| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Desktopsymbole lassen sich nicht mehr anordnenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.10.2012, 01:03
| #1 |
 |  Desktopsymbole lassen sich nicht mehr anordnen Hallo Trojaner-Board, ich habe seit einigen Wochen das Problem, dass sich meine Desktopsymbole nach jedem Herunterfahren neu am Raster anordnen - das macht eine Ordnung auf dem Desktop unmöglich. Zudem läuft der Rechner langsamer als er Hardware-technisch meiner Meinung nach laufen müsste. Außerdem meldet sich öfters als normal (zumidnest kommt es mir so vor) der "Adobe Flashplayer". - traue der Sache nicht so ganz ... Ich bin aber im Internet bei meiner Lösungssuche über ähnliche Merkmale gestolpert. Leider zeigten alle bishergen Versuche das Problem in den Griff zubekommen keine Wirkung. Ich habe nun defogger laufen lassen: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:22 on 11/10/2012 (Tobi)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 11.10.2012 01:28:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobi\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 9,43 Gb Available Physical Memory | 78,62% Memory free 23,99 Gb Paging File | 21,42 Gb Available in Paging File | 89,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,95 Gb Total Space | 21,54 Gb Free Space | 14,46% Space Free | Partition Type: NTFS Drive E: | 153,38 Gb Total Space | 43,53 Gb Free Space | 28,38% Space Free | Partition Type: NTFS Drive F: | 465,65 Gb Total Space | 107,35 Gb Free Space | 23,05% Space Free | Partition Type: FAT32 Drive K: | 7,39 Gb Total Space | 7,07 Gb Free Space | 95,62% Space Free | Partition Type: FAT32 Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.11 01:27:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.08 23:55:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.08 21:37:55 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.08 14:22:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 14:22:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.12.14 13:59:19 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2011.12.14 13:41:55 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2011.09.22 18:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2011.09.14 12:05:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2009.10.01 14:44:44 | 001,748,992 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe PRC - [2008.12.10 17:03:44 | 001,736,704 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2012.07.27 22:51:54 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.09.14 00:09:45 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.08 12:50:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.08 21:37:55 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.05.10 21:21:48 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2012.05.08 14:22:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 14:22:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.09.22 18:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.05.20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.02.29 03:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe -- (jswpsapi) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.19 23:56:41 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.05.08 14:22:22 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 14:22:22 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.06.10 08:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.02 11:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.06.02 11:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.05.20 16:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000) DRV:64bit: - [2010.04.27 22:02:24 | 000,783,360 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.08.24 00:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.10.01 17:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2008.01.21 10:20:50 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728) DRV:64bit: - [2006.11.28 22:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64) DRV:64bit: - [2006.11.28 22:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64) DRV:64bit: - [2005.09.23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2012.05.10 21:20:14 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver4.2.0) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 0A C5 C1 95 33 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA@2020Technologies.com:5.0.93.0 FF - prefs.js..extensions.enabledAddons: client@anonymox.net:0.9.9 FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3 FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..network.proxy.http: "50.17.81.254" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.10.06 16:41:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 12:50:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.12 21:28:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 