Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AntiVir funktioniert nicht mehr

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.05.2014, 18:14   #1
thomasN
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Hallo,

habe den Laptop von meinem Vater hier stehen, sein Antivir funktioniert nicht mehr. Es lässt sich weder starten, noch deinstallieren.

Außerdem kommt beim hochfahren eine Meldung: RegSvr32 - Datei "" nicht gefunden.

Habe Defogger und FRST laufen lassen, siehe unten. GMER habe ich ebenfalls downgeloadet. Zuerst lief der Scan, aber das Logfile hat sich nicht speichern lassen. Wenn ich jetzt den Scan erneut starte, stürzt GMER immer ab. Fehlermeldung siehe ebenfalls unten.

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:31 on 31/05/2014 (egon)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Zitat:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-05-2014
Ran by egon (administrator) on EGON-PC on 31-05-2014 14:34:55
Running from C:\Users\egon\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AMD) C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(AMD) C:\Windows\System32\SafeRemoveDialog.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files\ATK Hotkey\HControlUser.exe
() C:\Windows\ASScrPro.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [7651328 2008-07-15] (ASUS)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6183456 2008-06-13] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [HControlUser] => C:\Program Files\ATK Hotkey\HcontrolUser.exe [98304 2008-01-12] ()
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-10-15] ()
HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\AsScrProlog.exe [47672 2008-10-15] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-11-28] (Google Inc.)
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [ItahIzev] => regsvr32.exe "
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\egon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t0rfrh1.lnk
ShortcutTarget: 7t0rfrh1.lnk -> C:\ProgramData\1hrfr0t7.dss (Корпорация Майкрософт)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {F9861FF4-192B-4A13-B9CB-D6F2908292EA} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f76c1239-b989-46a6-8bcf-19e0f2fc73ff&apn_sauid=896FFEED-5BC5-49C6-8253-E5B072046855
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-09]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Google-Suche) - C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (Google Mail) - C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S2 Dnscache; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 SafeRemove; C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe [147456 2008-07-07] (AMD)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 Update-Service; C:\Windows\System32\UpdSvc.dll [114000 2011-12-25] (Joosoft.com GmbH)
S2 Winmgmt; C:\ProgramData\1hrfr0t7.dss [221184 2013-11-20] (Корпорация Майкрософт)

==================== Drivers (Whitelisted) ====================

R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-05] (Avira Operations GmbH & Co. KG)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-02] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-23] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 14:34 - 2014-05-31 14:36 - 00015349 _____ () C:\Users\egon\Desktop\FRST.txt
2014-05-31 14:34 - 2014-05-31 14:34 - 00000000 ____D () C:\FRST
2014-05-31 14:33 - 2014-05-31 14:33 - 01056256 _____ (Farbar) C:\Users\egon\Desktop\FRST.exe
2014-05-31 14:31 - 2014-05-31 14:32 - 00000470 _____ () C:\Users\egon\Desktop\defogger_disable.log
2014-05-31 14:31 - 2014-05-31 14:31 - 00000000 _____ () C:\Users\egon\defogger_reenable
2014-05-31 14:29 - 2014-05-31 14:29 - 00050477 _____ () C:\Users\egon\Desktop\Defogger.exe
2014-05-15 20:21 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 20:17 - 2014-05-05 21:31 - 06021120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 20:17 - 2014-05-05 21:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 20:17 - 2014-05-05 20:47 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

==================== One Month Modified Files and Folders =======

2014-05-31 14:36 - 2014-05-31 14:34 - 00015349 _____ () C:\Users\egon\Desktop\FRST.txt
2014-05-31 14:36 - 2008-11-14 16:59 - 00000000 ____D () C:\Users\egon\AppData\Local\Temp
2014-05-31 14:35 - 2008-10-15 20:38 - 01278040 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 14:34 - 2014-05-31 14:34 - 00000000 ____D () C:\FRST
2014-05-31 14:33 - 2014-05-31 14:33 - 01056256 _____ (Farbar) C:\Users\egon\Desktop\FRST.exe
2014-05-31 14:32 - 2014-05-31 14:31 - 00000470 _____ () C:\Users\egon\Desktop\defogger_disable.log
2014-05-31 14:31 - 2014-05-31 14:31 - 00000000 _____ () C:\Users\egon\defogger_reenable
2014-05-31 14:31 - 2008-11-14 16:59 - 00000000 ____D () C:\Users\egon
2014-05-31 14:29 - 2014-05-31 14:29 - 00050477 _____ () C:\Users\egon\Desktop\Defogger.exe
2014-05-31 14:26 - 2008-12-25 16:07 - 00002735 _____ () C:\Users\egon\Desktop\Microsoft Office Outlook 2007.lnk
2014-05-31 14:22 - 2009-12-19 14:18 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-31 14:21 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 14:21 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 14:21 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 14:20 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-31 14:16 - 2009-12-19 14:18 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 22:06 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-30 19:29 - 2012-10-20 14:17 - 00000000 ____D () C:\Windows\pss
2014-05-30 19:23 - 2013-02-23 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-30 19:23 - 2013-02-23 21:22 - 00000000 ____D () C:\Program Files\Avira
2014-05-30 19:20 - 2013-02-23 21:22 - 00000000 ____D () C:\ProgramData\Avira
2014-05-30 19:19 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-30 19:19 - 2006-11-02 12:33 - 01586296 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 19:14 - 2008-12-25 16:02 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-05-30 18:56 - 2013-05-12 16:21 - 00000000 ____D () C:\Users\egon\AppData\Roaming\IrfanView
2014-05-30 18:00 - 2008-11-14 17:21 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{B5651F0E-2EE9-4B34-8DEB-ED7D2B7F25BD}.job
2014-05-30 17:56 - 2008-10-15 22:53 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-05-27 15:45 - 2008-01-21 04:47 - 00301752 _____ () C:\Windows\PFRO.log
2014-05-27 15:38 - 2013-02-23 21:22 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 15:38 - 2013-02-23 21:22 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 10:44 - 2009-03-24 18:29 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-05-22 17:04 - 2010-07-10 17:26 - 00000000 ____D () C:\Users\egon\Documents\freewayprogramm
2014-05-20 20:03 - 2009-01-08 20:22 - 00012350 _____ () C:\Users\egon\Desktop\Volksmusik Musik Radio Webradio Internetradio Netradio.url
2014-05-15 20:32 - 2013-08-14 21:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:28 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-08 20:17 - 2009-05-07 18:15 - 00000162 _____ () C:\Users\egon\Desktop\eBay Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr – alles zu günstigen Preisen.url
2014-05-05 21:31 - 2014-05-15 20:17 - 06021120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:31 - 2014-05-15 20:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 20:47 - 2014-05-15 20:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

Files to move or delete:
====================
C:\ProgramData\1hrfr0t7.dss
C:\ProgramData\7t0rfrh1.bxx
C:\ProgramData\7t0rfrh1.fvv
C:\ProgramData\7t0rfrh1.reg


Some content of TEMP:
====================
C:\Users\egon\AppData\Local\Temp\avgnt.exe
C:\Users\egon\AppData\Local\Temp\iv_uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-31 14:30

==================== End Of Log ============================
Zitat:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-05-2014
Ran by egon at 2014-05-31 14:36:21
Running from C:\Users\egon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
4660_4680_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.18.0 - Ask.com) <==== ATTENTION
ASUS CopyProtect (HKLM\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0006 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.8 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.01 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0005 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0021 - ASUS)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0008 - ASUS)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{03ECA42B-5AF3-AFE7-7AC2-DD8465A39FE5}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0034 - ATK)
ATKOSD2 (HKLM\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0001 - ASUS)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.37268 - Ask.com) <==== ATTENTION
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0429.2146.37034 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Czech (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Danish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Dutch (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help English (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Finnish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help French (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help German (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Greek (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Italian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Japanese (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Korean (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Polish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Russian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Spanish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Swedish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Thai (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Turkish (Version: 2008.0429.2145.37034 - ATI) Hidden
ccc-core-static (Version: 2008.0429.2146.37034 - ATI) Hidden
ccc-utility (Version: 2008.0429.2146.37034 - ATI) Hidden
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 11.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dolby Control Center (HKLM\...\{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}) (Version: 1.1.0503 - Dolby)
easyFly 4 (HKCU\...\{09696666-CB70-4056-A504-D916D92933E2}) (Version: 4.0.1.3 - IPACS)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Express Gate (HKLM\...\{27D51A76-371D-48B6-B06E-4137A15B7583}) (Version: 0.8.0.3 - devicevm)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
J4680 (Version: 50.0.165.000 - Ihr Firmenname) Hidden
Lager (Version: 1.0.0.0 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack - deu (Version: 3.5.21022 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Basic 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
Network (Version: 110.0.180.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5645 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )
Safely Remove Disk Drive (HKLM\...\InstallShield_{0F97342A-56FA-4E9B-9F58-87DBD9DE9D9A}) (Version: 1.0.1540.3 - AMD)
Safely Remove Disk Drive (Version: 1.0.1540.3 - AMD) Hidden
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Skins (Version: 2008.0429.2146.37034 - ATI) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Suite (Version: 1.00.0000 - CyberLink Corp.) Hidden
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {350B4B60-6E3D-4DE1-8E63-3B0157FF3E0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-19] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EB8A74D-6CD6-467B-B244-6A647B72A47E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {54A8E72B-9795-4A47-9265-9797A4027845} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-19] (Google Inc.)
Task: {65410507-DAB8-48F8-8ECA-575CF3EA65D2} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {7713D6DB-9E61-4C05-A3FC-110DA9AD1FBB} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-02-08] () <==== ATTENTION
Task: {774D5AD6-AB4B-45C6-B4BC-BB282EE77AA1} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2008-06-18] (ASUS)
Task: {9296E7A1-9B23-4FA1-A78B-75FD0FFC79BF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {A16E19E4-FB30-4290-B337-7BC3E97E4D4F} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-13] (Google)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FF8F6342-6737-4B66-9ACF-9C44CE227793} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {FFF5FF0A-CD57-4674-BB7C-B0CEB77750C9} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - egon => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{B5651F0E-2EE9-4B34-8DEB-ED7D2B7F25BD}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-10-15 22:41 - 2007-05-18 11:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-10-15 22:19 - 2007-10-03 06:53 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-10-15 22:42 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2008-10-15 22:46 - 2007-08-03 21:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-10-15 22:46 - 2007-09-14 19:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-10-15 22:46 - 2003-11-28 11:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-10-15 22:46 - 2005-08-30 00:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-10-15 22:46 - 2003-09-10 01:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-10-15 22:46 - 2006-04-04 19:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-10-15 22:46 - 2005-04-08 04:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2008-04-30 00:00 - 2008-04-30 00:00 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-10-15 22:41 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-10-15 22:41 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2008-10-15 22:41 - 2007-08-08 11:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2008-10-15 22:19 - 2008-01-12 07:40 - 00098304 _____ () C:\Program Files\ATK Hotkey\HControlUser.exe
2008-10-15 22:19 - 2007-11-13 00:41 - 00106496 _____ () C:\Program Files\ATK Hotkey\MsgTran.dll
2008-10-15 22:49 - 2008-10-15 22:49 - 00033136 _____ () C:\Windows\ASScrPro.exe
2008-10-15 22:19 - 2004-05-28 03:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-10-15 22:19 - 2007-11-05 04:48 - 00106496 _____ () C:\Program Files\ATK Hotkey\MsgTranAgt.exe
2008-10-15 22:27 - 2007-07-06 01:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-12 01:34 - 2008-07-12 01:34 - 00010240 _____ () C:\Program Files\P4G\DevMng.dll
2008-07-18 05:56 - 2008-07-18 05:56 - 00015360 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-15 22:42 - 2007-03-10 01:16 - 00106496 _____ () C:\Program Files\ATKGFNEX\AGFNEX.dll
2007-07-10 07:48 - 2007-07-10 07:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll
2008-10-15 22:43 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2008-10-15 22:19 - 2007-12-04 19:57 - 02486272 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-10-15 22:19 - 2007-08-15 20:20 - 00106496 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-10-15 22:19 - 2008-01-23 19:51 - 00151552 _____ () C:\Program Files\ATK Hotkey\WDC.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2014 02:19:48 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/31/2014 02:13:00 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/30/2014 11:26:26 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/30/2014 07:44:53 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/30/2014 07:23:08 PM) (Source: MsiInstaller) (EventID: 11920) (User: egon-PC)
Description: Product: Avira -- Error 1920. Service 'Avira Service Host' (Avira.OE.ServiceHost) failed to start. Verify that you have sufficient privileges to start system services.

Error: (05/30/2014 07:22:33 PM) (Source: MsiInstaller) (EventID: 11920) (User: egon-PC)
Description: Product: Avira -- Error 1920. Service 'Avira Service Host' (Avira.OE.ServiceHost) failed to start. Verify that you have sufficient privileges to start system services.

Error: (05/30/2014 07:21:20 PM) (Source: MsiInstaller) (EventID: 11920) (User: egon-PC)
Description: Product: Avira -- Error 1920. Service 'Avira Service Host' (Avira.OE.ServiceHost) failed to start. Verify that you have sufficient privileges to start system services.

Error: (05/28/2014 10:34:52 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/25/2014 00:27:53 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/22/2014 10:25:22 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (05/31/2014 02:26:38 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (05/31/2014 02:25:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/31/2014 02:25:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/31/2014 02:24:34 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -Embedding2{73C9DFA0-750D-11E1-B0C4-0800200C9A66}

Error: (05/31/2014 02:22:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/31/2014 02:19:47 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (05/31/2014 02:17:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/31/2014 02:17:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/31/2014 02:15:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/31/2014 02:04:33 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -Embedding2{73C9DFA0-750D-11E1-B0C4-0800200C9A66}


Microsoft Office Sessions:
=========================
Error: (03/10/2014 08:27:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1439 seconds with 660 seconds of active time. This session ended with a crash.

