Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   wie entferne ich delta search? (https://www.trojaner-board.de/131763-entferne-delta-search.html)

ryder 08.03.2013 21:38
Dann brauche ich nochmals ein Logfile.

Kontrollscan mit OTL
  • Starte bitte OTL.exe - falls noch nicht vorhanden: LINK
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.

ryder 10.03.2013 11:38
Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

st92aut 11.03.2013 11:42
Code:
OTL logfile created on: 11.03.2013 11:26:39 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Stefan.Erwin-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 38,61% Memory free
7,99 Gb Paging File | 5,33 Gb Available in Paging File | 66,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,24 Gb Total Space | 154,96 Gb Free Space | 34,27% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS
 
Computer Name: ERWIN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.08 21:40:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan.Erwin-PC\Desktop\OTL.exe
PRC - [2013.03.08 09:57:47 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Stefan.Erwin-PC\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013.02.26 22:07:30 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
PRC - [2013.02.25 07:39:34 | 001,602,984 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.02.19 17:44:37 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.12.05 11:11:30 | 019,721,728 | ---- | M] (Europe Support Ltd. N.V.) -- C:\Games\Game Alarm\gamealarm.exe
PRC - [2012.11.19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012.11.02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012.08.08 21:31:14 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012.07.02 16:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.25 20:54:00 | 000,046,592 | ---- | M] (AlcaTech) -- C:\Windows\SysWOW64\mmrtkrnl.exe
PRC - [2011.01.20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.05.20 22:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 22:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.05.20 15:26:26 | 000,119,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009.07.23 11:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.08 09:57:46 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Stefan.Erwin-PC\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013.03.07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Stefan.Erwin-PC\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013.03.07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Stefan.Erwin-PC\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013.02.26 22:07:30 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2013.02.25 07:39:32 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.02.19 11:48:10 | 020,340,648 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.02.14 08:19:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.13 16:11:21 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.13 16:10:34 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.13 16:10:05 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.13 16:09:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.13 16:09:53 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.13 16:09:16 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.18 18:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll
MOD - [2012.12.11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.12.05 11:11:25 | 000,159,744 | ---- | M] () -- C:\Games\Game Alarm\rt\jetrt\baseline720.dll
MOD - [2012.12.05 11:11:25 | 000,126,976 | ---- | M] () -- C:\Games\Game Alarm\rt\bin\zip.dll
MOD - [2012.12.05 11:11:24 | 000,069,632 | ---- | M] () -- C:\Games\Game Alarm\rt\bin\java.dll
MOD - [2012.12.05 11:11:24 | 000,020,480 | ---- | M] () -- C:\Games\Game Alarm\rt\bin\jetvm\jvm.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.23 11:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009.06.17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009.06.17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.06.17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.07.02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2013.03.08 09:57:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.06 13:49:07 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.02.26 22:07:31 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.19 17:44:37 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.08.08 21:31:14 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.04.15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.05.20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.07.22 09:17:44 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.30 03:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009.03.30 03:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.07.10 04:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.19 17:44:37 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.12.10 03:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.11.08 03:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.08.24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.04.19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 18:11:07 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2012.01.31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.01.20 22:27:10 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.01.20 22:27:09 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.12.23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.05 17:51:30 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.05.20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009.09.22 01:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.10 14:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.09.04 14:13:24 | 000,216,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.07.24 14:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.07.22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.07.21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.07.15 00:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009.07.08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009.07.02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.05.23 07:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2007.05.14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{080C322C-E637-4D15-BB12-D4358A930F26}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{471FBB71-1978-4790-BA25-50BB38B32F87}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{71E2801D-0144-4781-9C2D-14BCBFF9B353}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{080C322C-E637-4D15-BB12-D4358A930F26}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{471FBB71-1978-4790-BA25-50BB38B32F87}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{71E2801D-0144-4781-9C2D-14BCBFF9B353}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\..\SearchScopes\{42F43F09-6AE4-49B8-A5A5-D67F1E1DFB69}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=B394B356-AEE4-4430-A45F-DE947BB54DE5&apn_sauid=CF0C05E0-F995-44C2-ACA9-24F1415702F5
IE - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de
IE - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Stefan.Erwin-PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stefan.Erwin-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Stefan.Erwin-PC\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.30 02:05:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.08.15 22:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 09:57:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 09:57:42 | 000,000,000 | ---D | M]
 