12:50:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.23 18:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions [2012.10.10 01:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\twpqihzq.default\extensions [2012.10.06 16:44:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\twpqihzq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.09.18 20:44:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\twpqihzq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.17 15:48:34 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\twpqihzq.default\extensions\2020Player_IKEA@2020Technologies.com [2012.10.03 00:38:34 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\twpqihzq.default\extensions\foxmarks@kei.com [2012.07.08 19:22:04 | 000,363,041 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\client@anonymox.net.xpi [2012.10.10 01:34:47 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\firebug@software.joehewitt.com.xpi [2012.07.28 12:26:04 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\stealthyextension@gmail.com.xpi [2012.03.29 10:59:14 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.08.23 21:21:00 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.07.26 18:43:12 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.14 00:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.08 12:50:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.08 12:50:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.19 09:23:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.01 12:10:07 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 09:23:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 09:23:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 09:23:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 09:23:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNDA3100\jswtrayutil.exe" File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SaitekInstall] C:\Windows\temp\Saitek\Saitek_Cyborg_Keyboard_SD6_64_Drivers\00000011\setup.exe (Saitek) O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found O8:64bit: - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found O8 - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31907D42-3897-4D5E-BED3-BCD19D86F370}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEF4E0CB-2C46-4B65-A1FD-E290529BBAAE}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e911b645-7ce0-11e1-80d4-5404a610285e}\Shell - "" = AutoRun O33 - MountPoints2\{e911b645-7ce0-11e1-80d4-5404a610285e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{fa94e2ec-2d5c-11e1-8c7c-5404a610285e}\Shell - "" = AutoRun O33 - MountPoints2\{fa94e2ec-2d5c-11e1-8c7c-5404a610285e}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.11 01:27:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2012.10.11 01:20:45 | 000,000,000 | R--D | C] -- C:\Users\Tobi\Desktop\Desktop [2012.10.03 18:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.09.20 09:25:57 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Nik Software [2012.09.20 09:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Nik Software [2012.09.20 09:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software [2012.09.14 00:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.14 00:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2012.10.11 01:28:02 | 000,000,086 | ---- | M] () -- C:\Users\Tobi\Desktop\Trojaner-Board - Neues Thema erstellen.URL [2012.10.11 01:27:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2012.10.11 01:22:36 | 000,000,000 | ---- | M] () -- C:\Users\Tobi\defogger_reenable [2012.10.11 01:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.11 01:20:36 | 000,050,477 | ---- | M] () -- C:\Users\Tobi\Desktop\Defogger.exe [2012.10.10 21:59:53 | 000,022,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 21:59:53 | 000,022,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 21:48:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.10 21:48:32 | 1072,259,070 | -HS- | M] () -- C:\hiberfil.sys [2012.10.09 04:19:08 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.09 04:19:08 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.09 04:19:08 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.09 04:19:08 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.09 04:19:08 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.06 16:31:53 | 009,747,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.16 21:44:25 | 000,001,456 | ---- | M] () -- C:\Users\Tobi\AppData\Local\Adobe Für Web speichern 12.0 Prefs ========== Files Created - No Company Name ========== [2012.10.11 01:28:02 | 000,000,086 | ---- | C] () -- C:\Users\Tobi\Desktop\Trojaner-Board - Neues Thema erstellen.URL [2012.10.11 01:22:36 | 000,000,000 | ---- | C] () -- C:\Users\Tobi\defogger_reenable [2012.10.11 01:20:35 | 000,050,477 | ---- | C] () -- C:\Users\Tobi\Desktop\Defogger.exe [2012.09.14 