Error: (11/18/2013 09:31:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/19/2012 07:59:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/17/2012 06:46:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 50 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2009-10-31 17:03:01.180
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2009-10-31 17:03:01.102
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2009-10-31 17:03:01.024
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2009-10-31 17:03:00.931
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2009-10-31 17:03:00.853
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2009-10-27 20:03:21.626
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2009-10-27 20:03:21.549
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2009-10-27 20:03:21.468
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2009-10-27 20:03:21.387
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2009-10-27 20:03:21.245
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3326.2 MB
Available physical RAM: 1946.41 MB
Total Pagefile: 6850.9 MB
Available Pagefile: 5453.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.3 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:66.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:94.75 GB) NTFS
Drive f: () (Removable) (Total:7.47 GB) (Free:7.06 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 2675AED4)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================
Zitat:
Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: fz6jr33b.exe
Anwendungsversion: 2.1.19357.0
Anwendungszeitstempel: 52e7ea83
Fehlermodulname: fz6jr33b.exe
Fehlermodulversion: 2.1.19357.0
Fehlermodulzeitstempel: 52e7ea83
Ausnahmecode: c0000005
Ausnahmeoffset: 00012298
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 1031
Zusatzinformation 1: 1a87
Zusatzinformation 2: a5e187f67f15f99011f44e204f1daedc
Zusatzinformation 3: 3da2
Zusatzinformation 4: cf1bac0d56d6ad48d10291eb5501b0c2
Wäre super, wenn mir hier wieder mal jemand weiterhelfen würde

Alt 31.05.2014, 18:17   #2
M-K-D-B
/// TB-Ausbilder
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!





Oh man, da hast du dir ja einiges eingefangen...


Wir beginnen erst mal so:



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 31.05.2014, 18:42   #3
thomasN
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Hi Matthias,

danke für die schnelle Rückmeldung.

Ist wie gesagt der Laptop von meinem 72-jährigen Vater, keine Ahnung, was der da gemacht hat :-)

Habe Combofix downgeloadet und laufen lassen. Es hat dann die Meldung gemacht, dass ich eine Systemwiederherstellung machen soll. Habe ich ebenfalls gemacht.

Habe Combofix dann erneut gestartet. Es kam die Meldung, dass ich Antivir deaktivieren soll. Das geht aber nicht, da Antivir ja nicht mehr reagiert.

Soll ich Combofix trotzdem laufen lassen? Es steht dort, dass es dann ggf. zu Beschädigungen am Computer kommen kann?!

Gruß Thomas
__________________

Alt 31.05.2014, 19:09   #4
M-K-D-B
/// TB-Ausbilder
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Zitat:
Zitat von thomasN Beitrag anzeigen
Soll ich Combofix trotzdem laufen lassen? Es steht dort, dass es dann ggf. zu Beschädigungen am Computer kommen kann?!
Ja, laufen lassen, Systemwiederherstellung ist ja gemacht.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 31.05.2014, 20:11   #5
thomasN
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Es kam leider im Nachgang die Meldung, dass die Systemwiederherstellung nicht erfolgreich ausgeführt wurde.

Grund: "Der Wiederherstellungspunkt wurde während der Wiederherstellung beschädigt oder gelöscht."

Habe auch ältere Wiederherstellungspunkte ausprobiert - ebenfalls erfolglos.

Combofix kriege ich daher also nicht zum laufen


Alt 31.05.2014, 20:23   #6
M-K-D-B
/// TB-Ausbilder
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Servus,



ok, kein Problem. Dann machen wir das anders:




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [ItahIzev] => regsvr32.exe "
Startup: C:\Users\egon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t0rfrh1.lnk
ShortcutTarget: 7t0rfrh1.lnk -> C:\ProgramData\1hrfr0t7.dss (Корпорация Майкрософт)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {F9861FF4-192B-4A13-B9CB-D6F2908292EA} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f76c1239-b989-46a6-8bcf-19e0f2fc73ff&apn_sauid=896FFEED-5BC5-49C6-8253-E5B072046855
R2 Update-Service; C:\Windows\System32\UpdSvc.dll [114000 2011-12-25] (Joosoft.com GmbH)
S2 Winmgmt; C:\ProgramData\1hrfr0t7.dss [221184 2013-11-20] (Корпорация Майкрософт)
C:\Windows\System32\UpdSvc.dll
C:\ProgramData\1hrfr0t7.dss
C:\ProgramData\7t0rfrh1.bxx
C:\ProgramData\7t0rfrh1.fvv
C:\ProgramData\7t0rfrh1.reg
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 4
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.
__________________
--> AntiVir funktioniert nicht mehr

Alt 01.06.2014, 13:41   #7
thomasN
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



So, hier die Logs:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-06-2014
Ran by egon at 2014-06-01 12:58:41 Run:1
Running from C:\Users\egon\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [ItahIzev] => regsvr32.exe "
Startup: C:\Users\egon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t0rfrh1.lnk
ShortcutTarget: 7t0rfrh1.lnk -> C:\ProgramData\1hrfr0t7.dss (?????????? ??????????)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {F9861FF4-192B-4A13-B9CB-D6F2908292EA} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f76c1239-b989-46a6-8bcf-19e0f2fc73ff&apn_sauid=896FFEED-5BC5-49C6-8253-E5B072046855
R2 Update-Service; C:\Windows\System32\UpdSvc.dll [114000 2011-12-25] (Joosoft.com GmbH)
S2 Winmgmt; C:\ProgramData\1hrfr0t7.dss [221184 2013-11-20] (?????????? ??????????)
C:\Windows\System32\UpdSvc.dll
C:\ProgramData\1hrfr0t7.dss
C:\ProgramData\7t0rfrh1.bxx
C:\ProgramData\7t0rfrh1.fvv
C:\ProgramData\7t0rfrh1.reg
Reboot:
end

*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ItahIzev => Value deleted successfully.
C:\Users\egon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t0rfrh1.lnk => Moved successfully.
C:\ProgramData\1hrfr0t7.dss => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F9861FF4-192B-4A13-B9CB-D6F2908292EA} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F9861FF4-192B-4A13-B9CB-D6F2908292EA} => Key not found.
Update-Service => Service stopped successfully.
Update-Service => Service deleted successfully.
Winmgmt => Service restored successfully.
C:\Windows\System32\UpdSvc.dll => Moved successfully.
"C:\ProgramData\1hrfr0t7.dss" => File/Directory not found.
C:\ProgramData\7t0rfrh1.bxx => Moved successfully.
C:\ProgramData\7t0rfrh1.fvv => Moved successfully.
C:\ProgramData\7t0rfrh1.reg => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
Code:
ATTFilter
# AdwCleaner v3.211 - Bericht erstellt am 01/06/2014 um 13:42:40
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : egon - EGON-PC
# Gestartet von : C:\Users\egon\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\egon\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\egon\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\egon\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\egon\AppData\LocalLow\AskToolbar
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7713D6DB-9E61-4C05-A3FC-110DA9AD1FBB}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7713D6DB-9E61-4C05-A3FC-110DA9AD1FBB}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A16E19E4-FB30-4290-B337-7BC3E97E4D4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.19518


-\\ Google Chrome v

[ Datei : C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8654 octets] - [01/06/2014 13:41:20]
AdwCleaner[S0].txt - [8520 octets] - [01/06/2014 13:42:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8580 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by egon on 01.06.2014 at 13:53:26,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\wiseconvert"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2014 at 13:58:05,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.06.2014
Suchlauf-Zeit: 14:06:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.01.04
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: egon

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 244234
Verstrichene Zeit: 16 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 3
Trojan.Ransom.ED, C:\Users\egon\AppData\Local\Temp\1hrfr0t7.dss, In Quarantäne, [4efacca7017ac86ed27393a3a45d1ae6], 
Trojan.Ransom.ED, C:\Users\egon\AppData\Local\Temp\Low\mPXT.dll, In Quarantäne, [58f08de60d6e033375d06bcb709135cb], 
Trojan.Ransom.ED, C:\Windows\Temp\1hrfr0t7.dss, In Quarantäne, [62e63f345e1d142255f0a492976ac43c], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-06-2014
Ran by egon at 2014-06-01 14:34:45
Running from C:\Users\egon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
4660_4680_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
ASUS CopyProtect (HKLM\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0006 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.8 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.01 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0005 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0021 - ASUS)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0008 - ASUS)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{03ECA42B-5AF3-AFE7-7AC2-DD8465A39FE5}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0034 - ATK)
ATKOSD2 (HKLM\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0001 - ASUS)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0429.2146.37034 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Czech (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Danish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Dutch (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help English (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Finnish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help French (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help German (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Greek (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Italian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Japanese (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Korean (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Polish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Russian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Spanish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Swedish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Thai (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Turkish (Version: 2008.0429.2145.37034 - ATI) Hidden
ccc-core-static (Version: 2008.0429.2146.37034 - ATI) Hidden
ccc-utility (Version: 2008.0429.2146.37034 - ATI) Hidden
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 11.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dolby Control Center (HKLM\...\{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}) (Version: 1.1.0503 - Dolby)
easyFly 4 (HKCU\...\{09696666-CB70-4056-A504-D916D92933E2}) (Version: 4.0.1.3 - IPACS)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Express Gate (HKLM\...\{27D51A76-371D-48B6-B06E-4137A15B7583}) (Version: 0.8.0.3 - devicevm)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
J4680 (Version: 50.0.165.000 - Ihr Firmenname) Hidden
Lager (Version: 1.0.0.0 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack - deu (Version: 3.5.21022 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Basic 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version:  - )
Network (Version: 110.0.180.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5645 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )
Safely Remove Disk Drive (HKLM\...\InstallShield_{0F97342A-56FA-4E9B-9F58-87DBD9DE9D9A}) (Version: 1.0.1540.3 - AMD)
Safely Remove Disk Drive (Version: 1.0.1540.3 - AMD) Hidden
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Skins (Version: 2008.0429.2146.37034 - ATI) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Suite (Version: 1.00.0000 - CyberLink Corp.) Hidden
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version:  - )
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)

==================== Restore Points  =========================

17-05-2014 19:22:27 Geplanter Prüfpunkt
18-05-2014 20:38:31 Geplanter Prüfpunkt
21-05-2014 18:04:38 Windows Update
26-05-2014 16:24:46 Geplanter Prüfpunkt
27-05-2014 16:16:23 Geplanter Prüfpunkt
30-05-2014 16:12:03 Windows Update
31-05-2014 12:09:15 Removed Avira SearchFree Toolbar plus Web Protection.
31-05-2014 12:16:51 Removed Avira SearchFree Toolbar plus Web Protection.
31-05-2014 17:27:52 Wiederherstellungsvorgang
31-05-2014 18:40:18 Wiederherstellungsvorgang
31-05-2014 18:49:55 Wiederherstellungsvorgang
01-06-2014 10:55:56 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {350B4B60-6E3D-4DE1-8E63-3B0157FF3E0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-19] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EB8A74D-6CD6-467B-B244-6A647B72A47E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {54A8E72B-9795-4A47-9265-9797A4027845} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-19] (Google Inc.)
Task: {65410507-DAB8-48F8-8ECA-575CF3EA65D2} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {774D5AD6-AB4B-45C6-B4BC-BB282EE77AA1} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2008-06-18] (ASUS)
Task: {9296E7A1-9B23-4FA1-A78B-75FD0FFC79BF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {B341CEBC-9DD2-4901-AFDE-B729CB019449} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - egon => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FF8F6342-6737-4B66-9ACF-9C44CE227793} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{B5651F0E-2EE9-4B34-8DEB-ED7D2B7F25BD}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-10-15 22:41 - 2007-05-18 11:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-10-15 22:19 - 2007-10-03 06:53 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-10-15 22:42 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2008-10-15 22:46 - 2007-08-03 21:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-10-15 22:46 - 2007-09-14 19:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-10-15 22:46 - 2003-11-28 11:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-10-15 22:46 - 2005-08-30 00:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-10-15 22:46 - 2003-09-10 01:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-10-15 22:46 - 2006-04-04 19:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-10-15 22:46 - 2005-04-08 04:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2008-04-30 00:00 - 2008-04-30 00:00 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-10-15 22:41 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-10-15 22:41 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2008-02-04 22:29 - 2008-02-04 22:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2008-10-15 22:43 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2008-10-15 22:19 - 2004-05-28 03:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-10-15 22:19 - 2007-11-05 04:48 - 00106496 _____ () C:\Program Files\ATK Hotkey\MsgTranAgt.exe
2008-10-15 22:27 - 2007-07-06 01:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-12 01:34 - 2008-07-12 01:34 - 00010240 _____ () C:\Program Files\P4G\DevMng.dll
2008-07-18 05:56 - 2008-07-18 05:56 - 00015360 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-15 22:42 - 2007-03-10 01:16 - 00106496 _____ () C:\Program Files\ATKGFNEX\AGFNEX.dll
2007-07-10 07:48 - 2007-07-10 07:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll
2008-10-15 22:19 - 2007-12-04 19:57 - 02486272 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-10-15 22:19 - 2007-08-15 20:20 - 00106496 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-10-15 22:19 - 2008-01-23 19:51 - 00151552 _____ () C:\Program Files\ATK Hotkey\WDC.exe
2008-10-15 22:19 - 2008-01-12 07:40 - 00098304 _____ () C:\Program Files\ATK Hotkey\HControlUser.exe
2008-10-15 22:19 - 2007-11-13 00:41 - 00106496 _____ () C:\Program Files\ATK Hotkey\MsgTran.dll
2008-10-15 22:49 - 2008-10-15 22:49 - 00033136 _____ () C:\Windows\ASScrPro.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: HP Officejet J4680
Description: HP Officejet J4680
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2014 02:27:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/01/2014 02:31:51 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: ComputerbrowserLanmanWorkstation