[2012.08.19 01:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Extensions
[2013.01.25 09:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\C\Users\Stefan.Erwin-PC\AppData\Roaming\Mozilla\Profiles\br6kxgxy.Standard-Benutzer\extensions
[2013.01.25 09:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\C\Users\Stefan.Erwin-PC\AppData\Roaming\Mozilla\Profiles\br6kxgxy.Standard-Benutzer\extensions\{4373e9b4-0a12-4112-8e3d-36ded19ee3dd}
[2013.03.03 10:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2013.02.18 09:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\c5j3tz8v.default\extensions
[2013.02.18 09:05:11 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\c5j3tz8v.default\extensions\toolbar@ask.com
[2013.03.03 11:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\Stefan.Erwin-PC\AppData\Roaming\Mozilla\Profiles\br6kxgxy.Standard-Benutzer\extensions
[2013.03.06 20:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Profiles\br6kxgxy.Standard-Benutzer\extensions
[2013.03.03 10:53:58 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi
[2013.03.08 09:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 09:57:41 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013.03.08 09:57:41 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak
[2013.03.08 09:57:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 11:06:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={8E801FDB-53D4-453D-AAA0-E926C2A2E65A}&mid=5aa5072a829547d0a293d16fd8670468-27c479bf54bc19b9f22776aacc32ae206c09defe&lang=de&ds=AVG&pr=pr&d=2012-08-15 23:35:49&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=1c81958b000000000000904ce50decbf
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Stefan.Erwin-PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Stefan.Erwin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Stefan.Erwin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013.03.05 23:33:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\SysWow64\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005..\Run: [Facebook Update] C:\Users\Stefan.Erwin-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005..\Run: [GoogleChromeAutoLaunch_6428AB03B42E92A86FFF32455D8C7359] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Stefan.Erwin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Stefan.Erwin-PC\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Stefan.Erwin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O4 - Startup: C:\Users\Stefan.Erwin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan.Erwin-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan.Erwin-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.170.234.122 193.170.109.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA7B6516-A663-4EAE-8E8F-8EDE6809C618}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA92405A-2AA9-4546-964D-8016BF7078D0}: DhcpNameServer = 193.170.234.122 193.170.109.23
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.11 10:34:56 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{B864AA8B-EC14-4E47-AB49-3061BE9F0ED6}
[2013.03.09 04:16:34 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2013.03.09 04:16:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.08 21:40:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan.Erwin-PC\Desktop\OTL.exe
[2013.03.08 21:18:41 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{B2AAD3C0-9E6F-464D-BF03-3C123801040B}
[2013.03.08 09:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.08 09:23:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.08 09:23:24 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.08 09:17:54 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{9FE9EAD3-6E58-4511-97F4-C084FE11EF4C}
[2013.03.07 21:00:10 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{0A9BFC43-1D14-4DFD-82D4-216697838F51}
[2013.03.07 20:53:09 | 000,547,791 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Stefan.Erwin-PC\Desktop\JRT.exe
[2013.03.07 08:59:20 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{9A8BF543-C178-4635-B6DD-6E4A6A0888B2}
[2013.03.06 20:40:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{CC095430-0598-4E52-BC94-7C22BB49FCEB}
[2013.03.06 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye
[2013.03.06 09:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.03.06 08:35:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.06 00:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013.03.06 00:24:59 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\DayZCommander
[2013.03.06 00:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
[2013.03.06 00:24:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2013.03.06 00:21:23 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\ArmA 2 OA
[2013.03.05 23:39:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.05 21:51:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.05 21:51:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.05 21:51:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.05 21:51:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.05 21:51:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.05 21:51:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.05 21:48:35 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\Documents\ArmA 2
[2013.03.05 21:48:35 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\ArmA 2
[2013.03.05 21:47:43 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\Stefan.Erwin-PC\Desktop\ComboFix.exe
