/10/03 16:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload [2012/10/03 15:13:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\N3V Games [2012/10/02 20:26:10 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\SprecheSpeech [2012/10/02 20:01:03 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\{08B1FC16-6D7A-4844-89E5-ECE7A180CE56} [2012/10/01 18:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters [2012/10/01 18:22:59 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Fernsehturm Bilder [2012/10/01 17:06:09 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\{1198A11C-6516-48AF-A8F6-46ED37D18BC9} [2012/10/01 16:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/10/01 15:49:53 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12 [2012/09/30 09:52:50 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Satmap_Systems_Ltd [2012/09/29 14:19:42 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\SF [2012/09/29 14:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SF [2012/09/29 14:08:01 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\CAM Development [2012/09/29 13:57:45 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel [2012/09/29 13:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel [2012/09/29 13:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sigel [2012/09/28 14:06:29 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Mozilla [2012/09/28 14:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/09/28 14:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/09/26 15:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2012/09/26 15:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/09/26 15:55:53 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012/09/26 15:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/09/26 15:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/09/26 15:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/09/26 15:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/09/26 15:38:08 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012/09/23 17:13:43 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Picture [2012/09/23 17:11:04 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Spiele [2012/09/23 17:10:41 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Programme [2012/09/22 22:54:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/09/22 22:54:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/09/22 22:54:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/09/22 22:54:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/09/22 22:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/09/22 22:54:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/09/22 22:54:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/09/22 22:54:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/09/22 22:54:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/09/22 22:54:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/09/22 22:54:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/09/22 22:54:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/09/22 22:54:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/09/22 22:54:44 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/09/22 22:54:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/09/21 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Neuer Ordner [2012/09/18 20:58:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012/09/18 20:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Synetic [2012/09/18 20:56:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012/09/17 13:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/09/17 13:48:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/09/17 13:48:26 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/09/17 13:48:26 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/09/17 13:48:26 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/09/17 13:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/09/15 22:26:27 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\fontconfig [2012/09/15 22:26:25 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\gegl-0.2 [2012/09/15 22:26:25 | 000,000,000 | ---D | C] -- C:\Users\Jonas\.gimp-2.8 [2012/09/15 22:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012/09/15 17:50:30 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\Oberstufe_Bewerbung [2012/09/15 11:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\{648658F6-667E-419B-BEDA-8F16A2F92A31} [2012/09/14 17:07:13 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012/09/14 13:38:50 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\vom Stick [2012/09/12 18:10:01 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\FIFA 12 [2012/09/12 17:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FIFA 12 [2012/09/12 17:17:54 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\CrashRpt [2012/09/12 16:01:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012/09/12 16:01:49 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/09/12 16:01:48 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/09/12 16:01:48 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012/09/11 16:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pazera Free MP4 to AVI Converter [2012/09/11 16:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pazera-software [2012/09/10 20:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle [2012/09/10 20:48:13 