Error: (06/01/2014 02:30:08 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/01/2014 02:27:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (06/01/2014 02:27:15 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: ComputerbrowserLanmanWorkstation

Error: (06/01/2014 02:27:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: DNS-Client%%2

Error: (06/01/2014 02:26:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/01/2014 02:25:51 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402


Microsoft Office Sessions:
=========================
Error: (03/10/2014 08:27:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1439 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (11/18/2013 09:31:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/19/2012 07:59:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/17/2012 06:46:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 50 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-06-01 14:34:39.007
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-01 14:34:38.367
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-01 14:34:37.665
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-01 14:34:37.072
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-01 14:34:36.464
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-01 14:34:35.840
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-01 14:34:35.247
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-01 14:34:34.654
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-01 14:34:33.796
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-01 14:34:33.203
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3326.2 MB
Available physical RAM: 2064.14 MB
Total Pagefile: 6848.9 MB
Available Pagefile: 5625.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.92 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:66.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:94.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=OF Extended)

==================== End Of Log ============================
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014
Ran by egon (administrator) on EGON-PC on 01-06-2014 14:33:02
Running from C:\Users\egon\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AMD) C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(AMD) C:\Windows\System32\SafeRemoveDialog.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files\ATK Hotkey\HControlUser.exe
() C:\Windows\ASScrPro.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [7651328 2008-07-15] (ASUS)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6183456 2008-06-13] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [HControlUser] => C:\Program Files\ATK Hotkey\HcontrolUser.exe [98304 2008-01-12] ()
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-10-15] ()
HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\AsScrProlog.exe [47672 2008-10-15] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-11-28] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-09]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Google-Suche) - C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (Google Mail) - C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S2 Dnscache; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 SafeRemove; C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe [147456 2008-07-07] (AMD)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()

==================== Drivers (Whitelisted) ====================

R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-05] (Avira Operations GmbH & Co. KG)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-02] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-23] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 14:32 - 2014-06-01 14:32 - 00001468 _____ () C:\Users\egon\Desktop\mbam.txt
2014-06-01 14:04 - 2014-06-01 14:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 14:04 - 2014-06-01 14:04 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-01 14:04 - 2014-06-01 14:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 14:04 - 2014-06-01 14:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-01 14:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-01 14:04 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-01 14:04 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-01 14:03 - 2014-06-01 14:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\egon\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-01 13:58 - 2014-06-01 13:58 - 00000977 _____ () C:\Users\egon\Desktop\JRT.txt
2014-06-01 13:53 - 2014-06-01 14:24 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 13:52 - 2014-06-01 13:52 - 01016261 _____ (Thisisu) C:\Users\egon\Desktop\JRT.exe
2014-06-01 13:46 - 2014-06-01 13:46 - 00008660 _____ () C:\Users\egon\Desktop\AdwCleaner[S0].txt
2014-06-01 13:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-01 13:41 - 2014-06-01 13:42 - 00000000 ____D () C:\AdwCleaner
2014-06-01 13:39 - 2014-06-01 13:39 - 01327971 _____ () C:\Users\egon\Desktop\adwcleaner_3.211.exe
2014-06-01 12:58 - 2014-06-01 12:58 - 00000000 ____D () C:\Users\egon\Desktop\FRST-OlderVersion
2014-05-31 21:31 - 2014-05-31 21:31 - 00000000 ___SD () C:\ComboFix
2014-05-31 19:24 - 2014-05-31 19:24 - 00000000 ____D () C:\Qoobox
2014-05-31 19:24 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-31 19:24 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-31 19:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-31 19:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-31 19:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-31 19:24 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-31 19:24 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-31 19:24 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-31 19:22 - 2014-05-31 21:31 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-31 19:22 - 2014-05-31 19:22 - 05203398 ____R (Swearware) C:\Users\egon\Desktop\ComboFix.exe
2014-05-31 19:22 - 2014-05-31 19:22 - 00000000 ____D () C:\Windows\erdnt
2014-05-31 19:01 - 2014-05-31 19:01 - 00000554 _____ () C:\Users\egon\Desktop\Problemsignatur.txt
2014-05-31 18:35 - 2014-05-31 18:35 - 291155312 _____ () C:\Windows\MEMORY.DMP
2014-05-31 18:35 - 2014-05-31 18:35 - 00143544 _____ () C:\Windows\Minidump\Mini053114-01.dmp
2014-05-31 18:35 - 2014-05-31 18:35 - 00000000 ____D () C:\Windows\Minidump
2014-05-31 15:50 - 2014-05-31 15:50 - 00380416 _____ () C:\Users\egon\Desktop\fz6jr33b.exe
2014-05-31 14:36 - 2014-05-31 14:42 - 00031347 _____ () C:\Users\egon\Desktop\Addition.txt
2014-05-31 14:34 - 2014-06-01 14:33 - 00012135 _____ () C:\Users\egon\Desktop\FRST.txt
2014-05-31 14:34 - 2014-06-01 14:33 - 00000000 ____D () C:\FRST
2014-05-31 14:33 - 2014-06-01 12:58 - 01057792 _____ (Farbar) C:\Users\egon\Desktop\FRST.exe
2014-05-31 14:31 - 2014-05-31 14:32 - 00000470 _____ () C:\Users\egon\Desktop\defogger_disable.log
2014-05-31 14:31 - 2014-05-31 14:31 - 00000000 _____ () C:\Users\egon\defogger_reenable
2014-05-31 14:29 - 2014-05-31 14:29 - 00050477 _____ () C:\Users\egon\Desktop\Defogger.exe
2014-05-15 20:21 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 20:17 - 2014-05-05 21:31 - 06021120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 20:17 - 2014-05-05 21:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 20:17 - 2014-05-05 20:47 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

==================== One Month Modified Files and Folders =======

2014-06-01 14:33 - 2014-05-31 14:34 - 00012135 _____ () C:\Users\egon\Desktop\FRST.txt
2014-06-01 14:33 - 2014-05-31 14:34 - 00000000 ____D () C:\FRST
2014-06-01 14:33 - 2008-11-14 16:59 - 00000000 ____D () C:\Users\egon\AppData\Local\Temp
2014-06-01 14:32 - 2014-06-01 14:32 - 00001468 _____ () C:\Users\egon\Desktop\mbam.txt
2014-06-01 14:31 - 2008-10-15 20:38 - 01560084 _____ () C:\Windows\WindowsUpdate.log
2014-06-01 14:30 - 2014-06-01 14:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 14:26 - 2009-12-19 14:18 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-01 14:26 - 2008-10-15 22:53 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-06-01 14:25 - 2008-01-21 04:47 - 00302818 _____ () C:\Windows\PFRO.log
2014-06-01 14:25 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 14:25 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 14:25 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 14:24 - 2014-06-01 13:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 14:24 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-01 14:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-01 14:15 - 2009-12-19 14:18 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 14:04 - 2014-06-01 14:04 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-01 14:04 - 2014-06-01 14:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 14:04 - 2014-06-01 14:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-01 14:03 - 2014-06-01 14:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\egon\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-01 13:58 - 2014-06-01 13:58 - 00000977 _____ () C:\Users\egon\Desktop\JRT.txt
2014-06-01 13:52 - 2014-06-01 13:52 - 01016261 _____ (Thisisu) C:\Users\egon\Desktop\JRT.exe
2014-06-01 13:50 - 2006-11-02 12:33 - 01568228 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-01 13:46 - 2014-06-01 13:46 - 00008660 _____ () C:\Users\egon\Desktop\AdwCleaner[S0].txt
2014-06-01 13:42 - 2014-06-01 13:41 - 00000000 ____D () C:\AdwCleaner
2014-06-01 13:39 - 2014-06-01 13:39 - 01327971 _____ () C:\Users\egon\Desktop\adwcleaner_3.211.exe
2014-06-01 12:58 - 2014-06-01 12:58 - 00000000 ____D () C:\Users\egon\Desktop\FRST-OlderVersion
2014-06-01 12:58 - 2014-05-31 14:33 - 01057792 _____ (Farbar) C:\Users\egon\Desktop\FRST.exe
2014-05-31 21:31 - 2014-05-31 21:31 - 00000000 ___SD () C:\ComboFix
2014-05-31 21:31 - 2014-05-31 19:22 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-31 19:24 - 2014-05-31 19:24 - 00000000 ____D () C:\Qoobox
2014-05-31 19:22 - 2014-05-31 19:22 - 05203398 ____R (Swearware) C:\Users\egon\Desktop\ComboFix.exe
2014-05-31 19:22 - 2014-05-31 19:22 - 00000000 ____D () C:\Windows\erdnt
2014-05-31 19:01 - 2014-05-31 19:01 - 00000554 _____ () C:\Users\egon\Desktop\Problemsignatur.txt
2014-05-31 19:01 - 2008-12-25 16:08 - 00002631 _____ () C:\Users\egon\Desktop\Microsoft Office Word 2007.lnk
2014-05-31 18:39 - 2008-11-14 17:21 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{B5651F0E-2EE9-4B34-8DEB-ED7D2B7F25BD}.job
2014-05-31 18:35 - 2014-05-31 18:35 - 291155312 _____ () C:\Windows\MEMORY.DMP
2014-05-31 18:35 - 2014-05-31 18:35 - 00143544 _____ () C:\Windows\Minidump\Mini053114-01.dmp
2014-05-31 18:35 - 2014-05-31 18:35 - 00000000 ____D () C:\Windows\Minidump
2014-05-31 18:22 - 2008-11-14 16:59 - 00000000 ____D () C:\Users\egon
2014-05-31 16:34 - 2008-11-15 15:24 - 00000000 ____D () C:\ProgramData\HP
2014-05-31 15:50 - 2014-05-31 15:50 - 00380416 _____ () C:\Users\egon\Desktop\fz6jr33b.exe
2014-05-31 14:42 - 2014-05-31 14:36 - 00031347 _____ () C:\Users\egon\Desktop\Addition.txt
2014-05-31 14:32 - 2014-05-31 14:31 - 00000470 _____ () C:\Users\egon\Desktop\defogger_disable.log
2014-05-31 14:31 - 2014-05-31 14:31 - 00000000 _____ () C:\Users\egon\defogger_reenable
2014-05-31 14:29 - 2014-05-31 14:29 - 00050477 _____ () C:\Users\egon\Desktop\Defogger.exe
2014-05-31 14:26 - 2008-12-25 16:07 - 00002735 _____ () C:\Users\egon\Desktop\Microsoft Office Outlook 2007.lnk
2014-05-30 19:29 - 2012-10-20 14:17 - 00000000 ____D () C:\Windows\pss
2014-05-30 19:23 - 2013-02-23 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-30 19:23 - 2013-02-23 21:22 - 00000000 ____D () C:\Program Files\Avira
2014-05-30 19:20 - 2013-02-23 21:22 - 00000000 ____D () C:\ProgramData\Avira
2014-05-30 19:19 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-30 19:14 - 2008-12-25 16:02 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-05-30 18:56 - 2013-05-12 16:21 - 00000000 ____D () C:\Users\egon\AppData\Roaming\IrfanView
2014-05-27 15:38 - 2013-02-23 21:22 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 15:38 - 2013-02-23 21:22 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 10:44 - 2009-03-24 18:29 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-05-22 17:04 - 2010-07-10 17:26 - 00000000 ____D () C:\Users\egon\Documents\freewayprogramm
2014-05-20 20:03 - 2009-01-08 20:22 - 00012350 _____ () C:\Users\egon\Desktop\Volksmusik Musik Radio Webradio Internetradio Netradio.url
2014-05-15 20:32 - 2013-08-14 21:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:28 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-12 07:26 - 2014-06-01 14:04 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-01 14:04 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-01 14:04 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 20:17 - 2009-05-07 18:15 - 00000162 _____ () C:\Users\egon\Desktop\eBay Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr – alles zu günstigen Preisen.url
2014-05-05 21:31 - 2014-05-15 20:17 - 06021120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:31 - 2014-05-15 20:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 20:47 - 2014-05-15 20:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

Some content of TEMP:
====================
C:\Users\egon\AppData\Local\Temp\avgnt.exe
C:\Users\egon\AppData\Local\Temp\iv_uninstall.exe
C:\Users\egon\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-01 14:34

==================== End Of Log ============================
         
--- --- ---

Alt 02.06.2014, 14:04   #8
M-K-D-B
/// TB-Ausbilder
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
C:\Windows\system32\*.dll /900
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 02.06.2014, 16:49   #9
thomasN
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Code:
ATTFilter
OTL logfile created on: 02.06.2014 17:33:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\egon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 57,56% Memory free
6,69 Gb Paging File | 5,33 Gb Available in Paging File | 79,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 66,01 Gb Free Space | 56,69% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 94,75 Gb Free Space | 88,82% Space Free | Partition Type: NTFS
 