[2013.03.05 21:13:32 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{695D9DB0-1E62-4C0F-BE82-5519697FBD28}
[2013.03.05 10:23:04 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\Desktop\Presentations
[2013.03.05 09:13:08 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{44C56A8C-4EB9-44AA-AEB4-2381C61DF726}
[2013.03.04 21:12:31 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{8771721A-AE45-40F1-9BA5-AF477E625182}
[2013.03.04 09:11:13 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{331E2223-D362-4393-A7D2-63FDA9B2D30D}
[2013.03.03 14:18:52 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\Stefan.Erwin-PC\Desktop\dds+.exe
[2013.03.03 14:02:38 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan.Erwin-PC\Desktop\TFC.exe
[2013.03.03 12:22:48 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{96ABA07D-4C76-4BBD-86FE-1CD48060D4D2}
[2013.03.03 10:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it
[2013.03.03 10:47:24 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\SynthMaker
[2013.03.03 10:44:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Image-Line
[2013.03.02 10:40:44 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.03.02 00:22:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{107A3117-BCF3-43FC-A48D-2F804C92A9D1}
[2013.03.01 01:08:27 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{F24DB414-02F9-49BE-97C2-8A544313DB2A}
[2013.02.28 13:08:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{88CD3757-8038-463F-800C-66221F2A8D00}
[2013.02.28 01:07:26 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{8AA749A5-C77E-42E7-83FE-11BB179E4CF1}
[2013.02.27 13:07:01 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{89248735-3931-41BE-97B2-34CFA8552AC2}
[2013.02.27 01:06:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{65AEFE18-C43D-49E5-B284-1BCE0F0C67E8}
[2013.02.26 13:06:00 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{3A02F330-C720-4D48-AA91-16C7AB340866}
[2013.02.26 01:05:23 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{E5B052E9-A8C4-4864-827B-F544343EEB3D}
[2013.02.25 13:03:24 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{F2DBCBB7-2881-471A-ABC6-E99DDBA272E5}
[2013.02.24 12:45:39 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{9527A4B9-B7F2-4D76-9946-20C917491A67}
[2013.02.23 16:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.23 16:04:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.23 16:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.23 14:42:19 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{AC24E795-B5EF-49CB-AB4E-E897837A3EAC}
[2013.02.22 10:11:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{1B8E6ECA-38E7-4457-8DAD-3A7896A228A1}
[2013.02.21 22:27:31 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{A0E696F7-300F-4388-9D1E-41870471E661}
[2013.02.21 10:27:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{BD05C9C4-7E0E-4F94-AC04-CEFB78222CBF}
[2013.02.20 21:23:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{34E8E101-98C2-467B-B466-A5421E1B248A}
[2013.02.20 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{9A8E0CAB-B295-4583-9951-826EFC9387FA}
[2013.02.19 21:22:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{A9BE55A3-343A-4D24-B51B-5D3D4D813A7C}
[2013.02.19 09:21:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{3BA7A012-1D06-44BD-97A0-723DDF79A8FD}
[2013.02.18 16:38:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{B634AC71-8CD7-4BAD-89D1-FB8753EC9AEB}
[2013.02.18 09:41:56 | 000,000,000 | --SD | C] -- C:\Users\Stefan.Erwin-PC\Documents\Meine Shapes
[2013.02.18 00:59:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{7B245D2A-5A99-446C-BBF5-632E562D4908}
[2013.02.17 13:48:29 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2013.02.17 13:48:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2013.02.17 13:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2013.02.17 13:19:07 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2013.02.17 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2013.02.17 13:19:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\Documents\Image-Line
[2013.02.17 13:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.02.17 13:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2013.02.17 12:59:30 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{78604B88-C301-4040-8644-9891C98079F2}
[2013.02.17 00:58:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{00EC3AFC-CF97-468D-85D9-5FAA4E2BA841}
[2013.02.16 12:58:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{421E5410-1939-486F-A4D5-5AEC55FFCB1E}
[2013.02.16 00:58:04 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{6DD0DB7F-AC16-468A-A341-B9C5503000E6}
[2013.02.15 20:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2013.02.15 20:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013.02.15 12:57:04 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{B6518FC0-CFA2-4556-8759-4CFCB2F0A7FC}
[2013.02.15 11:27:15 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{E7D0D2AD-BC62-4977-A0A5-CC679C5F81C2}
[2013.02.14 22:09:20 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{9F2D1B11-C0F4-448F-83BC-7339621D9C28}
[2013.02.14 08:23:42 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{503C538E-5339-44A8-8B8E-A84CD93EDE23}
[2013.02.13 08:51:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{2211D6A0-1A10-4DA2-BB6D-6617A97967C2}