01:00:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.08.25 02:28:08 | 000,000,132 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.07.09 18:31:44 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.08 21:37:56 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.18 10:12:37 | 000,000,132 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\Adobe AIFF Format CS5 Prefs [2012.05.20 00:06:02 | 000,000,292 | ---- | C] () -- C:\Windows\EReg072.dat [2012.05.20 00:04:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ealtest.exe [2012.04.25 00:24:05 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat [2012.04.18 15:47:49 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.19 20:01:18 | 000,016,896 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.07 20:42:12 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.02.07 20:42:12 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012.02.05 03:43:16 | 000,001,456 | ---- | C] () -- C:\Users\Tobi\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.01.30 00:34:35 | 000,000,132 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.01.04 02:02:18 | 000,001,197 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\gd.db [2012.01.04 02:02:17 | 000,000,254 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\groovedown.settings [2011.12.22 13:11:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.22 13:04:16 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.12.22 13:04:16 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.12.22 13:00:55 | 000,044,674 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.12.22 12:59:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.12.22 12:59:45 | 000,034,198 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.09.22 18:31:04 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}\L [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.25 06:08:52 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Canneverbe Limited [2012.04.07 15:41:18 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.01.19 05:05:03 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\com.adobe.dmp.contentviewer [2012.05.20 00:02:44 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DAEMON Tools Lite [2012.04.25 00:24:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DonationCoder [2012.10.10 22:21:04 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Dropbox [2012.02.19 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DVDVideoSoft [2012.02.19 19:34:22 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.28 00:54:28 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Groovedown [2012.07.15 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Imagenomic [2012.04.26 00:42:16 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ImTOO [2012.01.04 02:02:17 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\lang [2012.07.11 03:10:56 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Omvoi [2011.12.29 17:24:00 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\OpenOffice.org [2012.07.09 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Osfuu [2012.04.16 04:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\PACE Anti-Piracy [2012.06.19 22:06:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Publish Providers [2012.06.19 22:43:52 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Sony [2012.03.26 03:05:04 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.01.04 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\TeamViewer [2011.12.25 04:54:40 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Thunderbird [2012.07.11 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Tumos ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1161 bytes -> C:\Users\Tobi\AppData\Local\Temp:scsZcEmaPZzMpIKz1jyc0DRw < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.10.2012 01:28:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
12,00 Gb Total Physical Memory | 9,43 Gb Available Physical Memory | 78,62% Memory free
23,99 Gb Paging File | 21,42 Gb Available in Paging File | 89,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 21,54 Gb Free Space | 14,46% Space Free | Partition Type: NTFS
Drive E: | 153,38 Gb Total Space | 43,53 Gb Free Space | 28,38% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 107,35 Gb Free Space | 23,05% Space Free | Partition Type: FAT32
Drive K: | 7,39 Gb Total Space | 7,07 Gb Free Space | 95,62% Space Free | Partition Type: FAT32
Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1089C6D7-5357-4B1A-A7A9-C7A090285683}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1582AAF0-01EC-45BC-93FB-83A2915E8A48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C86C4F5-7643-4328-A49D-79FCF2E95275}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28081D07-6C02-4BF4-82C9-40412D125E37}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E053FCE-137E-4A73-9D9A-697E8D5EB1D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36B0E66C-6854-434C-B98F-B2888A9A6283}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3CF78210-7676-4C2E-BFFA-F42103325226}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3E23D4EE-555E-40CA-B210-2A38613ECCCE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{465C3BDC-A5E6-4C4B-BEE7-2D0F09CF00E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{477997FC-B4C0-4B54-A39C-D42D0BF09185}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62B2CEFE-CDFF-465E-82AB-FD490528E506}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B07163F-D95B-4216-B18C-73B64421D356}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C268A15-A224-4195-9C0B-5A3466D4E6D9}" = rport=137 | protocol=17 | dir=out | app=system |
"{83C43FAA-1A79-4DD3-B7DE-051235B43BFF}" = lport=137 | protocol=17 | dir=in | app=system |
"{83C95608-AE39-4D9D-8AFA-80FB0E139C8C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1C18AA7-6E56-481A-B398-E193C16AC50F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A794480A-2BD4-480B-AC40-086F96D30CBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8E46CFD-77ED-40AC-9AEF-6C07A25E5A88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5665CC4-34B3-43DE-A0B2-14A1556E3171}" = lport=138 | protocol=17 | dir=in | app=system |
"{DAFA365F-7FFA-4B25-A750-2FFB33D9F381}" = lport=445 | protocol=6 | dir=in | app=system |
"{EFA1900C-0418-4D29-BD90-881D2E9314FF}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0889C194-60EB-4D6F-8D73-C77D9E0E50DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CEA7AA6-E0D6-4044-B4A0-085C33229906}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D97FECD-EAE6-46A2-8163-83BB578AEB8B}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |
"{0DD7188C-5F9C-452A-9CE3-ADE7AD0BAE72}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{101A5C4F-B2FC-4BD0-834A-B8449EEE9252}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1289783A-F882-4C5A-93EB-5A9754C3495A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{236AE738-0FDB-4BDE-BC45-AC30FCA15C2B}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{2733DA83-4E9B-494D-B8F0-5FA1BC88587D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2DF8F9DF-2308-4F6C-A9C9-20EBAB53E7E0}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |
"{2E7507F9-9282-4DCC-888F-5CE64EA4467E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2EEE21AC-937A-4A4B-B82B-DFCCB4657FD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36A9EE42-26E0-4E92-BD9A-6C79FFDC0B96}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{3C21719D-CCD6-4C0F-9E43-167F5BA920C1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{5299B5F5-34F8-4547-A1B2-395D9FDF079F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53706A20-9C5A-417B-8FBB-21235ED73AB3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5C38B9FF-BC56-4079-856D-CFD1223BCB4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{6251C5D1-894E-4EC8-80F3-6EB9BD18C4FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{630C7A92-8018-4890-9C42-6C8BF098043B}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |
"{6509C86F-8611-401A-8A06-AC7202EFA9CB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{65DB8360-330A-4A89-B788-BE01A1B5F3FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B08003B-B081-423B-AC26-F55E15BF5C42}" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe |
"{71A83019-CE57-4DB4-807A-1E05C674CDFD}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |
"{7235DBEF-B1FC-4027-A632-B254FF31AD48}" = protocol=6 | dir=out | app=system |
"{725303B1-6C32-4FDA-8ED4-F4798943DF11}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{7522271D-B6C6-4A12-B99C-A9F361086390}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77D451A4-5A14-4FF1-9F68-D7110602B064}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BBD531D-A9B2-4A21-8A32-83C9A93F45A5}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |
"{816C19E7-5703-478C-8222-F3D7B62A568D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{8BF3C074-15F0-4818-BC5D-75857C04C518}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{98E0946A-0860-4679-8484-A9CDC097AACB}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |
"{98FB51D6-4117-4447-84E8-6220330B238C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{9A6D6D67-AC8C-4C6D-BF55-75023A925F50}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2108B5D-7D32-4157-8448-9B737FB2DFC3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{A2648710-754D-47CF-9270-60D86899B2A6}" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe |
"{A4BCD778-BF6E-4BF6-9928-EDCB4829DE81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B22A92CC-E34E-4EC3-B763-36C798B7E8D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{BD8DA715-F15B-4AB1-87B0-D0FC35D0E803}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{C5FD1808-9E9C-4632-9D72-3768CF45F637}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{CE2CC7FA-933E-4602-8957-62B9B837990E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{D9652749-80DE-481D-A918-4CC74EE4CD32}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{DB7FE8F6-B501-4A80-B7F1-0F67935299CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E00E5F60-C301-4019-91A4-83F05CA0889C}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{E7769166-D459-4359-BD8C-0677F1F40017}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EC2F9E0C-2399-4918-91C5-410DDA5910EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF74A67C-EEA0-49CA-AEE9-BEA4A8EB62A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{FD6EA234-FC88-4C15-9483-1F091E2F4176}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{269CAFAF-932D-4452-9DE8-FC868FD76A0E}F:\ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=f:\ftp\ws_ftp95.exe |
"TCP Query User{3F653513-39A2-4CAF-AA14-AABFA645835B}G:\poptb.exe" = protocol=6 | dir=in | app=g:\poptb.exe |
"TCP Query User{47AC9755-9EB6-4A9D-8C0C-36CD63221135}C:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{98E9121A-46C0-466E-B867-94737A560E22}C:\users\tobi\appdata\roaming\tumos\myedo.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\tumos\myedo.exe |
"TCP Query User{ACD54B24-3059-4919-9FDD-78CB0E293F92}C:\program files (x86)\bullfrog\populous\poptb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bullfrog\populous\poptb.exe |
"TCP Query User{B40B79A3-B207-4BB4-ABC4-90E7CC1065A5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{D5126845-3229-44B5-942D-BFC8B9AC89CD}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{100BE0C3-4881-4726-B43D-E7E09D354569}C:\program files (x86)\bullfrog\populous\poptb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bullfrog\populous\poptb.exe |
"UDP Query User{3E16965B-99B1-4470-AF3B-5B81C34C8E0A}F:\ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=f:\ftp\ws_ftp95.exe |
"UDP Query User{4633AE55-EC52-4AC1-9046-C2DB6B2688E2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{52517730-ECB2-49ED-BBF0-0FDF1C71E278}C:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{54E9269B-FC4E-4DCF-99A4-CF392DD76E7E}G:\poptb.exe" = protocol=17 | dir=in | app=g:\poptb.exe |
"UDP Query User{AADEC68D-1C4A-4A9E-A183-B42CABD30F08}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{B727D93F-12F8-43CB-A430-D6FC71BD2FDA}C:\users\tobi\appdata\roaming\tumos\myedo.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\tumos\myedo.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AF43C18E-693D-4126-B190-8F55E3623D5D}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{BC915A04-93BD-A74E-F90D-4BC84D88F087}" = AMD AVIVO64 Codecs
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA9C4D2-67B3-4518-EC70-865A7EFD40FD}" = AMD Drag and Drop Transcoding
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.3 Plug-in (build 2308)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FFC7D9-3D8F-D20B-502E-587CEBD8AF3A}" = HydraVision
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1FAB12-F426-432E-8579-75CAB60C69CF}" = AMD OverDrive
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = WNDA3100
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4911E92-A059-4901-8AB3-8638B6D96456}_is1" = Groovedown Version 0.84
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E41C2A-3A29-476D-9685-3F8055AF696A}" = Adobe Creative Suite 5.5 Production Premium
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 4" = Color Efex Pro 4
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"ImTOO SWF Converter 6" = ImTOO SWF Converter 6
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Populous: The Beginning" = Populous: The Beginning
"RocketDock_is1" = RocketDock 1.3.5
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.2
"WinPcapInst" = WinPcap 4.1.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.10.2012 19:38:15 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AdobeQTServer.exe, Version: 12.0.0.1,
Zeitstempel: 0x4d90cd87 Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ea5d656 Ausnahmecode: 0xc0000005 Fehleroffset: 0x5722aa99
ID
des fehlerhaften Prozesses: 0x1348 Startzeit der fehlerhaften Anwendung: 0x01cda34e99b4cdc3
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Required\AdobeQTServer.exe
Pfad
des fehlerhaften Moduls: QuickTime.qts Berichtskennung: bb88c1a3-0f45-11e2-b648-5404a610285e
Error - 05.10.2012 19:39:14 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1126,
Zeitstempel: 0x50134a19 Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1126,
Zeitstempel: 0x50134a19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001a7bd
ID
des fehlerhaften Prozesses: 0x4fc Startzeit der fehlerhaften Anwendung: 0x01cda0ed2e868057
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\atieclxx.exe Berichtskennung: deb09d66-0f45-11e2-b648-5404a610285e
Error - 06.10.2012 19:20:24 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AdobeQTServer.exe, Version: 12.0.0.1,