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Downloaded Installations [2012/09/10 20:07:35 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\{7468D293-9D03-4BEC-8C37-56DE9E712827} [2012/09/10 17:42:09 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Youtube [2012/09/09 19:45:49 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\Flight Simulator X Files [2012/09/09 19:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/09/09 19:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games [2012/09/09 19:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games [2012/09/09 18:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012/09/09 18:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO [2012/09/09 18:51:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/09/09 18:51:22 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/09 10:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/09 10:33:58 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/09 10:33:58 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/09 10:30:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000UA.job [2012/10/09 10:25:57 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/09 10:25:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/09 10:25:37 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys [2012/10/09 10:12:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/09 09:57:26 | 000,538,327 | ---- | M] () -- C:\Users\Jonas\Desktop\adwcleaner.exe [2012/10/08 22:42:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/10/08 19:20:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jonas\Desktop\dds.com [2012/10/08 18:30:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-684478495-2098680302-1758085873-1000Core.job [2012/10/08 18:28:20 | 000,000,512 | ---- | M] () -- C:\Users\Jonas\Desktop\MBR.dat [2012/10/08 17:52:05 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jonas\Desktop\tdsskiller.exe [2012/10/08 17:47:59 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jonas\Desktop\aswMBR.exe [2012/10/08 17:46:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe [2012/10/07 21:59:43 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/10/07 21:58:41 | 001,498,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/10/07 21:58:41 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/10/07 21:58:41 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/07 21:58:41 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/10/07 21:58:41 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/06 20:08:18 | 000,001,432 | ---- | M] () -- C:\Users\Jonas\Desktop\Bus-Simulator 2012 (Basic-Version).lnk [2012/10/06 20:08:18 | 000,001,425 | ---- | M] () -- C:\Users\Jonas\Desktop\Bus-Simulator 2012 (High-Version).lnk [2012/10/06 11:16:19 | 000,131,944 | ---- | M] () -- C:\Users\Jonas\Desktop\Deutschprojekt.avi.sfk [2012/10/05 14:19:22 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk [2012/10/05 13:53:13 | 000,013,508 | ---- | M] () -- C:\Users\Jonas\Documents\Erstes_PCSpiel.Jonas.gm81 [2012/10/04 22:29:08 | 000,011,747 | ---- | M] () -- C:\Users\Jonas\Documents\Erstes_PCSpiel.Jonas.gb1 [2012/10/03 16:19:59 | 000,000,014 | ---- | M] () -- C:\end [2012/10/02 22:07:37 | 000,007,625 | ---- | M] () -- C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg [2012/10/02 21:29:36 | 001,332,248 | ---- | M] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv.sfk [2012/10/02 21:20:55 | 170,519,576 | ---- | M] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv.sfap0 [2012/10/02 21:04:19 | 2494,600,995 | ---- | M] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv [2012/10/01 18:46:16 | 000,008,680 | ---- | M] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv.sfk [2012/10/01 18:44:52 | 001,102,232 | ---- | M] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv.sfap0 [2012/10/01 18:41:13 | 001,680,597 | ---- | M] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv [2012/10/01 17:21:57 | 000,116,268 | ---- | M] () -- C:\Users\Jonas\Desktop\Fernsehturm-Duesseldorf-a18252073.jpg [2012/10/01 16:22:05 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/09/29 15:55:51 | 000,000,421 | ---- | M] () -- C:\Users\Jonas\Documents\Visitenkarte_JH.v2m [2012/09/29 13:57:45 | 000,001,191 | ---- | M] () -- C:\Users\Jonas\Desktop\Visitenkarten In 2 Minuten.lnk [2012/09/28 20:41:02 | 000,085,619 | ---- | M] () -- C:\Users\Jonas\Desktop\Namensschild.c4d [2012/09/28 20:18:18 | 000,972,932 | ---- | M] () -- C:\Users\Jonas\Desktop\WalserwegIcon.tif [2012/09/28 20:14:00 | 000,019,861 | ---- | M] () -- C:\Users\Jonas\Desktop\mountains-hi.png [2012/09/28 20:02:49 | 000,000,835 | ---- | M] () -- C:\Users\Jonas\Desktop\16.9WEIßwp.jpg [2012/09/28 19:36:18 | 000,002,741 | ---- | M] () -- C:\Users\Jonas\Desktop\icon_big_berge.png [2012/09/28 19:25:09 | 000,809,688 | ---- | M] () -- C:\Users\Jonas\Documents\DerWalserwegDerFilm.veg [2012/09/28 19:24:41 | 000,809,688 | ---- | M] () -- C:\Users\Jonas\Documents\DerWalserwegDerFilm.veg.bak [2012/09/24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/09/23 21:19:56 | 169,015,127 | ---- | M] () -- C:\Users\Jonas\Desktop\iPhone 4 - Test HD - Deutsch_German.mp4 [2012/09/22 14:54:39 | 000,006,560 | ---- | M] () -- C:\Users\Jonas\AppData\Local\recently-used.xbel [2012/09/22 13:15:12 | 005,058,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/09/21 15:12:46 | 000,152,284 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2012/09/18 21:00:58 