[2013.02.13 07:35:36 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{2C59A54D-1515-44AB-8467-3503E5A62BEB}
[2013.02.12 21:15:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{4C6722BE-A543-41C4-8660-14AB700C6E92}
[2013.02.12 09:15:26 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{6A33D9A3-FC33-4057-B5A7-EB458F4217ED}
[2013.02.11 14:31:55 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{EFE25F64-735D-4C38-A0CD-520433077D05}
[2013.02.10 15:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2013.02.10 15:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.02.10 15:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2013.02.10 12:25:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan.Erwin-PC\AppData\Local\{41AA09DE-A736-40F3-B6F8-A9E656F5F47B}
[3 C:\Users\Stefan.Erwin-PC\Desktop\*.tmp files -> C:\Users\Stefan.Erwin-PC\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.11 11:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.11 10:57:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.11 10:16:01 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1462203106-3395138808-3887170014-1005UA.job
[2013.03.11 09:48:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 09:48:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 09:40:16 | 112,868,631 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013.03.11 08:34:08 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.11 08:33:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.11 08:33:25 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.10 22:16:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1462203106-3395138808-3887170014-1005Core.job
[2013.03.09 04:16:37 | 000,001,330 | ---- | M] () -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.03.08 21:40:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan.Erwin-PC\Desktop\OTL.exe
[2013.03.07 20:53:11 | 000,547,791 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Stefan.Erwin-PC\Desktop\JRT.exe
[2013.03.06 00:24:27 | 000,001,336 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013.03.05 23:33:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.05 21:47:58 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\Stefan.Erwin-PC\Desktop\ComboFix.exe
[2013.03.04 12:01:25 | 000,000,714 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.04 11:54:58 | 000,477,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.04 10:09:14 | 001,845,584 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.04 10:09:14 | 000,779,478 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.04 10:09:14 | 000,732,294 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.04 10:09:14 | 000,181,508 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.04 10:09:14 | 000,153,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.04 09:34:35 | 000,000,035 | ---- | M] () -- C:\Windows\SIERRA.INI
[2013.03.03 14:18:05 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\Stefan.Erwin-PC\Desktop\dds+.exe
[2013.03.03 14:02:40 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan.Erwin-PC\Desktop\TFC.exe
[2013.03.03 13:44:08 | 000,594,019 | ---- | M] () -- C:\Users\Stefan.Erwin-PC\Desktop\adwcleaner.exe
[2013.02.27 11:49:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2013.02.20 10:10:31 | 001,671,168 | ---- | M] () -- C:\Users\Stefan.Erwin-PC\Desktop\Microsoft Access Datenbank (neu).accdb
[2013.02.19 17:44:37 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.02.18 10:54:57 | 002,371,584 | ---- | M] () -- C:\Users\Stefan.Erwin-PC\Documents\Database9.accdb
[2013.02.18 09:46:01 | 000,606,208 | ---- | M] () -- C:\Users\Stefan.Erwin-PC\Documents\Database8.accdb
[2013.02.17 19:26:20 | 000,130,634 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013.02.15 23:59:09 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForStefan.job
[2013.02.13 22:13:23 | 000,012,342 | ---- | M] () -- C:\Users\Stefan.Erwin-PC\Desktop\wappen64x64.bmp
[2013.02.10 15:24:00 | 000,001,842 | ---- | M] () -- C:\Users\Stefan.Erwin-PC\Desktop\TERA.lnk
[3 C:\Users\Stefan.Erwin-PC\Desktop\*.tmp files -> C:\Users\Stefan.Erwin-PC\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.06 00:24:27 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013.03.05 21:51:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.05 21:51:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.05 21:51:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.05 21:51:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.05 21:51:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.03 13:45:02 | 000,000,714 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.03 13:44:07 | 000,594,019 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Desktop\adwcleaner.exe
[2013.02.27 11:49:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2013.02.18 09:46:13 | 002,371,584 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Documents\Database9.accdb
[2013.02.18 09:43:05 | 000,606,208 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Documents\Database8.accdb
[2013.02.18 09:42:35 | 001,671,168 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Desktop\Microsoft Access Datenbank (neu).accdb
[2013.02.15 21:03:27 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForStefan.job
[2013.02.13 21:59:55 | 000,012,342 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Desktop\wappen64x64.bmp
[2013.02.12 22:11:54 | 000,001,330 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.02.10 15:24:00 | 000,001,842 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Desktop\TERA.lnk