Zeitstempel: 0x4d90cd87 Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ea5d656 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6974aa99
ID
des fehlerhaften Prozesses: 0xfc0 Startzeit der fehlerhaften Anwendung: 0x01cda3d00862bcc3
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Required\AdobeQTServer.exe
Pfad
des fehlerhaften Moduls: QuickTime.qts Berichtskennung: 67759cae-100c-11e2-87f5-5404a610285e
Error - 06.10.2012 19:20:48 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x7cc Startzeit der fehlerhaften Anwendung: 0x01cda3cf5be772bb
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
75984043-100c-11e2-87f5-5404a610285e
Error - 07.10.2012 16:15:18 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Bridge.exe, Version: 4.1.0.54, Zeitstempel:
0x4d6f26b3 Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x4ea5d656 Ausnahmecode: 0xc0000005 Fehleroffset: 0x55edaa99 ID des fehlerhaften
Prozesses: 0x1684 Startzeit der fehlerhaften Anwendung: 0x01cda4c871c83ec1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe
Pfad
des fehlerhaften Moduls: QuickTime.qts Berichtskennung: b610d710-10bb-11e2-86d6-5404a610285e
Error - 09.10.2012 03:52:04 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Adobe QT32 Server.exe, Version: 5.5.0.0,
Zeitstempel: 0x4d8a71c2 Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ea5d656 Ausnahmecode: 0xc0000005 Fehleroffset: 0x60edaa99
ID
des fehlerhaften Prozesses: 0x1764 Startzeit der fehlerhaften Anwendung: 0x01cda57ebd679bc4
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Premiere Pro CS5.5\32\Adobe
QT32 Server.exe Pfad des fehlerhaften Moduls: QuickTime.qts Berichtskennung: 36faf398-11e6-11e2-86d6-5404a610285e
Error - 09.10.2012 03:52:08 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Adobe QT32 Server.exe, Version: 5.5.0.0,
Zeitstempel: 0x4d899f2f Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ea5d656 Ausnahmecode: 0xc0000005 Fehleroffset: 0x633aaa99
ID
des fehlerhaften Prozesses: 0x1dbc Startzeit der fehlerhaften Anwendung: 0x01cda57f04a4bc4d
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe After Effects CS5.5\Support
Files\32\Adobe QT32 Server.exe Pfad des fehlerhaften Moduls: QuickTime.qts Berichtskennung:
395a222c-11e6-11e2-86d6-5404a610285e
Error - 09.10.2012 03:52:18 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.1.0.0,
Zeitstempel: 0x4d90d339 Name des fehlerhaften Moduls: image_runtime.dll, Version:
2.0.0.1, Zeitstempel: 0x4d90ce41 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000007cc2
ID
des fehlerhaften Prozesses: 0xeb8 Startzeit der fehlerhaften Anwendung: 0x01cda4cd759c669d
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\image_runtime.dll
Berichtskennung:
3ef6ad95-11e6-11e2-86d6-5404a610285e
Error - 09.10.2012 03:52:37 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AdobeQTServer.exe, Version: 12.0.0.1,
Zeitstempel: 0x4d90cd87 Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ea5d656 Ausnahmecode: 0xc0000005 Fehleroffset: 0x54a7aa99
ID
des fehlerhaften Prozesses: 0x1468 Startzeit der fehlerhaften Anwendung: 0x01cda4cd78b9b7da
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Required\AdobeQTServer.exe
Pfad
des fehlerhaften Moduls: QuickTime.qts Berichtskennung: 4aad339c-11e6-11e2-86d6-5404a610285e
Error - 09.10.2012 03:54:03 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x6f4 Startzeit der fehlerhaften Anwendung: 0x01cda480ae00a938
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
7d7eddf6-11e6-11e2-86d6-5404a610285e
Error - 09.10.2012 21:09:45 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x7f4 Startzeit der fehlerhaften Anwendung: 0x01cda6732d8385ba
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
2d2536ae-1277-11e2-8def-5404a610285e
[ System Events ]
Error - 05.07.2012 13:20:52 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 05.07.2012 13:21:08 | Computer Name = Tobi-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 05.07.2012 21:06:49 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 06.07.2012 12:21:34 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 06.07.2012 12:24:35 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 06.07.2012 12:24:49 | Computer Name = Tobi-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 07.07.2012 06:08:05 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 07.07.2012 06:08:05 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 07.07.2012 06:08:05 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1069
Error - 07.07.2012 19:49:14 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
"Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk2\DR2 ein." Durch drücken des "Weiter-Buttons" konnte ich den Scan aber beenden. Ich hoffe ihr könnt mir helfen. Beste Grüße und schonmal ein Lob und Danke an das gesamte Board. Tobias |
|
11.10.2012, 07:16
| #2 |
| /// Malwareteam    | Desktopsymbole lassen sich nicht mehr anordnen Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