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000017B4.LCS [2012/09/17 13:48:20 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/09/17 13:48:20 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/09/17 13:48:20 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/09/17 13:48:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/09/17 13:48:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/09/17 13:48:20 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/09/14 17:07:13 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012/09/14 13:37:47 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI [2012/09/13 15:52:59 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/09/13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/09/10 20:48:24 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012/09/10 20:47:36 | 000,022,440 | ---- | M] () -- C:\Users\Jonas\Documents\KommaFavouAbonnDanke_bearb.veg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/09 09:57:29 | 000,538,327 | ---- | C] () -- C:\Users\Jonas\Desktop\adwcleaner.exe [2012/10/08 21:55:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/10/08 21:55:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/10/08 21:55:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/10/08 21:55:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/10/08 21:55:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/10/08 18:28:20 | 000,000,512 | ---- | C] () -- C:\Users\Jonas\Desktop\MBR.dat [2012/10/07 21:59:43 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/10/06 20:08:18 | 000,001,432 | ---- | C] () -- C:\Users\Jonas\Desktop\Bus-Simulator 2012 (Basic-Version).lnk [2012/10/06 20:08:18 | 000,001,425 | ---- | C] () -- C:\Users\Jonas\Desktop\Bus-Simulator 2012 (High-Version).lnk [2012/10/06 11:10:51 | 000,131,944 | ---- | C] () -- C:\Users\Jonas\Desktop\Deutschprojekt.avi.sfk [2012/10/05 14:19:22 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk [2012/10/04 20:43:04 | 000,013,508 | ---- | C] () -- C:\Users\Jonas\Documents\Erstes_PCSpiel.Jonas.gm81 [2012/10/04 20:43:04 | 000,011,747 | ---- | C] () -- C:\Users\Jonas\Documents\Erstes_PCSpiel.Jonas.gb1 [2012/10/03 16:19:36 | 000,000,014 | ---- | C] () -- C:\end [2012/10/03 16:19:36 | 000,000,014 | ---- | C] () -- \end [2012/10/02 22:07:37 | 000,007,625 | ---- | C] () -- C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg [2012/10/02 20:08:26 | 2494,600,995 | ---- | C] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv [2012/10/01 18:45:32 | 000,008,680 | ---- | C] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv.sfk [2012/10/01 18:44:55 | 001,332,248 | ---- | C] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv.sfk [2012/10/01 18:43:10 | 170,519,576 | ---- | C] () -- C:\Users\Jonas\Desktop\Duesseldorfer_Fernsehturm_30.09.12_Dateien.wmv.sfap0 [2012/10/01 18:43:10 | 001,102,232 | ---- | C] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv.sfap0 [2012/10/01 18:40:49 | 001,680,597 | ---- | C] () -- C:\Users\Jonas\Desktop\Intro_Duesseldorfer_Fernsehturm.wmv [2012/10/01 17:21:49 | 000,116,268 | ---- | C] () -- C:\Users\Jonas\Desktop\Fernsehturm-Duesseldorf-a18252073.jpg [2012/10/01 16:22:05 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/09/29 15:55:51 | 000,000,421 | ---- | C] () -- C:\Users\Jonas\Documents\Visitenkarte_JH.v2m [2012/09/29 13:57:45 | 000,001,191 | ---- | C] () -- C:\Users\Jonas\Desktop\Visitenkarten In 2 Minuten.lnk [2012/09/28 20:41:02 | 000,085,619 | ---- | C] () -- C:\Users\Jonas\Desktop\Namensschild.c4d [2012/09/28 20:18:18 | 000,972,932 | ---- | C] () -- C:\Users\Jonas\Desktop\WalserwegIcon.tif [2012/09/28 20:14:00 | 000,019,861 | ---- | C] () -- C:\Users\Jonas\Desktop\mountains-hi.png [2012/09/28 20:02:49 | 000,000,835 | ---- | C] () -- C:\Users\Jonas\Desktop\16.9WEIßwp.jpg [2012/09/28 19:36:17 | 000,002,741 | ---- | C] () -- C:\Users\Jonas\Desktop\icon_big_berge.png [2012/09/28 14:06:26 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/09/23 21:13:00 | 169,015,127 | ---- | C] () -- C:\Users\Jonas\Desktop\iPhone 4 - Test HD - Deutsch_German.mp4 [2012/09/22 14:54:39 | 000,006,560 | ---- | C] () -- C:\Users\Jonas\AppData\Local\recently-used.xbel [2012/09/21 15:12:46 | 000,152,284 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/09/18 20:58:04 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000017B4.LCS [2012/09/15 22:26:13 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012/09/14 13:37:46 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2012/09/12 18:06:50 | 000,001,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12.lnk [2012/09/10 20:48:23 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012/09/10 20:47:36 | 000,022,440 | ---- | C] () -- C:\Users\Jonas\Documents\KommaFavouAbonnDanke_bearb.veg [2012/08/31 15:52:40 | 000,008,192 | ---- | C] () -- C:\Users\Jonas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/08/30 01:15:30 | 003,782,214 | ---- | C] () -- \chatzum_nt.exe [2012/06/16 12:54:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011/01/06 11:48:02 | 000,000,121 | ---- | C] () -- \RunDism.bat [2010/11/16 19:38:50 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS [2010/11/16 19:38:50 | 000,000,000 | RHS- | C] () -- \IO.SYS [2010/07/16 12:21:33 | 000,171,136 | RHS- | C] () -- \w7ldr [2009/11/07 00:12:32 | 000,003,839 | RHS- | C] () -- \Patch.rev [2009/11/06 15:24:28 | 3217,235,968 | -HS- | C] () -- \hiberfil.sys [2009/08/22 08:01:21 | 000,000,212 | RHS- | C] () -- \Preload.rev [2009/07/27 