[2012.06.19 20:54:52 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.07 18:00:48 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.06.01 12:01:31 | 000,000,155 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\.appletviewer
[2012.05.18 08:32:06 | 000,000,097 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\hello.bat
[2012.05.14 23:21:49 | 000,007,624 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\AppData\Local\Resmon.ResmonCfg
[2012.03.30 11:00:48 | 000,000,000 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Untitled6.sql
[2012.03.27 08:07:59 | 000,000,000 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Untitled5.sql
[2012.03.23 11:50:10 | 000,001,703 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Untitled4.sql
[2012.03.23 11:19:52 | 000,000,002 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Untitled3.sql
[2012.03.13 10:17:53 | 000,000,184 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Untitled2.sql
[2012.03.06 10:04:30 | 000,000,085 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Untitled1.sql
[2012.02.24 01:14:45 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.02.24 01:14:45 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.02.24 01:14:45 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.02.24 01:02:48 | 000,038,597 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.02.03 12:02:17 | 000,000,047 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\Untitled.sql
[2011.10.21 09:06:02 | 000,000,208 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\.packettracer
[2011.10.05 11:44:24 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.08.08 12:03:30 | 000,283,312 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.08 12:03:12 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.07 02:05:36 | 000,000,103 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\AppData\Local\fusioncache.dat
[2011.07.07 16:34:34 | 000,001,854 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\GhostObjGAFix.xml
[2011.07.06 22:38:42 | 000,000,000 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\AppData\Local\{2997501A-BA22-44AD-8F5A-EB6378971098}
[2011.06.12 15:56:33 | 117,349,376 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\kavkis.msi
[2011.06.09 06:07:23 | 001,823,478 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.05 22:32:35 | 019,087,301 | ---- | C] () -- C:\Users\Stefan.Erwin-PC\AppData\Local\tmpREISEPASS_SCHEITHAUER.0
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.31 09:09:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.01.31 09:09:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012.10.01 20:44:19 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\.minecraft
[2012.10.11 14:32:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\.techniclauncher
[2012.04.22 16:04:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\AlcaTech
[2012.08.15 22:44:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\AVG2012
[2012.01.25 19:03:57 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Azureus
[2013.03.03 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\BitComet
[2011.07.05 17:51:23 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\DAEMON Tools Lite
[2011.05.28 21:20:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\DAEMON Tools Pro
[2011.09.10 16:01:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Downloaded Installations
[2013.01.24 10:46:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\DVDVideoSoft
[2012.08.08 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\e-academy Inc
[2012.06.20 18:47:48 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\fltk.org
[2012.02.26 18:09:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\GetRightToGo
[2013.03.03 10:44:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Image-Line
[2011.10.11 21:38:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Kalypso Media
[2011.06.14 21:06:58 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2011.06.01 11:58:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Mount&Blade
[2012.06.28 15:02:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Mount&Blade Warband
[2011.12.07 14:57:41 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\OpenOffice.org
[2011.12.09 14:45:41 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Opera
[2012.12.18 11:26:19 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\RenPy
[2011.06.13 13:11:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Screenbrush
[2012.02.03 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\SQL Developer
[2012.01.31 09:53:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Subversion
[2013.03.03 10:47:24 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\SynthMaker
[2011.06.19 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\The Creative Assembly
[2012.09.20 13:09:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\TS3Client
[2011.12.08 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\ts3overlay
[2012.04.22 15:08:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\TuneUp Software
[2012.09.13 06:33:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Unity
[2012.01.15 13:22:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\wargaming.net
[2013.02.27 10:34:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\Webocton - Scriptly
[2011.06.24 09:41:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 