11.10.2012, 09:25
| #3 |
| | Desktopsymbole lassen sich nicht mehr anordnen Hallo Marius,
__________________vielen Dank für deine Hilfe. Ich habe deine Anleitung befolgt, anbei die Logs: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-11 09:21:04
-----------------------------
09:21:04.954 OS Version: Windows x64 6.1.7601 Service Pack 1
09:21:04.954 Number of processors: 4 586 0x403
09:21:04.954 ComputerName: TOBI-PC UserName: Tobi
09:21:05.593 Initialize success
09:23:46.149 AVAST engine defs: 12101001
09:24:22.216 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-7
09:24:22.216 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABEA Size: 152627MB BusType: 3
09:24:22.231 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-6
09:24:22.231 Disk 1 Vendor: ExcelStor_Technology_J8160 P22OA85A Size: 157066MB BusType: 3
09:24:22.263 Disk 0 MBR read successfully
09:24:22.263 Disk 0 MBR scan
09:24:22.278 Disk 0 Windows 7 default MBR code
09:24:22.294 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:24:22.325 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
09:24:22.356 Disk 0 scanning C:\Windows\system32\drivers
09:24:36.396 Service scanning
09:25:11.106 Modules scanning
09:25:11.122 Disk 0 trace - called modules:
09:25:11.138 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
09:25:11.153 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800aa1b060]
09:25:11.153 3 CLASSPNP.SYS[fffff880018ab43f] -> nt!IofCallDriver -> [0xfffffa800a9569b0]
09:25:11.153 5 ACPI.sys[fffff88000ed57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-7[0xfffffa800aa2c060]
09:25:11.949 AVAST engine scan C:\Windows
09:25:14.538 AVAST engine scan C:\Windows\system32
09:29:36.026 AVAST engine scan C:\Windows\system32\drivers
09:29:51.938 AVAST engine scan C:\Users\Tobi
10:03:07.261 AVAST engine scan C:\ProgramData
10:05:06.883 Scan finished successfully
10:09:47.714 Disk 0 MBR has been saved successfully to "C:\Users\Tobi\Desktop\MBR.dat"
10:09:47.714 The log file has been saved successfully to "C:\Users\Tobi\Desktop\aswMBR.txt"
Code:
ATTFilter 10:10:52.0362 1504 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:10:52.0409 1504 ============================================================
10:10:52.0409 1504 Current date / time: 2012/10/11 10:10:52.0409
10:10:52.0409 1504 SystemInfo:
10:10:52.0409 1504
10:10:52.0409 1504 OS Version: 6.1.7601 ServicePack: 1.0
10:10:52.0409 1504 Product type: Workstation
10:10:52.0409 1504 ComputerName: TOBI-PC
10:10:52.0409 1504 UserName: Tobi
10:10:52.0409 1504 Windows directory: C:\Windows
10:10:52.0409 1504 System windows directory: C:\Windows
10:10:52.0409 1504 Running under WOW64
10:10:52.0409 1504 Processor architecture: Intel x64
10:10:52.0409 1504 Number of processors: 4
10:10:52.0409 1504 Page size: 0x1000
10:10:52.0409 1504 Boot type: Normal boot
10:10:52.0409 1504 ============================================================
10:10:53.0844 1504 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:10:57.0448 1504 Drive \Device\Harddisk1\DR1 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:10:57.0463 1504 Drive \Device\Harddisk4\DR4 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:10:57.0463 1504 Drive \Device\Harddisk6\DR6 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:11:02.0830 1504 ============================================================
10:11:02.0830 1504 \Device\Harddisk0\DR0:
10:11:02.0830 1504 MBR partitions:
10:11:02.0830 1504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:11:02.0830 1504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
10:11:02.0830 1504 \Device\Harddisk1\DR1:
10:11:02.0830 1504 MBR partitions:
10:11:02.0830 1504 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C0A77
10:11:02.0830 1504 \Device\Harddisk4\DR4:
10:11:02.0830 1504 MBR partitions:
10:11:02.0830 1504 \Device\Harddisk4\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
10:11:02.0830 1504 \Device\Harddisk6\DR6:
10:11:02.0830 1504 MBR partitions:
10:11:02.0830 1504 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
10:11:02.0830 1504 ============================================================
10:11:02.0861 1504 C: <-> \Device\Harddisk0\DR0\Partition2
10:11:02.0892 1504 E: <-> \Device\Harddisk1\DR1\Partition1
10:11:02.0892 1504 F: <-> \Device\Harddisk6\DR6\Partition1
10:11:02.0892 1504 ============================================================
10:11:02.0892 1504 Initialize success
10:11:02.0892 1504 ============================================================
10:11:32.0563 4056 ============================================================
10:11:32.0563 4056 Scan started
10:11:32.0563 4056 Mode: Manual;
10:11:32.0563 4056 ============================================================
10:11:33.0811 4056 ================ Scan system memory ========================
10:11:33.0811 4056 System memory - ok
10:11:33.0811 4056 ================ Scan services =============================