Computer Name: EGON-PC | User Name: egon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.06.02 17:31:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\egon\Desktop\OTL.exe
PRC - [2014.05.27 15:40:03 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014.05.27 15:38:34 | 001,039,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2014.05.27 15:38:29 | 000,425,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014.05.27 15:38:07 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.05.27 15:38:06 | 000,737,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.05.27 15:37:46 | 001,048,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\update.exe
PRC - [2014.05.27 15:37:46 | 000,392,272 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.15 22:49:46 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008.07.18 06:52:48 | 000,207,416 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.07.15 20:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008.07.07 10:37:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\SafeRemoveDialog.exe
PRC - [2008.07.07 10:37:00 | 000,147,456 | ---- | M] (AMD) -- C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe
PRC - [2008.06.19 21:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
PRC - [2008.06.18 07:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.06.13 07:52:51 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.03.18 22:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.02.02 00:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.05.30 21:58:03 | 011,909,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\df9291edaa44b3049b71043d9c10114a\System.Web.ni.dll
MOD - [2014.05.30 21:57:51 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fbf434299b068c463296945c12845734\System.Runtime.Remoting.ni.dll
MOD - [2014.02.12 21:00:33 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014.02.12 21:00:07 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014.02.12 20:59:48 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014.02.12 20:58:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014.02.12 20:57:51 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.10.15 22:49:46 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2008.10.15 21:58:28 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3041.37050__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.10.15 21:58:28 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3041.37003__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.10.15 21:58:28 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3041.37065__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.10.15 21:58:28 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3041.37278__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.10.15 21:58:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3041.37041__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.10.15 21:58:28 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3041.37177__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.10.15 21:58:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3041.37024__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.10.15 21:58:27 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3041.37235__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.10.15 21:58:26 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3041.37319__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.10.15 21:57:57 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3041.37018__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.10.15 21:57:56 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3041.37246__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.10.15 21:57:56 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3041.37326__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.10.15 21:57:56 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3041.37252__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.10.15 21:57:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3041.37244__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.10.15 21:57:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3041.37315__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.10.15 21:57:54 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3041.37189__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.10.15 21:57:54 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3041.37080__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.10.15 21:57:54 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3041.37180__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.10.15 21:57:54 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3041.37170__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.10.15 21:57:54 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3041.37027__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.10.15 21:57:54 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3041.37268__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.10.15 21:57:54 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3041.37227__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.10.15 21:57:54 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3041.37087__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.10.15 21:57:54 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3041.37072__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.10.15 21:57:54 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3041.37210__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.10.15 21:57:54 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3041.37187__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.10.15 21:57:54 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3041.37178__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.10.15 21:57:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3041.37086__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.10.15 21:57:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3041.37209__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.10.15 21:57:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3041.37226__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.10.15 21:57:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3041.37187__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.10.15 21:57:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.10.15 21:57:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.10.15 21:57:53 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.10.15 21:57:53 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.10.15 21:57:53 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.10.15 21:57:53 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.10.15 21:57:52 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.10.15 21:57:52 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.10.15 21:57:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.10.15 21:57:52 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.10.15 21:57:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.10.15 21:57:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.10.15 21:57:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.10.15 21:57:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.10.15 21:57:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.10.15 21:57:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.10.15 21:57:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.10.15 21:57:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.10.15 21:57:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.10.15 21:57:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.10.15 21:57:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.10.15 21:57:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.10.15 21:57:51 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.10.15 21:57:51 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.10.15 21:57:51 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.10.15 21:57:51 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.10.15 21:57:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.10.15 21:57:51 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.10.15 21:57:51 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.10.15 21:57:51 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.10.15 21:57:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.10.15 21:57:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.10.15 21:57:50 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.10.15 21:57:50 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.10.15 21:57:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.10.15 21:57:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.10.15 21:57:50 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.10.15 21:57:50 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.10.15 21:57:50 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.10.15 21:57:50 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.10.15 21:57:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.10.15 21:57:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.10.15 21:57:41 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3041.37295_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2008.10.15 21:57:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3041.37343__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.10.15 21:57:40 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3041.37359__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008.10.15 21:57:40 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3041.36993__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.10.15 21:57:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3041.37034__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.10.15 21:57:39 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3041.37295__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.10.15 21:57:39 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3041.37305__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.10.15 21:57:39 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3041.37302__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.10.15 21:57:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.10.15 21:57:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.10.15 21:57:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.10.15 21:57:39 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.10.15 21:57:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.10.15 21:57:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.10.15 21:57:38 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3041.37012__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.10.15 21:57:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3041.36994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.10.15 21:57:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3041.36994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.10.15 21:57:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.10.15 21:57:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3041.37304__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.10.15 21:57:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.10.15 21:57:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.10.15 21:57:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3041.36990__90ba9c70f846762e\APM.Server.dll
MOD - [2008.10.15 21:57:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3041.36992__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.10.15 21:57:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.04.30 00:00:25 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.11.13 00:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTran.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014.05.27 15:40:03 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.05.27 15:38:34 | 001,039,440 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2014.05.27 15:38:07 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.07.07 10:37:00 | 000,147,456 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe -- (SafeRemove)
SRV - [2008.03.18 22:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014.05.27 15:38:07 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014.05.27 15:38:06 | 000,093,528 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.12.05 20:03:29 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.23 21:15:54 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.06.03 16:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008.05.27 07:55:53 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.05.02 15:59:39 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.30 02:33:47 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.28 11:26:41 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008.04.06 03:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.03.21 22:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.16 02:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.10.02 00:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.03 14:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 20:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006.12.15 01:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_deDE303
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.09 19:10:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.09 19:10:39 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C4EEE84-7206-4FEE-ADF7-05BAEDC9F570}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F7B7A84-81F6-441F-8EBA-09BBDA1F1F7D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{810377f6-3d9d-4154-ae1f-14d4175e6d13}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEC1F982-8FAD-49D3-8359-0B86F357B2A9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.06.02 17:31:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\egon\Desktop\OTL.exe
[2014.06.01 14:04:44 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.06.01 14:04:01 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.06.01 14:04:01 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.06.01 14:04:01 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.06.01 14:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware 
[2014.06.01 14:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.06.01 14:03:14 | 017,292,760 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\egon\Desktop\mbam-setup-2.0.2.1012.exe
[2014.06.01 13:53:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.06.01 13:52:14 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\egon\Desktop\JRT.exe
[2014.06.01 13:42:10 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.06.01 13:41:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.06.01 12:58:16 | 000,000,000 | ---D | C] -- C:\Users\egon\Desktop\FRST-OlderVersion
[2014.06.01 12:50:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.05.31 21:31:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014.05.31 19:24:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.05.31 19:24:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.05.31 19:24:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.05.31 19:24:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.05.31 19:22:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.05.31 19:22:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014.05.31 19:22:03 | 005,203,398 | R--- | C] (Swearware) -- C:\Users\egon\Desktop\ComboFix.exe
[2014.05.31 18:35:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014.05.31 14:34:48 | 000,000,000 | ---D | C] -- C:\FRST
[2014.05.31 14:33:38 | 001,057,792 | ---- | C] (Farbar) -- C:\Users\egon\Desktop\FRST.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014.06.02 17:31:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\egon\Desktop\OTL.exe
[2014.06.02 17:27:11 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B5651F0E-2EE9-4B34-8DEB-ED7D2B7F25BD}.job
[2014.06.02 17:26:06 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2014.06.02 17:25:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.06.02 17:25:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.02 17:25:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.02 17:25:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.01 16:15:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.06.01 14:30:34 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.06.01 14:04:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.06.01 14:03:14 | 017,292,760 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\egon\Desktop\mbam-setup-2.0.2.1012.exe
[2014.06.01 13:52:18 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\egon\Desktop\JRT.exe
[2014.06.01 13:50:16 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014.06.01 13:50:16 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.06.01 13:50:16 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014.06.01 13:50:16 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.06.01 13:39:15 | 001,327,971 | ---- | M] () -- C:\Users\egon\Desktop\adwcleaner_3.211.exe
[2014.06.01 12:58:15 | 001,057,792 | ---- | M] (Farbar) -- C:\Users\egon\Desktop\FRST.exe
[2014.05.31 19:22:24 | 005,203,398 | R--- | M] (Swearware) -- C:\Users\egon\Desktop\ComboFix.exe
[2014.05.31 19:01:01 | 000,002,631 | ---- | M] () -- C:\Users\egon\Desktop\Microsoft Office Word 2007.lnk
[2014.05.31 18:35:21 | 291,155,312 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.05.31 15:50:47 | 000,380,416 | ---- | M] () -- C:\Users\egon\Desktop\fz6jr33b.exe
[2014.05.31 14:31:10 | 000,000,000 | ---- | M] () -- C:\Users\egon\defogger_reenable
[2014.05.31 14:29:54 | 000,050,477 | ---- | M] () -- C:\Users\egon\Desktop\Defogger.exe
[2014.05.31 14:26:40 | 000,002,735 | ---- | M] () -- C:\Users\egon\Desktop\Microsoft Office Outlook 2007.lnk
[2014.05.27 15:38:07 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2014.05.27 15:38:06 | 000,093,528 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2014.05.26 10:44:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014.05.20 20:03:32 | 000,012,350 | ---- | M] () -- C:\Users\egon\Desktop\Volksmusik Musik Radio Webradio Internetradio Netradio.url
[2014.05.12 07:26:04 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.05.12 07:25:58 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.05.12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.05.08 20:17:44 | 000,000,162 | ---- | M] () -- C:\Users\egon\Desktop\eBay Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr – alles zu günstigen Preisen.url
 
========== Files Created - No Company Name ==========
 
[2014.06.01 14:04:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.06.01 13:39:03 | 001,327,971 | ---- | C] () -- C:\Users\egon\Desktop\adwcleaner_3.211.exe
[2014.05.31 19:24:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.05.31 19:24:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.05.31 19:24:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.05.31 19:24:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.05.31 19:24:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.05.31 18:35:21 | 291,155,312 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.05.31 15:50:46 | 000,380,416 | ---- | C] () -- C:\Users\egon\Desktop\fz6jr33b.exe
[2014.05.31 14:31:10 | 000,000,000 | ---- | C] () -- C:\Users\egon\defogger_reenable
[2014.05.31 14:29:54 | 000,050,477 | ---- | C] () -- C:\Users\egon\Desktop\Defogger.exe
[2014.05.30 19:29:31 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009.06.03 18:45:45 | 000,000,680 | ---- | C] () -- C:\Users\egon\AppData\Local\d3d9caps.dat
[2009.03.22 20:40:05 | 000,000,299 | ---- | C] () -- C:\Users\egon\egon - Verknüpfung.lnk
[2008.11.23 16:54:46 | 000,000,092 | ---- | C] () -- C:\Users\egon\AppData\Local\fusioncache.dat
[2008.11.14 17:39:42 | 000,008,192 | ---- | C] () -- C:\Users\egon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 15:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.12.15 16:55:37 | 000,000,000 | ---D | M] -- C:\Users\egon\AppData\Roaming\IPACS
[2014.05.30 18:56:35 | 000,000,000 | ---D | M] -- C:\Users\egon\AppData\Roaming\IrfanView
[2008.12.22 20:23:54 | 000,000,000 | ---D | M] -- C:\Users\egon\AppData\Roaming\PeerNetworking
[2008.11.23 16:50:21 | 000,000,000 | ---D | M] -- C:\Users\egon\AppData\Roaming\T-Online
[2012.08.02 21:44:37 | 000,000,000 | ---D | M] -- C:\Users\egon\AppData\Roaming\TeamViewer
[2011.06.19 21:09:46 | 000,000,000 | ---D | M] -- C:\Users\egon\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 0
"ProviderFileName0" = unimdm.tsp -- [2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{810377F6-3D9D-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{810377F6-3D9D-4154 [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"OtherDomains" =  [binary data]
"RequireSecuritySignature" = 0
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2009.06.10 13:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdx [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 90 D0 00 00 00 DC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 A0 00 07 00 00 00 00 02 18 00 8D 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"LocalService" = nsilltdsvcSSDPSRVupnphostSCard [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = hidservUxSmsWdiSystemHostNetman [Binary data over 200 bytes]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"LocalServiceNoNetwork" = PLADPSBFEmpssvcehstart [binary data]
"NetworkService" = CryptSvcDHCPTermServiceKtmRmDN [Binary data over 200 bytes]
"termsvcs" = TermService [binary data]
"WerSvcGroup" = wersvc [binary data] -- [2009.04.11 08:28:25 | 000,126,976 | ---- | M] (Microsoft Corporation)
"netsvcs" = AeLookupSvcwercplsupportThemesC [Binary data over 200 bytes]
"swprv" = swprv [binary data] -- [2009.04.11 08:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvLmHostswsc [Binary data over 200 bytes]
"rpcss" = RpcSs [binary data] -- [2009.04.11 08:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"regsvc" = RemoteRegistry [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2006.11.02 11:46:13 | 000,032,256 | ---- | M] (Microsoft Corporation)
"DcomLaunch" = PlugPlayDcomLaunch [binary data]
"wdisvc" = WdiServiceHost [binary data]
"sdrsvc" = sdrsvc [binary data] -- [2008.01.21 04:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"secsvcs" = WinDefend [binary data]
"HPZ12" = Pml Driver HPZ12Net Driver HPZ12 [binary data]
"hpdevmgmt" = hpqcxs08hpqddsvc [binary data]
"HPService" = HPSLPSVC [binary data]
"GPSvcGroup" = GPSvc [binary data] -- [2009.04.11 08:28:19 | 000,576,512 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\GPSvcGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\UpdateClient]
 