22:40:53 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2009/07/27 22:40:51 | 000,383,562 | RHS- | C] () -- \bootmgr [2009/07/14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat [2009/07/14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys [2006/12/01 23:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2012/10/07 08:18:40 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2012/10/07 08:18:40 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 980 bytes -> C:\ProgramData\Microsoft:bFoGjZwR6S3gcbacqfsA4 @Alternate Data Stream - 975 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:yAK9ddzapcQegcs3aYBO @Alternate Data Stream - 1200 bytes -> C:\ProgramData\Microsoft:xGE3NTMxV4ye5D1WpRO @Alternate Data Stream - 1067 bytes -> C:\ProgramData\Microsoft:SmWSlDY5XD5NAN2zkN < End of report > --- --- --- Der 2. Bericht (Extras.txt: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09/10/2012 10:33:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,60% Memory free
7,99 Gb Paging File | 6,07 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 249,80 Gb Total Space | 43,35 Gb Free Space | 17,36% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,17 Mb Free Space | 70,17% Space Free | Partition Type: NTFS
Drive E: | 106,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{356785F8-70F0-472A-A47D-6C4348957AC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BF5F8C88-01A9-40DB-9C6D-5D9726F7D1C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D2DB454C-645C-448A-A0B9-B6F6C1D75BA8}" = Garmin Communicator Plugin x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blender" = Blender
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}" = Shutdown Timer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10AF4EF8-4E0B-4BF8-9FA5-D43A4F19FFD8}" = Heyer's Video-Cover 4
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}" = Vegas Pro 11.0
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1" = Cinema 4D version R12
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00
"{8A5458F0-0F3A-486E-8436-6CF05977093F}" = E3MC - Windows Shutdown Timer v5.7 Full
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E883466C-77EC-44AC-8EC8-417A4A16AB3F}" = Garmin Communicator Plugin
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bus-Simulator 2012_is1" = Bus-Simulator 2012
"devkitProUpdater" = devkitProUpdater 1.5.3
"DVDStyler_is1" = DVDStyler v2.2
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"Free Audio Converter_is1" = Free Audio Converter version 5.0.14.627
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.2.2.706
"Free Video Converter_is1" = Free Video Converter V 3.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.17.825
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.29.825
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"loadtbs-3.0" = loadtbs-3.0
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Unity" = Unity
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameMaker81" = GameMaker 8.1
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08/10/2012 11:44:30 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 08/10/2012 11:57:28 | Computer Name = Jonas-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b98 Startzeit:
01cda56d31c86501 Endzeit: 24 Anwendungspfad: C:\Users\Jonas\Desktop\OTL.exe Berichts-ID:
d8354282-1160-11e2-ba64-00262d631707
Error - 08/10/2012 12:03:13 | Computer Name = Jonas-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12d4 Startzeit:
01cda56e179a0558 Endzeit: 4 Anwendungspfad: C:\Users\Jonas\Desktop\OTL.exe Berichts-ID:
a7bb77a7-1161-11e2-ba64-00262d631707
Error - 08/10/2012 12:12:55 | Computer Name = Jonas-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 08/10/2012 15:55:42 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 08/10/2012 16:42:46 | Computer Name = Jonas-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3fa
Error - 08/10/2012 16:43:42 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 09/10/2012 03:01:07 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 09/10/2012 03:22:18 | Computer Name = Jonas-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 09/10/2012 04:27:25 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 08/10/2012 16:35:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08/10/2012 16:36:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08/10/2012 16:37:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08/10/2012 16:38:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08/10/2012 16:39:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08/10/2012 16:39:05 | Computer Name = Jonas-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 08/10/2012 16:40:00 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08/10/2012 16:40:11 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 08/10/2012 16:44:02 | Computer Name = Jonas-PC | Source = DCOM | ID = 10010
Description =
Error - 09/10/2012 04:23:46 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Geändert von F4c3d0wn (09.10.2012 um 10:04 Uhr) |
|
| Themen zu Computer öffnet unaufgefordert Seiten und komischer Virus gefunden |
| acer, acer aspire, anderes, antivirenprogramm, avira, avira echtzeitscanner, computer, entfernen, folge, google, internet, internetseite, klicke, komisch, laptop, meldung, problem, programm, recycle.bin, scan, scanner, seite, seiten, seiten geöffnet, sekunden, seltsame, suchergebnisse, tr/atraps.gen, trojaner, virus, warum, öffnet |
Linear-Darstellung