< End of report >
Entschuldigung, dass ich mich erst jz melde, hatte wenig zeit.
Das problem habe ich aber immer noch.

ryder 12.03.2013 15:20
Dann weiter


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Richte deine Chromestartseite neu ein.


Schritt 2:
Fix mit OTL
Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{080C322C-E637-4D15-BB12-D4358A930F26}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{471FBB71-1978-4790-BA25-50BB38B32F87}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{71E2801D-0144-4781-9C2D-14BCBFF9B353}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
IE - HKLM\..\SearchScopes\{080C322C-E637-4D15-BB12-D4358A930F26}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{471FBB71-1978-4790-BA25-50BB38B32F87}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}
IE - HKLM\..\SearchScopes\{71E2801D-0144-4781-9C2D-14BCBFF9B353}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
IE - HKU\S-1-5-21-1462203106-3395138808-3887170014-1005\..\SearchScopes\{42F43F09-6AE4-49B8-A5A5-D67F1E1DFB69}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}
[2013.02.18 09:05:11 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\c5j3tz8v.default\extensions\toolbar@ask.com
CHR - homepage: hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=1c81958b000000000000904ce50decbf



:commands
[Emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  • Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein! :kaffee:

st92aut 14.03.2013 09:29
Code:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{080C322C-E637-4D15-BB12-D4358A930F26}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{080C322C-E637-4D15-BB12-D4358A930F26}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{471FBB71-1978-4790-BA25-50BB38B32F87}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{471FBB71-1978-4790-BA25-50BB38B32F87}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71E2801D-0144-4781-9C2D-14BCBFF9B353}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71E2801D-0144-4781-9C2D-14BCBFF9B353}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{080C322C-E637-4D15-BB12-D4358A930F26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{080C322C-E637-4D15-BB12-D4358A930F26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{471FBB71-1978-4790-BA25-50BB38B32F87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{471FBB71-1978-4790-BA25-50BB38B32F87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71E2801D-0144-4781-9C2D-14BCBFF9B353}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71E2801D-0144-4781-9C2D-14BCBFF9B353}\ not found.
Registry key HKEY_USERS\S-1-5-21-1462203106-3395138808-3887170014-1005\Software\Microsoft\Internet Explorer\SearchScopes\{42F43F09-6AE4-49B8-A5A5-D67F1E1DFB69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42F43F09-6AE4-49B8-A5A5-D67F1E1DFB69}\ not found.
C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\c5j3tz8v.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\c5j3tz8v.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\c5j3tz8v.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\c5j3tz8v.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\c5j3tz8v.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\c5j3tz8v.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Stefan.Erwin-PC\AppData\Roaming\mozilla\Firefox\Profiles\c5j3tz8v.default\extensions\toolbar@ask.com folder moved successfully.
Use Chrome's Settings page to change the HomePage.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1-ERWIN-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Oliver
->Temp folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Stefan
->Temp folder emptied: 0 bytes
 
User: Stefan.Erwin-PC
->Temp folder emptied: 219060076 bytes
->Temporary Internet Files folder emptied: 2231356 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6424510 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 4445 bytes
 
User: STEFAN~1~ERW
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3127367 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50233 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 7626457 bytes
 
Total Files Cleaned = 227,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03142013_090634

Files\Folders moved on Reboot...
C:\Users\Stefan.Erwin-PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Problem besteht aber immer noch.

ryder 14.03.2013 10:53
Es gibt eine neue AdwCleaner Version. Bitte damit nochmals einen Durchlauf.

AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Alternativer Link: AdwCleaner Download

st92aut 15.03.2013 23:51
Code:
# AdwCleaner v2.114 - Datei am 15/03/2013 um 23:37:26 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Stefan - ERWIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan.Erwin-PC\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Secure Search

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v25.0.1364.152

-\\ Opera v11.60.1185.0

*************************

AdwCleaner[S1].txt - [382 octets] - [03/03/2013 13:44:44]
AdwCleaner[S2].txt - [20432 octets] - [03/03/2013 13:51:30]
AdwCleaner[S3].txt - [1023 octets] - [03/03/2013 13:53:37]
AdwCleaner[S4].txt - [380 octets] - [04/03/2013 09:17:49]
AdwCleaner[S5].txt - [1144 octets] - [04/03/2013 09:21:26]
AdwCleaner[S6].txt - [1198 octets] - [04/03/2013 12:01:15]
AdwCleaner[S7].txt - [1130 octets] - [15/03/2013 23:37:26]

########## EOF - C:\AdwCleaner[S7].txt - [1190 octets] ##########
Problem besteht immer noch.

ryder 16.03.2013 11:11
Okay.

Fragen:
Existiert das Problem in allen Browsern oder nur in bestimmten?
Seit wann ungefähr besteht es?

ryder 19.03.2013 15:26
Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

ryder 21.03.2013 19:33
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:34 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131