< %SystemRoot%\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< C:\Windows\system32\*.dll /900 >
[2013.06.04 03:49:59 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2013.06.04 06:16:35 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2013.08.01 04:49:15 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll
[2013.04.24 06:00:24 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll
[2013.07.04 06:21:15 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\comctl32.dll
[2014.02.23 12:44:41 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\corpol.dll
[2013.10.03 14:45:45 | 000,993,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2013.07.08 06:16:55 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2013.07.08 06:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.03.09 05:45:04 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll
[2012.11.02 12:18:17 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.10.11 04:07:57 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FWPUCLNT.DLL
[2013.10.03 14:45:50 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gdi32.dll
[2013.06.15 15:22:11 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icaapi.dll
[2014.02.23 12:46:28 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2014.02.23 12:46:36 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2014.02.23 12:46:37 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2014.02.23 12:46:37 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2014.02.23 12:46:38 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2014.02.23 12:46:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2014.02.23 12:46:38 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2014.02.23 12:46:38 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2013.10.11 04:08:02 | 000,444,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IKEEXT.DLL
[2013.10.22 09:19:59 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2014.02.23 12:47:04 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2014.02.06 03:56:54 | 000,894,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2014.02.23 12:47:19 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2012.05.11 17:57:00 | 000,623,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll
[2014.02.23 12:48:06 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2014.02.23 12:48:06 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2014.05.05 21:31:46 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2014.05.05 21:31:46 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2014.02.23 12:48:38 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstime.dll
[2013.03.08 05:52:22 | 002,067,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2013.12.05 04:12:37 | 001,248,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.02 12:19:34 | 001,400,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.11.20 06:22:50 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.06.29 18:01:42 | 000,467,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2013.07.09 14:10:36 | 001,205,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2014.02.23 12:50:42 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2013.07.20 12:44:53 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
[2013.05.02 06:03:42 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\printcom.dll
[2014.02.03 12:37:54 | 000,505,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll
[2012.11.08 05:48:38 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012.01.09 17:54:08 | 000,613,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpencom.dll
[2013.07.10 11:47:00 | 000,783,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rpcrt4.dll
[2012.06.02 02:04:25 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2013.10.11 04:08:35 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scrrun.dll
[2014.03.25 15:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.09.25 18:19:41 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2013.10.30 04:12:54 | 000,335,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SysFxUI.dll
[2013.07.16 06:35:16 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\themeui.dll
[2013.11.13 02:30:19 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2014.02.23 12:52:43 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2014.02.23 12:52:43 | 001,213,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2013.12.22 17:42:15 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2013.06.27 01:01:59 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll
[2014.01.30 09:46:58 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wer.dll
[2013.05.02 06:04:25 | 000,443,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2014.02.23 12:53:03 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2013.03.08 05:53:50 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll
[2013.07.08 06:20:04 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2013.10.30 04:13:01 | 001,304,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMALFXGFXDSP.dll
[2012.02.29 17:11:45 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2013.08.02 06:09:35 | 001,548,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL
[2013.10.11 04:08:55 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wshcon.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll
[2012.06.03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.11.14 17:21:23 | 000,000,416 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B5651F0E-2EE9-4B34-8DEB-ED7D2B7F25BD}.job
[2009.03.24 18:29:55 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2009.12.19 14:18:51 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.12.19 14:18:53 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
<           >
 
========== Files - Unicode (All) ==========
[2013.11.20 21:07:25 | 105,397,131 | ---- | M] ()(C:\Windows\System32\???µ) -- C:\Windows\System32\橢᭄µ
[2013.11.20 21:07:25 | 105,397,131 | ---- | C] ()(C:\Windows\System32\???µ) -- C:\Windows\System32\橢᭄µ

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 02.06.2014 17:33:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\egon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 57,56% Memory free
6,69 Gb Paging File | 5,33 Gb Available in Paging File | 79,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 66,01 Gb Free Space | 56,69% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 94,75 Gb Free Space | 88,82% Space Free | Partition Type: NTFS
 
Computer Name: EGON-PC | User Name: egon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0087E1F2-742C-45E4-BC7A-5E87197FA35E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0E399B16-0058-4E80-8E7D-3C47A5A912BF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1091A15B-E37E-4D8B-93A0-DABD2F9DC98D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1290F727-9AA4-4854-BE8E-965C6E3CF720}" = rport=139 | protocol=6 | dir=out | app=system | 
"{20F2AC10-4E85-4C06-B5AF-833310E287F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2614B6A0-4398-465A-87FB-F433AF557C24}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{3608423F-E082-4DE4-A79D-FE0D4B452A3A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4E432C43-4478-47DD-ADAE-B77B86B7F130}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{60044C15-0128-4170-9C77-7C5BD12706C7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{66C9A071-7A17-474C-A21F-CB3E02BC26FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{706A8232-72F0-411C-B5BD-4686FFAED53A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8DCAF7BE-17DE-4A51-B787-670B55A05275}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{93A5C826-FC06-4ED9-8853-2500498E011B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9A698CDF-703E-4997-855E-6B31F787BDF3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9D8ECD8F-D368-43BE-B309-2A0F77CF5F9E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ACDBAFE9-7A76-4DED-AFE9-24ECE33CF037}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E1BBDB78-757D-425F-A860-4417CEE08EDF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F0B8280D-9914-46ED-A2DF-C7C87E5B0392}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F6D4B5AB-4E77-4C4B-B515-7059D6D62C2F}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037FC813-573F-4200-B500-77E761DD8BA9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{0D1A6DFB-9B3D-497D-ACEE-007DC9726E35}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1B9D2484-DA58-4268-B446-4E2609580283}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{35E8F9D4-7AF2-4D4B-BC9B-EFF2E7C6F51B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{48B67ECA-B645-4954-BF8E-1A45BA5D00B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{503E7C3A-69CA-47F1-942D-D7244FD1E219}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{504C8E3C-B577-4BAD-887A-D349FEE54677}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{51DF6F7A-C631-41B5-974F-FC1AF82F2F82}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{68DD589B-DD5E-42A8-AC4D-C0FF2D858BD2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{6A9412DA-2BD3-4EB4-AE60-B64A32F9E522}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{6AFAE7DB-CCEF-4C97-81FB-5B4D531874DB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{77BB4D98-F61E-492F-AC4C-B234C447CC2D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{7E5CB02D-0E49-4727-8029-462EBFAA2F29}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{85DE7BB2-B3D2-4812-88EC-E309532720CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{89FC9D75-9E6D-4E99-8AA6-54551B24208F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{B1AF81FD-E11C-423C-9801-93A7C13FD30C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{B9944006-A556-4BF8-B5AA-050E4AD64A32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C91B4D9C-3437-4B5A-AAC2-D6E4A7FE55A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{E23B7407-9652-4BFC-87B8-6EF090F3FECA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E2A52534-D18F-4BDB-A675-E507D46A66AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{E7325DDB-6D5B-4FBB-83F5-98A9FD540976}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{F9F37EA8-A87C-46D8-9060-5341668CE615}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FD3F6ECD-BA3E-4986-89A4-A90D2A06D72D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"TCP Query User{27210DC0-CC88-404F-9405-D92C25675AC1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{3A680663-4F7B-499E-BA12-E17DE5EF283A}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{44B8EDD7-E7D1-4696-B48A-BEB243CA45B0}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{55E95025-E77F-4109-B8BB-4FC3A7BDED78}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{CA41DDFC-F168-4F61-AF6F-653028301AD6}C:\program files\t-online\t-online_software_6\internet-telefon\phone.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\internet-telefon\phone.exe | 
"TCP Query User{FE45F499-9686-4CBF-AF7E-C91ED7442888}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{0BCB2D8C-DF9E-4816-9F1A-BF3D9C31DA25}C:\program files\t-online\t-online_software_6\internet-telefon\phone.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\internet-telefon\phone.exe | 
"UDP Query User{14E386E7-ED72-4E7A-B42E-3911D92AA382}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{89BF8C1A-1144-4839-A51F-E2695CFFA987}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{B4E4263C-CF08-45A3-8668-FAB2E811B88F}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{C9D5E107-6930-4DCF-8374-D89D087EFE08}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{EF3654BF-1A3B-4F09-8F89-24424345C3FD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046B61A-99CA-3860-AF60-70B50C9A67AA}" = Catalyst Control Center Localization Spanish
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03ECA42B-5AF3-AFE7-7AC2-DD8465A39FE5}" = ATI Catalyst Install Manager
"{08F27D43-7DCD-D56E-23E4-E3B513A503ED}" = CCC Help Spanish
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F97342A-56FA-4E9B-9F58-87DBD9DE9D9A}" = Safely Remove Disk Drive
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{124CCA05-99DD-8507-EF84-5F3C11C9BA92}" = CCC Help Finnish
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15D30554-5656-3121-0D49-82141BF7801B}" = CCC Help Swedish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18C4DFD3-96FB-6541-FF28-23AD2819EEAE}" = Catalyst Control Center Localization Hungarian
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D91B2F4-A6CA-A905-7FB8-6D0C895D612D}" = Catalyst Control Center Localization Dutch
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA4A5A0-410F-1322-5BCD-06E6CE80727A}" = Catalyst Control Center Localization Greek
"{21742DEC-F8EA-857D-42F5-9157C76FABE2}" = Catalyst Control Center Localization Portuguese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25300827-38B1-37A1-2BDE-15B2B52F0D30}" = CCC Help Russian
"{25D14314-61B6-D952-CFBF-6B327B12042F}" = CCC Help Japanese
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2992709C-9BB2-6324-7F37-A9CC507A59A1}" = CCC Help Czech
"{2BD7024F-A801-7445-AD31-FE1EFC461A10}" = Catalyst Control Center Localization Italian
"{2DB2AB2A-F023-1409-0801-87EE21AFDA77}" = CCC Help Thai
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DF88F1C-131F-DF4E-E6B3-34E1035EDB47}" = Catalyst Control Center Graphics Full Existing
"{40171099-D967-66A1-D6A3-6D9D8469684A}" = Skins
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A7B4836-484A-3D1B-BB5C-853279A85360}" = CCC Help German
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{571CAC49-4871-7002-24E4-89A778BAC559}" = Catalyst Control Center Localization Polish
"{577D78F6-334E-5838-1C29-B0C7339ADB77}" = Catalyst Control Center Localization Norwegian
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D8BD889-902F-39A0-BDBB-1490447715B6}" = Catalyst Control Center Localization Turkish
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{689DA2FE-27E1-70EF-9CA4-FA7A8FA09D92}" = Catalyst Control Center Localization Danish
"{69A21F70-D6E6-9A06-3BBD-F52C742DD328}" = Catalyst Control Center Localization German
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77729170-2DA2-CC9E-C277-1AD315D02F4C}" = ccc-utility
"{7BD103AB-4485-3B04-15F3-3D384CA60AEF}" = CCC Help Hungarian
"{7E540935-7BB3-07E1-869E-43BD44CB7691}" = Catalyst Control Center Localization Swedish
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8374C65A-02AD-2759-AD30-0FE14E14DC29}" = CCC Help Norwegian
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85D7624E-77A3-BEA5-4AF1-23782515B67F}" = CCC Help Italian
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88B3635E-519A-4653-645F-E03F29A2A09B}" = Catalyst Control Center Localization Chinese Traditional
"{890FE9F5-4737-5D3F-81EE-2B3D2C7D1F04}" = Catalyst Control Center Graphics Full New
"{8F271824-10F8-3468-4729-999B19CA9B37}" = Catalyst Control Center Localization Finnish
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{8F998E51-91FD-9B45-49A5-D8962F00E909}" = Catalyst Control Center Graphics Previews Vista
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC428C6-B8C9-7776-FC00-A2DD404FDC00}" = CCC Help French
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B30642B6-E4A9-5DC6-B43C-C1032CD96120}" = ccc-core-static
"{B5B270F6-B49B-8BC7-3C3E-5F993F9AD00A}" = CCC Help Danish
"{BA413CE2-A6F0-3902-724B-D4632E00331E}" = Catalyst Control Center Localization Czech
"{BCB5E9F1-ACA0-7040-ED3B-BF7D5B00B154}" = CCC Help Turkish
"{BD77C639-3C98-F8DD-36E3-8C7E97CCF29C}" = Catalyst Control Center Localization Russian
"{C7635E53-7E9A-9B54-BD7D-6CF6A010CF48}" = Catalyst Control Center Graphics Light
"{CA696301-6211-263B-9BC4-DAE570CCFEA0}" = CCC Help Chinese Standard
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF271CB2-F047-9A43-EB2D-5B88DFD204F9}" = Catalyst Control Center Localization French
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D3890615-AA15-F9CE-F829-D826F945748B}" = CCC Help English
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA736F25-C022-D7CB-6807-BD9E46025572}" = CCC Help Greek
"{DBB981F7-86E5-A9ED-FB52-0F566D00C0FD}" = CCC Help Polish
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center
"{DE77A851-54AB-9BB1-7446-4B2700CF3663}" = CCC Help Chinese Traditional
"{E08E9665-50D7-9EA6-A075-5CDD61A7C1DC}" = Catalyst Control Center Localization Japanese
"{E0C0D19E-A52A-E11F-F3CD-298E87DBC8B4}" = Catalyst Control Center Core Implementation
"{E3E6609F-1BC2-81B1-A9CB-342A1ECCC49C}" = CCC Help Dutch
"{E569FBDC-4392-DBE7-D97B-4A0F2E02BEA9}" = Catalyst Control Center Localization Chinese Standard
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E65C36C1-0015-DF24-609A-449BB1AEF6CE}" = Catalyst Control Center Localization Thai
"{E69544F1-7EC4-731C-C61D-C679F30886E2}" = Catalyst Control Center Localization Korean
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EDE6D0A4-7AC5-5E23-B7D4-B2B3B9F03A4A}" = CCC Help Korean
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F63BD394-8EFB-5C98-4997-F49907FF9E1F}" = CCC Help Portuguese
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"BASICR" = Microsoft Office Basic 2007
"Google Updater" = Google Updater
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{0F97342A-56FA-4E9B-9F58-87DBD9DE9D9A}" = Safely Remove Disk Drive
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09696666-CB70-4056-A504-D916D92933E2}" = easyFly 4
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2014 08:27:15 | Computer Name = egon-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.06.2014 11:26:50 | Computer Name = egon-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 17.03.2012 12:46:28 | Computer Name = egon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 50
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.04.2012 13:59:18 | Computer Name = egon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.11.2013 15:31:48 | Computer Name = egon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.03.2014 14:27:12 | Computer Name = egon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1439
 seconds with 660 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.06.2014 08:31:51 | Computer Name = egon-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 01.06.2014 08:37:56 | Computer Name = egon-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 02.06.2014 11:25:25 | Computer Name = egon-PC | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description = 
 
Error - 02.06.2014 11:26:27 | Computer Name = egon-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 02.06.2014 11:26:50 | Computer Name = egon-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 02.06.2014 11:26:50 | Computer Name = egon-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 02.06.2014 11:27:32 | Computer Name = egon-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 02.06.2014 11:27:36 | Computer Name = egon-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 02.06.2014 11:28:31 | Computer Name = egon-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 02.06.2014 11:29:26 | Computer Name = egon-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         

Alt 02.06.2014, 19:42   #10
M-K-D-B
/// TB-Ausbilder
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache]
"DisplayName"="@%SystemRoot%\\System32\\dnsapi.dll,-101"
"Group"="TDI"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
  00,69,00,63,00,65,00,00,00
"Description"="@%SystemRoot%\\System32\\dnsapi.dll,-102"
"ObjectName"="NT AUTHORITY\\NetworkService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):54,00,64,00,78,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,\
  00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
  00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security"=hex:01,00,14,90,d0,00,00,00,dc,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,a0,00,07,00,00,00,00,02,18,00,8d,00,02,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,21,02,00,00,00,02,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,20,02,00,00,00,02,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,\
  00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,02,\
  14,00,8d,00,02,00,01,01,00,00,00,00,00,05,14,00,00,00,00,02,14,00,8d,00,02,\
  00,01,01,00,00,00,00,00,05,13,00,00,00,00,02,18,00,cd,00,02,00,01,02,00,00,\
  00,00,00,05,20,00,00,00,2c,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation]
"DisplayName"="@%systemroot%\\system32\\wkssvc.dll,-100"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
  00,65,00,00,00
"Description"="@%systemroot%\\system32\\wkssvc.dll,-101"
"ObjectName"="NT AUTHORITY\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):42,00,6f,00,77,00,73,00,65,00,72,00,00,00,4d,00,52,00,\
  78,00,53,00,6d,00,62,00,31,00,30,00,00,00,4d,00,52,00,78,00,53,00,6d,00,62,\
  00,32,00,30,00,00,00,4e,00,53,00,49,00,00,00,00,00
"ServiceSidType"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,\
  00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,39,00,33,00,37,00,\
  44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,\
  00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,\
  37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,\
  00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,\
  70,00,36,00,5f,00,7b,00,36,00,42,00,35,00,46,00,37,00,36,00,36,00,39,00,2d,\
  00,30,00,44,00,36,00,37,00,2d,00,34,00,34,00,45,00,41,00,2d,00,42,00,44,00,\
  46,00,31,00,2d,00,45,00,45,00,44,00,38,00,32,00,46,00,33,00,31,00,32,00,35,\
  00,43,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
  53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,46,\
  00,42,00,32,00,34,00,36,00,44,00,44,00,34,00,2d,00,42,00,32,00,34,00,34,00,\
  2d,00,34,00,44,00,37,00,30,00,2d,00,41,00,30,00,33,00,42,00,2d,00,45,00,31,\
  00,30,00,34,00,31,00,41,00,30,00,34,00,44,00,31,00,30,00,39,00,7d,00,00,00,\
  5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,\
  00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,\
  38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,\
  00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,\
  31,00,35,00,39,00,39,00,31,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
  00,63,00,65,00,5c,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,\
  62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,\
  00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,39,00,\
  33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,\
  00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,\
  30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,00,00,5c,00,44,\
  00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,\
  54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,36,00,42,00,35,00,46,00,37,\
  00,36,00,36,00,39,00,2d,00,30,00,44,00,36,00,37,00,2d,00,34,00,34,00,45,00,\
  41,00,2d,00,42,00,44,00,46,00,31,00,2d,00,45,00,45,00,44,00,38,00,32,00,46,\
  00,33,00,31,00,32,00,35,00,43,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
  69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,\
  00,69,00,70,00,36,00,5f,00,7b,00,46,00,42,00,32,00,34,00,36,00,44,00,44,00,\
  34,00,2d,00,42,00,32,00,34,00,34,00,2d,00,34,00,44,00,37,00,30,00,2d,00,41,\
  00,30,00,33,00,42,00,2d,00,45,00,31,00,30,00,34,00,31,00,41,00,30,00,34,00,\
  44,00,31,00,30,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,\
  00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,\
  36,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,\
  00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,\
  31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,\
  00,42,00,7d,00,00,00,00,00
"Route"=hex(7):22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,\
  00,70,00,22,00,20,00,22,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,\
  34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,\
  00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,\
  39,00,39,00,31,00,42,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,\
  00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,36,00,\
  42,00,35,00,46,00,37,00,36,00,36,00,39,00,2d,00,30,00,44,00,36,00,37,00,2d,\
  00,34,00,34,00,45,00,41,00,2d,00,42,00,44,00,46,00,31,00,2d,00,45,00,45,00,\
  44,00,38,00,32,00,46,00,33,00,31,00,32,00,35,00,43,00,39,00,7d,00,22,00,00,\
  00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,\
  36,00,22,00,20,00,22,00,7b,00,46,00,42,00,32,00,34,00,36,00,44,00,44,00,34,\
  00,2d,00,42,00,32,00,34,00,34,00,2d,00,34,00,44,00,37,00,30,00,2d,00,41,00,\
  30,00,33,00,42,00,2d,00,45,00,31,00,30,00,34,00,31,00,41,00,30,00,34,00,44,\
  00,31,00,30,00,39,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,\
  22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,34,00,39,\
  00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,\
  34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,\
  00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,22,00,00,00,\
  22,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,22,00,00,\
  00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,\
  69,00,70,00,22,00,20,00,22,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,\
  00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,\
  42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,\
  00,39,00,39,00,31,00,42,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,\
  54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,\
  00,7b,00,36,00,42,00,35,00,46,00,37,00,36,00,36,00,39,00,2d,00,30,00,44,00,\
  36,00,37,00,2d,00,34,00,34,00,45,00,41,00,2d,00,42,00,44,00,46,00,31,00,2d,\
  00,45,00,45,00,44,00,38,00,32,00,46,00,33,00,31,00,32,00,35,00,43,00,39,00,\
  7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,\
  00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,46,00,42,00,32,00,\
  34,00,36,00,44,00,44,00,34,00,2d,00,42,00,32,00,34,00,34,00,2d,00,34,00,44,\
  00,37,00,30,00,2d,00,41,00,30,00,33,00,42,00,2d,00,45,00,31,00,30,00,34,00,\
  31,00,41,00,30,00,34,00,44,00,31,00,30,00,39,00,7d,00,22,00,00,00,22,00,4e,\
  00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,\
  36,00,22,00,20,00,22,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,\
  00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,\
  46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,\
  00,39,00,31,00,42,00,7d,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,\
  00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,\
  6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,\
  00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,\
  38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,\
  00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,\
  7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,\
  00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,\
  6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,\
  00,5f,00,7b,00,36,00,42,00,35,00,46,00,37,00,36,00,36,00,39,00,2d,00,30,00,\
  44,00,36,00,37,00,2d,00,34,00,34,00,45,00,41,00,2d,00,42,00,44,00,46,00,31,\
  00,2d,00,45,00,45,00,44,00,38,00,32,00,46,00,33,00,31,00,32,00,35,00,43,00,\
  39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,\
  00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
  69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,\
  00,36,00,5f,00,7b,00,46,00,42,00,32,00,34,00,36,00,44,00,44,00,34,00,2d,00,\
  42,00,32,00,34,00,34,00,2d,00,34,00,44,00,37,00,30,00,2d,00,41,00,30,00,33,\
  00,42,00,2d,00,45,00,31,00,30,00,34,00,31,00,41,00,30,00,34,00,44,00,31,00,\
  30,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,\
  00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,\
  74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,\
  00,70,00,36,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,\
  2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,\
  00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,\
  39,00,31,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
  00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,\
  61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,\
  00,53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
  4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,\
  00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,\
  63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,\
  00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,\
  42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,\
  00,39,00,39,00,31,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
  65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,\
  00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,\
  5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,36,00,42,00,35,00,46,\
  00,37,00,36,00,36,00,39,00,2d,00,30,00,44,00,36,00,37,00,2d,00,34,00,34,00,\
  45,00,41,00,2d,00,42,00,44,00,46,00,31,00,2d,00,45,00,45,00,44,00,38,00,32,\
  00,46,00,33,00,31,00,32,00,35,00,43,00,39,00,7d,00,00,00,5c,00,44,00,65,00,\
  76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,\
  00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,\
  74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,46,\
  00,42,00,32,00,34,00,36,00,44,00,44,00,34,00,2d,00,42,00,32,00,34,00,34,00,\
  2d,00,34,00,44,00,37,00,30,00,2d,00,41,00,30,00,33,00,42,00,2d,00,45,00,31,\
  00,30,00,34,00,31,00,41,00,30,00,34,00,44,00,31,00,30,00,39,00,7d,00,00,00,\
  5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,\
  00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,\
  5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,\
  00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,\
  41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,\
  00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,\
  42,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider]
"DeviceName"="\\Device\\LanmanRedirector"
"Name"="Microsoft Windows Network"
"DisplayName"=hex(2):40,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
  00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
  5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
  00,31,00,30,00,32,00,00,00
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  6e,00,74,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\
  00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"EnablePlainTextPassword"=dword:00000000
"EnableSecuritySignature"=dword:00000001
"RequireSecuritySignature"=dword:00000000
"OtherDomains"=hex(7):00,00

:Commands
[reboot]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 02.06.2014, 20:21   #11
thomasN
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Code:
ATTFilter
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service-Installer-Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"DisplayName"|"@%SystemRoot%\\System32\\dnsapi.dll,-101" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"Group"|"TDI" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"Description"|"@%SystemRoot%\\System32\\dnsapi.dll,-102" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"ObjectName"|"NT AUTHORITY\\NetworkService" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"DependOnService"|hex(7):54,00,64,00,78,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"ServiceSidType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"RequiredPrivileges"|hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security\\"Security"|hex:01,00,14,90,d0,00,00,00,dc,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,a0,00,07,00,00,00,00,02,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,00,02,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,02,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,02,14,00,8d,00,02,00,01,01,00,00,00,00,00,05,14,00,00,00,00,02,14,00,8d,00,02,00,01,01,00,00,00,00,00,05,13,00,00,00,00,02,18,00,cd,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"DisplayName"|"@%systemroot%\\system32\\wkssvc.dll,-100" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Group"|"NetworkProvider" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Description"|"@%systemroot%\\system32\\wkssvc.dll,-101" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ObjectName"|"NT AUTHORITY\\LocalService" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"DependOnService"|hex(7):42,00,6f,00,77,00,73,00,65,00,72,00,00,00,4d,00,52,00,78,00,53,00,6d,00,62,00,31,00,30,00,00,00,4d,00,52,00,78,00,53,00,6d,00,62,00,32,00,30,00,00,00,4e,00,53,00,49,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ServiceSidType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage\\"Bind"|hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,36,00,42,00,35,00,46,00,37,00,36,00,36,00,39,00,2d,00,30,00,44,00,36,00,37,00,2d,00,34,00,34,00,45,00,41,00,2d,00,42,00,44,00,46,00,31,00,2d,00,45,00,45,00,44,00,38,00,32,00,46,00,33,00,31,00,32,00,35,00,43,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,46,00,42,00,32,00,34,00,36,00,44,00,44,00,34,00,2d,00,42,00,32,00,34,00,34,00,2d,00,34,00,44,00,37,00,30,00,2d,00,41,00,30,00,33,00,42,00,2d,00,45,00,31,00,30,00,34,00,31,00,41,00,30,00,34,00,44,00,31,00,30,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,36,00,42,00,35,00,46,00,37,00,36,00,36,00,39,00,2d,00,30,00,44,00,36,00,37,00,2d,00,34,00,34,00,45,00,41,00,2d,00,42,00,44,00,46,00,31,00,2d,00,45,00,45,00,44,00,38,00,32,00,46,00,33,00,31,00,32,00,35,00,43,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,46,00,42,00,32,00,34,00,36,00,44,00,44,00,34,00,2d,00,42,00,32,00,34,00,34,00,2d,00,34,00,44,00,37,00,30,00,2d,00,41,00,30,00,33,00,42,00,2d,00,45,00,31,00,30,00,34,00,31,00,41,00,30,00,34,00,44,00,31,00,30,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage\\"Route"|hex(7):22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,36,00,42,00,35,00,46,00,37,00,36,00,36,00,39,00,2d,00,30,00,44,00,36,00,37,00,2d,00,34,00,34,00,45,00,41,00,2d,00,42,00,44,00,46,00,31,00,2d,00,45,00,45,00,44,00,38,00,32,00,46,00,33,00,31,00,32,00,35,00,43,00,39,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,46,00,42,00,32,00,34,00,36,00,44,00,44,00,34,00,2d,00,42,00,32,00,34,00,34,00,2d,00,34,00,44,00,37,00,30,00,2d,00,41,00,30,00,33,00,42,00,2d,00,45,00,31,00,30,00,34,00,31,00,41,00,30,00,34,00,44,00,31,00,30,00,39,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,36,00,42,00,35,00,46,00,37,00,36,00,36,00,39,00,2d,00,30,00,44,00,36,00,37,00,2d,00,34,00,34,00,45,00,41,00,2d,00,42,00,44,00,46,00,31,00,2d,00,45,00,45,00,44,00,38,00,32,00,46,00,33,00,31,00,32,00,35,00,43,00,39,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,46,00,42,00,32,00,34,00,36,00,44,00,44,00,34,00,2d,00,42,00,32,00,34,00,34,00,2d,00,34,00,44,00,37,00,30,00,2d,00,41,00,30,00,33,00,42,00,2d,00,45,00,31,00,30,00,34,00,31,00,41,00,30,00,34,00,44,00,31,00,30,00,39,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,22,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage\\"Export"|hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,36,00,42,00,35,00,46,00,37,00,36,00,36,00,39,00,2d,00,30,00,44,00,36,00,37,00,2d,00,34,00,34,00,45,00,41,00,2d,00,42,00,44,00,46,00,31,00,2d,00,45,00,45,00,44,00,38,00,32,00,46,00,33,00,31,00,32,00,35,00,43,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,46,00,42,00,32,00,34,00,36,00,44,00,44,00,34,00,2d,00,42,00,32,00,34,00,34,00,2d,00,34,00,44,00,37,00,30,00,2d,00,41,00,30,00,33,00,42,00,2d,00,45,00,31,00,30,00,34,00,31,00,41,00,30,00,34,00,44,00,31,00,30,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,36,00,42,00,35,00,46,00,37,00,36,00,36,00,39,00,2d,00,30,00,44,00,36,00,37,00,2d,00,34,00,34,00,45,00,41,00,2d,00,42,00,44,00,46,00,31,00,2d,00,45,00,45,00,44,00,38,00,32,00,46,00,33,00,31,00,32,00,35,00,43,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,46,00,42,00,32,00,34,00,36,00,44,00,44,00,34,00,2d,00,42,00,32,00,34,00,34,00,2d,00,34,00,44,00,37,00,30,00,2d,00,41,00,30,00,33,00,42,00,2d,00,45,00,31,00,30,00,34,00,31,00,41,00,30,00,34,00,44,00,31,00,30,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,34,00,39,00,33,00,37,00,44,00,38,00,35,00,34,00,2d,00,38,00,41,00,38,00,37,00,2d,00,34,00,46,00,32,00,36,00,2d,00,42,00,46,00,46,00,31,00,2d,00,37,00,37,00,34,00,30,00,41,00,37,00,31,00,35,00,39,00,39,00,31,00,42,00,7d,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"DeviceName"|"\\Device\\LanmanRedirector" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"Name"|"Microsoft Windows Network" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"DisplayName"|hex(2):40,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,32,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"ProviderPath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"EnablePlainTextPassword"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"EnableSecuritySignature"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"RequireSecuritySignature"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"OtherDomains"|hex(7):00,00 /E : value set successfully!
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 06022014_210932
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by egon at 2014-06-02 21:16:53
Running from C:\Users\egon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
4660_4680_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
ASUS CopyProtect (HKLM\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0006 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.8 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.01 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0005 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0021 - ASUS)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0008 - ASUS)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{03ECA42B-5AF3-AFE7-7AC2-DD8465A39FE5}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0034 - ATK)
ATKOSD2 (HKLM\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0001 - ASUS)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0429.2146.37034 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0429.2146.37034 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Czech (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Danish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Dutch (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help English (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Finnish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help French (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help German (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Greek (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Italian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Japanese (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Korean (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Polish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Russian (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Spanish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Swedish (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Thai (Version: 2008.0429.2145.37034 - ATI) Hidden
CCC Help Turkish (Version: 2008.0429.2145.37034 - ATI) Hidden
ccc-core-static (Version: 2008.0429.2146.37034 - ATI) Hidden
ccc-utility (Version: 2008.0429.2146.37034 - ATI) Hidden
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 11.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dolby Control Center (HKLM\...\{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}) (Version: 1.1.0503 - Dolby)
easyFly 4 (HKCU\...\{09696666-CB70-4056-A504-D916D92933E2}) (Version: 4.0.1.3 - IPACS)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Express Gate (HKLM\...\{27D51A76-371D-48B6-B06E-4137A15B7583}) (Version: 0.8.0.3 - devicevm)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
J4680 (Version: 50.0.165.000 - Ihr Firmenname) Hidden
Lager (Version: 1.0.0.0 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack - deu (Version: 3.5.21022 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Basic 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version:  - )
Network (Version: 110.0.180.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5645 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )
Safely Remove Disk Drive (HKLM\...\InstallShield_{0F97342A-56FA-4E9B-9F58-87DBD9DE9D9A}) (Version: 1.0.1540.3 - AMD)
Safely Remove Disk Drive (Version: 1.0.1540.3 - AMD) Hidden
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Skins (Version: 2008.0429.2146.37034 - ATI) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Suite (Version: 1.00.0000 - CyberLink Corp.) Hidden
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version:  - )
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)

==================== Restore Points  =========================

17-05-2014 19:22:27 Geplanter Prüfpunkt
18-05-2014 20:38:31 Geplanter Prüfpunkt
21-05-2014 18:04:38 Windows Update
26-05-2014 16:24:46 Geplanter Prüfpunkt
27-05-2014 16:16:23 Geplanter Prüfpunkt
30-05-2014 16:12:03 Windows Update
31-05-2014 12:09:15 Removed Avira SearchFree Toolbar plus Web Protection.
31-05-2014 12:16:51 Removed Avira SearchFree Toolbar plus Web Protection.
31-05-2014 17:27:52 Wiederherstellungsvorgang
31-05-2014 18:40:18 Wiederherstellungsvorgang
31-05-2014 18:49:55 Wiederherstellungsvorgang
01-06-2014 10:55:56 Windows Update
02-06-2014 16:41:11 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {12B58683-C5B9-4A41-A27D-DD99299668ED} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - egon => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {350B4B60-6E3D-4DE1-8E63-3B0157FF3E0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-19] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EB8A74D-6CD6-467B-B244-6A647B72A47E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {54A8E72B-9795-4A47-9265-9797A4027845} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-19] (Google Inc.)
Task: {65410507-DAB8-48F8-8ECA-575CF3EA65D2} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {774D5AD6-AB4B-45C6-B4BC-BB282EE77AA1} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2008-06-18] (ASUS)
Task: {9296E7A1-9B23-4FA1-A78B-75FD0FFC79BF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FF8F6342-6737-4B66-9ACF-9C44CE227793} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{B5651F0E-2EE9-4B34-8DEB-ED7D2B7F25BD}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-10-15 22:41 - 2007-05-18 11:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-10-15 22:19 - 2007-10-03 06:53 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-10-15 22:42 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2008-10-15 22:46 - 2007-08-03 21:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-10-15 22:46 - 2007-09-14 19:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-10-15 22:46 - 2003-11-28 11:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-10-15 22:46 - 2005-08-30 00:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-10-15 22:46 - 2003-09-10 01:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-10-15 22:46 - 2006-04-04 19:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-10-15 22:46 - 2005-04-08 04:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2008-04-30 00:00 - 2008-04-30 00:00 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-10-15 22:41 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-10-15 22:41 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2008-02-04 22:29 - 2008-02-04 22:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2008-10-15 22:41 - 2007-08-08 11:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2008-10-15 22:43 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2008-10-15 22:19 - 2008-01-12 07:40 - 00098304 _____ () C:\Program Files\ATK Hotkey\HControlUser.exe
2008-10-15 22:19 - 2007-11-13 00:41 - 00106496 _____ () C:\Program Files\ATK Hotkey\MsgTran.dll
2008-10-15 22:49 - 2008-10-15 22:49 - 00033136 _____ () C:\Windows\ASScrPro.exe
2008-10-15 22:19 - 2004-05-28 03:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-10-15 22:19 - 2007-11-05 04:48 - 00106496 _____ () C:\Program Files\ATK Hotkey\MsgTranAgt.exe
2008-10-15 22:27 - 2007-07-06 01:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-12 01:34 - 2008-07-12 01:34 - 00010240 _____ () C:\Program Files\P4G\DevMng.dll
2008-07-18 05:56 - 2008-07-18 05:56 - 00015360 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-15 22:42 - 2007-03-10 01:16 - 00106496 _____ () C:\Program Files\ATKGFNEX\AGFNEX.dll
2007-07-10 07:48 - 2007-07-10 07:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll
2008-10-15 22:19 - 2007-12-04 19:57 - 02486272 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-10-15 22:19 - 2007-08-15 20:20 - 00106496 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-10-15 22:19 - 2008-01-23 19:51 - 00151552 _____ () C:\Program Files\ATK Hotkey\WDC.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: HP Officejet J4680
Description: HP Officejet J4680
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2014 09:12:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 09:05:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 06:12:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 05:26:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 02:27:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/02/2014 09:15:52 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/02/2014 09:14:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (06/02/2014 09:13:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/02/2014 09:11:04 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402

Error: (06/02/2014 09:08:14 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/02/2014 09:06:09 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: ComputerbrowserLanmanWorkstation

Error: (06/02/2014 09:06:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (06/02/2014 09:06:01 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -Embedding2{73C9DFA0-750D-11E1-B0C4-0800200C9A66}

Error: (06/02/2014 09:05:28 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: ComputerbrowserLanmanWorkstation

Error: (06/02/2014 09:05:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: DNS-Client%%2


Microsoft Office Sessions:
=========================
Error: (03/10/2014 08:27:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1439 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (11/18/2013 09:31:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/19/2012 07:59:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/17/2012 06:46:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 50 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-06-02 21:16:46.847
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 21:16:46.239
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 21:16:45.646
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 21:16:45.069
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 21:16:44.507
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 21:16:43.868
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 21:16:43.290
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 21:16:42.713
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 21:16:41.964
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-02 21:16:41.403
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 3326.2 MB
Available physical RAM: 2253.55 MB
Total Pagefile: 6848.9 MB
Available Pagefile: 5850.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.91 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:65.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:94.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
[/CODE]
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by egon (administrator) on EGON-PC on 02-06-2014 21:16:04
Running from C:\Users\egon\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AMD) C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(AMD) C:\Windows\System32\SafeRemoveDialog.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files\ATK Hotkey\HControlUser.exe
() C:\Windows\ASScrPro.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [7651328 2008-07-15] (ASUS)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6183456 2008-06-13] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [HControlUser] => C:\Program Files\ATK Hotkey\HcontrolUser.exe [98304 2008-01-12] ()
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-10-15] ()
HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\AsScrProlog.exe [47672 2008-10-15] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-99956060-2673457517-1827905997-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-11-28] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-09]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Google-Suche) - C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (Google Mail) - C:\Users\egon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]

========================== Services (Whitelisted) =================

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 SafeRemove; C:\Program Files\AMD\Safely Remove Disk\SafeRemoveService.exe [147456 2008-07-07] (AMD)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()

==================== Drivers (Whitelisted) ====================

R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-05] (Avira Operations GmbH & Co. KG)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-02] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-23] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 21:15 - 2014-06-02 21:09 - 00036398 _____ () C:\Users\egon\Desktop\06022014_210932.log
2014-06-02 21:09 - 2014-06-02 21:09 - 00000000 ____D () C:\_OTL
2014-06-02 17:46 - 2014-06-02 17:46 - 00125566 _____ () C:\Users\egon\Desktop\OTL.Txt
2014-06-02 17:46 - 2014-06-02 17:46 - 00053174 _____ () C:\Users\egon\Desktop\Extras.Txt
2014-06-02 17:31 - 2014-06-02 17:31 - 00602112 _____ (OldTimer Tools) C:\Users\egon\Desktop\OTL.exe
2014-06-01 14:32 - 2014-06-01 14:32 - 00001468 _____ () C:\Users\egon\Desktop\mbam.txt
2014-06-01 14:04 - 2014-06-01 14:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 14:04 - 2014-06-01 14:04 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-01 14:04 - 2014-06-01 14:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 14:04 - 2014-06-01 14:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-01 14:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-01 14:04 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-01 14:04 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-01 14:03 - 2014-06-01 14:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\egon\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-01 13:58 - 2014-06-01 13:58 - 00000977 _____ () C:\Users\egon\Desktop\JRT.txt
2014-06-01 13:53 - 2014-06-01 14:25 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 13:52 - 2014-06-01 13:52 - 01016261 _____ (Thisisu) C:\Users\egon\Desktop\JRT.exe
2014-06-01 13:46 - 2014-06-01 13:46 - 00008660 _____ () C:\Users\egon\Desktop\AdwCleaner[S0].txt
2014-06-01 13:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-01 13:41 - 2014-06-01 13:42 - 00000000 ____D () C:\AdwCleaner
2014-06-01 13:39 - 2014-06-01 13:39 - 01327971 _____ () C:\Users\egon\Desktop\adwcleaner_3.211.exe
2014-06-01 12:58 - 2014-06-02 21:15 - 00000000 ____D () C:\Users\egon\Desktop\FRST-OlderVersion
2014-05-31 21:31 - 2014-05-31 21:31 - 00000000 ___SD () C:\ComboFix
2014-05-31 19:24 - 2014-05-31 19:24 - 00000000 ____D () C:\Qoobox
2014-05-31 19:24 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-31 19:24 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-31 19:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-31 19:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-31 19:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-31 19:24 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-31 19:24 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-31 19:24 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-31 19:22 - 2014-05-31 21:31 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-31 19:22 - 2014-05-31 19:22 - 05203398 ____R (Swearware) C:\Users\egon\Desktop\ComboFix.exe
2014-05-31 19:22 - 2014-05-31 19:22 - 00000000 ____D () C:\Windows\erdnt
2014-05-31 19:01 - 2014-05-31 19:01 - 00000554 _____ () C:\Users\egon\Desktop\Problemsignatur.txt
2014-05-31 18:35 - 2014-05-31 18:35 - 291155312 _____ () C:\Windows\MEMORY.DMP
2014-05-31 18:35 - 2014-05-31 18:35 - 00143544 _____ () C:\Windows\Minidump\Mini053114-01.dmp
2014-05-31 18:35 - 2014-05-31 18:35 - 00000000 ____D () C:\Windows\Minidump
2014-05-31 15:50 - 2014-05-31 15:50 - 00380416 _____ () C:\Users\egon\Desktop\fz6jr33b.exe
2014-05-31 14:36 - 2014-06-01 14:36 - 00029919 _____ () C:\Users\egon\Desktop\Addition.txt
2014-05-31 14:34 - 2014-06-02 21:16 - 00012046 _____ () C:\Users\egon\Desktop\FRST.txt
2014-05-31 14:34 - 2014-06-02 21:16 - 00000000 ____D () C:\FRST
2014-05-31 14:33 - 2014-06-02 21:15 - 01059840 _____ (Farbar) C:\Users\egon\Desktop\FRST.exe
2014-05-31 14:31 - 2014-05-31 14:32 - 00000470 _____ () C:\Users\egon\Desktop\defogger_disable.log
2014-05-31 14:31 - 2014-05-31 14:31 - 00000000 _____ () C:\Users\egon\defogger_reenable
2014-05-31 14:29 - 2014-05-31 14:29 - 00050477 _____ () C:\Users\egon\Desktop\Defogger.exe
2014-05-15 20:21 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 20:17 - 2014-05-05 21:31 - 06021120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 20:17 - 2014-05-05 21:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 20:17 - 2014-05-05 20:47 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

==================== One Month Modified Files and Folders =======

2014-06-02 21:16 - 2014-05-31 14:34 - 00012046 _____ () C:\Users\egon\Desktop\FRST.txt
2014-06-02 21:16 - 2014-05-31 14:34 - 00000000 ____D () C:\FRST
2014-06-02 21:16 - 2008-11-14 16:59 - 00000000 ____D () C:\Users\egon\AppData\Local\Temp
2014-06-02 21:15 - 2014-06-01 12:58 - 00000000 ____D () C:\Users\egon\Desktop\FRST-OlderVersion
2014-06-02 21:15 - 2014-05-31 14:33 - 01059840 _____ (Farbar) C:\Users\egon\Desktop\FRST.exe
2014-06-02 21:15 - 2009-12-19 14:18 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 21:15 - 2009-12-19 14:18 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 21:11 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 21:11 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 21:11 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 21:09 - 2014-06-02 21:15 - 00036398 _____ () C:\Users\egon\Desktop\06022014_210932.log
2014-06-02 21:09 - 2014-06-02 21:09 - 00000000 ____D () C:\_OTL
2014-06-02 21:09 - 2008-10-15 20:38 - 01608634 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 21:09 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-02 21:04 - 2008-10-15 22:53 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-06-02 17:46 - 2014-06-02 17:46 - 00125566 _____ () C:\Users\egon\Desktop\OTL.Txt
2014-06-02 17:46 - 2014-06-02 17:46 - 00053174 _____ () C:\Users\egon\Desktop\Extras.Txt
2014-06-02 17:31 - 2014-06-02 17:31 - 00602112 _____ (OldTimer Tools) C:\Users\egon\Desktop\OTL.exe
2014-06-02 17:27 - 2008-11-14 17:21 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{B5651F0E-2EE9-4B34-8DEB-ED7D2B7F25BD}.job
2014-06-02 17:25 - 2008-01-21 04:47 - 00303168 _____ () C:\Windows\PFRO.log
2014-06-01 14:36 - 2014-05-31 14:36 - 00029919 _____ () C:\Users\egon\Desktop\Addition.txt
2014-06-01 14:32 - 2014-06-01 14:32 - 00001468 _____ () C:\Users\egon\Desktop\mbam.txt
2014-06-01 14:30 - 2014-06-01 14:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 14:25 - 2014-06-01 13:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 14:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-01 14:04 - 2014-06-01 14:04 - 00000906 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-01 14:04 - 2014-06-01 14:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 14:04 - 2014-06-01 14:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-01 14:03 - 2014-06-01 14:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\egon\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-01 13:58 - 2014-06-01 13:58 - 00000977 _____ () C:\Users\egon\Desktop\JRT.txt
2014-06-01 13:52 - 2014-06-01 13:52 - 01016261 _____ (Thisisu) C:\Users\egon\Desktop\JRT.exe
2014-06-01 13:50 - 2006-11-02 12:33 - 01568228 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-01 13:46 - 2014-06-01 13:46 - 00008660 _____ () C:\Users\egon\Desktop\AdwCleaner[S0].txt
2014-06-01 13:42 - 2014-06-01 13:41 - 00000000 ____D () C:\AdwCleaner
2014-06-01 13:39 - 2014-06-01 13:39 - 01327971 _____ () C:\Users\egon\Desktop\adwcleaner_3.211.exe
2014-05-31 21:31 - 2014-05-31 21:31 - 00000000 ___SD () C:\ComboFix
2014-05-31 21:31 - 2014-05-31 19:22 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-31 19:24 - 2014-05-31 19:24 - 00000000 ____D () C:\Qoobox
2014-05-31 19:22 - 2014-05-31 19:22 - 05203398 ____R (Swearware) C:\Users\egon\Desktop\ComboFix.exe
2014-05-31 19:22 - 2014-05-31 19:22 - 00000000 ____D () C:\Windows\erdnt
2014-05-31 19:01 - 2014-05-31 19:01 - 00000554 _____ () C:\Users\egon\Desktop\Problemsignatur.txt
2014-05-31 19:01 - 2008-12-25 16:08 - 00002631 _____ () C:\Users\egon\Desktop\Microsoft Office Word 2007.lnk
2014-05-31 18:35 - 2014-05-31 18:35 - 291155312 _____ () C:\Windows\MEMORY.DMP
2014-05-31 18:35 - 2014-05-31 18:35 - 00143544 _____ () C:\Windows\Minidump\Mini053114-01.dmp
2014-05-31 18:35 - 2014-05-31 18:35 - 00000000 ____D () C:\Windows\Minidump
2014-05-31 18:22 - 2008-11-14 16:59 - 00000000 ____D () C:\Users\egon
2014-05-31 16:34 - 2008-11-15 15:24 - 00000000 ____D () C:\ProgramData\HP
2014-05-31 15:50 - 2014-05-31 15:50 - 00380416 _____ () C:\Users\egon\Desktop\fz6jr33b.exe
2014-05-31 14:32 - 2014-05-31 14:31 - 00000470 _____ () C:\Users\egon\Desktop\defogger_disable.log
2014-05-31 14:31 - 2014-05-31 14:31 - 00000000 _____ () C:\Users\egon\defogger_reenable
2014-05-31 14:29 - 2014-05-31 14:29 - 00050477 _____ () C:\Users\egon\Desktop\Defogger.exe
2014-05-31 14:26 - 2008-12-25 16:07 - 00002735 _____ () C:\Users\egon\Desktop\Microsoft Office Outlook 2007.lnk
2014-05-30 19:29 - 2012-10-20 14:17 - 00000000 ____D () C:\Windows\pss
2014-05-30 19:23 - 2013-02-23 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-30 19:23 - 2013-02-23 21:22 - 00000000 ____D () C:\Program Files\Avira
2014-05-30 19:20 - 2013-02-23 21:22 - 00000000 ____D () C:\ProgramData\Avira
2014-05-30 19:19 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-30 19:14 - 2008-12-25 16:02 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-05-30 18:56 - 2013-05-12 16:21 - 00000000 ____D () C:\Users\egon\AppData\Roaming\IrfanView
2014-05-27 15:38 - 2013-02-23 21:22 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 15:38 - 2013-02-23 21:22 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 10:44 - 2009-03-24 18:29 - 00001052 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-05-22 17:04 - 2010-07-10 17:26 - 00000000 ____D () C:\Users\egon\Documents\freewayprogramm
2014-05-20 20:03 - 2009-01-08 20:22 - 00012350 _____ () C:\Users\egon\Desktop\Volksmusik Musik Radio Webradio Internetradio Netradio.url
2014-05-15 20:32 - 2013-08-14 21:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:28 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-12 07:26 - 2014-06-01 14:04 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-01 14:04 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-01 14:04 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 20:17 - 2009-05-07 18:15 - 00000162 _____ () C:\Users\egon\Desktop\eBay Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr – alles zu günstigen Preisen.url
2014-05-05 21:31 - 2014-05-15 20:17 - 06021120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:31 - 2014-05-15 20:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 20:47 - 2014-05-15 20:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

Some content of TEMP:
====================
C:\Users\egon\AppData\Local\Temp\avgnt.exe
C:\Users\egon\AppData\Local\Temp\iv_uninstall.exe
C:\Users\egon\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-02 18:18

==================== End Of Log ============================
         
--- --- ---

Alt 03.06.2014, 18:03   #12
M-K-D-B
/// TB-Ausbilder
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Wir kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.







Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 2
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.06.2014, 21:58   #13
thomasN
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Sitze jetzt an meinem eigenen Rechner, der Virenscanner läuft gerade auf dem verseuchten Laptop meines Vaters und hat bereits 4 Bedrohungen erkannt.

Soll / muss ihn trotzdem im Anschluss deinstallieren, bevor ich SecurityCheck laufen lasse, oder kann ich ihn erst mal installiert lassen, da er später ggf. noch mal gebraucht wird?

ok, habe den virenscanner einfach mal nicht desinstalliert, da ja funde angezeigt wurden. die ask-toolbar kann ruhig weg! hier dann die logs:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.83  
 Windows Vista Service Pack 2 x86   
 Internet Explorer 8 Out of date! 
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Google Chrome 16.0.912.63  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=e6f9374623c283468e277c8340f80846
# engine=18537
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-03 08:42:44
# local_time=2014-06-03 10:42:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 104988 146330938 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 281261 239360892 0 0
# scanned=133462
# found=9
# cleaned=0
# scan_time=6737
sh=DCD4D22367AAF3BFED0FA8E437A0B91521CE4BFE ft=1 fh=69052ff743136696 vn="Variante von Win32/Kryptik.BPIB Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\1hrfr0t7.dss.xBAD"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\egon\AppData\Local\Temp\avnwldrtemp\setup\ApnIC.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\egon\AppData\Local\Temp\avnwldrtemp\setup\ApnToolbarInstaller.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJT9RJMB\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSNHFVGI\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\Temp\AskSLib.dll"
         

Alt 04.06.2014, 17:00   #14
M-K-D-B
/// TB-Ausbilder
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Wenn du die AskToolbar nicht haben willst, dann deinstalliere AntiVir und installiere einen anderen Virenscanner (siehe weiter unten, da sind zwei Vorschläge).





Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Schritt 1
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 2
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.






Zitat:
Sitze jetzt an meinem eigenen Rechner, der Virenscanner läuft gerade auf dem verseuchten Laptop meines Vaters und hat bereits 4 Bedrohungen erkannt.
Willst du den Rechner deines Vaters auch noch hier überprüfen?
Wenn ja, bitte die Logdatei des Virenscanners posten.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 04.06.2014, 17:25   #15
thomasN
 
AntiVir funktioniert nicht mehr - Standard

AntiVir funktioniert nicht mehr



Es kommt beim hochfahren noch die Meldung "Windows Defender - Fehler bei Anwendungsinitialisierung 0x800106ba" der Dienst dieses Programmes........wurde angehalten. Was kann das noch sein?

Antwort

Themen zu AntiVir funktioniert nicht mehr
antivir, antivirus, association, avira, ebay, excel, failed, flash player, funktioniert nicht mehr, google, helper, home, homepage, installation, logfile, realtek, registry, rundll, scan, security, software, starten, super, svchost.exe, symantec, system, vista, windows



Ähnliche Themen: AntiVir funktioniert nicht mehr


  1. avast und mcaffee arbeiten nicht mehr und die Tastatur funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 03.11.2014 (1)
  2. IE funktioniert nicht mehr (vermutlich nach Java Update..)- komme nicht mehr ins Internet
    Log-Analyse und Auswertung - 16.06.2014 (6)
  3. Auf einmal ging mein driver Genius nicht mehr und nach neuinstalation steht (Online Downloader funktioniert nicht mehr
    Alles rund um Windows - 13.05.2014 (2)
  4. Antivir Live CD meldet 36 Funde, dies und das funktioniert nicht mehr. Bin ratlos.
    Plagegeister aller Art und deren Bekämpfung - 17.07.2013 (15)
  5. ANtivir: Yontoo.Gen2-Spotify funktioniert nicht mehr-Vista
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (26)
  6. Trojan.Ransom.ANC - Browser funktioniert nicht mehr - Virenprogramme funktionieren nicht mehr
    Log-Analyse und Auswertung - 30.10.2012 (2)
  7. Avira Antivir funktioniert nicht mehr - updated auch nicht - sowie Windows Warnung
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (7)
  8. Trojan.Spyeyes, Taskmanager nicht mehr auffindbar, Acrobat Reader funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 17.10.2011 (8)
  9. antivir funktioniert nicht mehr! langsamer systemstart! trojaner?
    Plagegeister aller Art und deren Bekämpfung - 31.03.2011 (9)
  10. Avira Antivir startet nicht mehr - Download von Dateien nicht mehr möglich
    Log-Analyse und Auswertung - 06.10.2010 (34)
  11. Nach Antimalware Doctor weiterhin Probleme: 1. AntiVir funktioniert nicht mehr 2. Explorer und Mozil
    Log-Analyse und Auswertung - 01.08.2010 (28)
  12. Antivir Solution Pro rkill funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (6)
  13. TR/Fraud.pack macht pc langsamer und antivir funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (14)
  14. Intel Atom Laptop - IE Funktioniert nicht, Antivir Programm funktioniert nicht.
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (1)
  15. antivir & internet funktioniert nicht mehr trotz scheinbarer "bereinigung"
    Plagegeister aller Art und deren Bekämpfung - 22.09.2009 (5)
  16. AntiVir update funktioniert nicht.
    Log-Analyse und Auswertung - 11.01.2009 (4)
  17. artm_new.dll infiziert + AntiVir funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 25.08.2006 (1)

Zum Thema AntiVir funktioniert nicht mehr - Hallo, habe den Laptop von meinem Vater hier stehen, sein Antivir funktioniert nicht mehr. Es lässt sich weder starten, noch deinstallieren. Außerdem kommt beim hochfahren eine Meldung: RegSvr32 - Datei - AntiVir funktioniert nicht mehr...
Archiv
Du betrachtest: AntiVir funktioniert nicht mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.