10:11:33.0967 4056 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:11:33.0967 4056 1394ohci - ok
10:11:34.0030 4056 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:11:34.0030 4056 ACPI - ok
10:11:34.0076 4056 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:11:34.0076 4056 AcpiPmi - ok
10:11:34.0201 4056 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:11:34.0201 4056 AdobeARMservice - ok
10:11:34.0342 4056 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:11:34.0342 4056 AdobeFlashPlayerUpdateSvc - ok
10:11:34.0388 4056 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:11:34.0388 4056 adp94xx - ok
10:11:34.0420 4056 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:11:34.0420 4056 adpahci - ok
10:11:34.0435 4056 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:11:34.0435 4056 adpu320 - ok
10:11:34.0451 4056 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:11:34.0451 4056 AeLookupSvc - ok
10:11:34.0513 4056 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:11:34.0513 4056 AFD - ok
10:11:34.0560 4056 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:11:34.0560 4056 agp440 - ok
10:11:34.0591 4056 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:11:34.0591 4056 ALG - ok
10:11:34.0638 4056 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:11:34.0638 4056 aliide - ok
10:11:34.0794 4056 ALSysIO - ok
10:11:34.0856 4056 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:11:34.0856 4056 AMD External Events Utility - ok
10:11:34.0888 4056 AMD FUEL Service - ok
10:11:34.0919 4056 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:11:34.0919 4056 amdide - ok
10:11:34.0950 4056 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
10:11:34.0950 4056 amdiox64 - ok
10:11:34.0997 4056 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:11:34.0997 4056 AmdK8 - ok
10:11:35.0278 4056 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:11:35.0480 4056 amdkmdag - ok
10:11:35.0527 4056 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:11:35.0527 4056 amdkmdap - ok
10:11:35.0558 4056 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:11:35.0558 4056 AmdPPM - ok
10:11:35.0605 4056 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:11:35.0605 4056 amdsata - ok
10:11:35.0636 4056 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:11:35.0636 4056 amdsbs - ok
10:11:35.0652 4056 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:11:35.0652 4056 amdxata - ok
10:11:35.0746 4056 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:11:35.0746 4056 AntiVirSchedulerService - ok
10:11:35.0792 4056 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:11:35.0792 4056 AntiVirService - ok
10:11:35.0839 4056 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:11:35.0839 4056 AODDriver4.01 - ok
10:11:35.0870 4056 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:11:35.0870 4056 AODDriver4.1 - ok
10:11:35.0980 4056 [ CCA0610205BFE4EA3A7B7319AE7EF2A2 ] AODDriver4.2.0 C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
10:11:35.0980 4056 AODDriver4.2.0 - ok
10:11:36.0011 4056 [ 01CB9EE6ADAED004E86F9870A14F86EB ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
10:11:36.0011 4056 AODService - ok
10:11:36.0073 4056 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:11:36.0073 4056 AppID - ok
10:11:36.0104 4056 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:11:36.0104 4056 AppIDSvc - ok
10:11:36.0151 4056 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:11:36.0151 4056 Appinfo - ok
10:11:36.0182 4056 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:11:36.0182 4056 arc - ok
10:11:36.0214 4056 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:11:36.0214 4056 arcsas - ok
10:11:36.0276 4056 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
10:11:36.0276 4056 AsIO - ok
10:11:36.0292 4056 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
10:11:36.0292 4056 asmthub3 - ok
10:11:36.0338 4056 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
10:11:36.0338 4056 asmtxhci - ok
10:11:36.0354 4056 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:11:36.0354 4056 AsyncMac - ok
10:11:36.0385 4056 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:11:36.0385 4056 atapi - ok
10:11:36.0463 4056 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:11:36.0463 4056 AtiHDAudioService - ok
10:11:36.0494 4056 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
10:11:36.0494 4056 AtiPcie - ok
10:11:36.0572 4056 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:11:36.0588 4056 AudioEndpointBuilder - ok
10:11:36.0619 4056 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:11:36.0619 4056 AudioSrv - ok
10:11:36.0650 4056 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:11:36.0650 4056 avgntflt - ok
10:11:36.0682 4056 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:11:36.0682 4056 avipbb - ok
10:11:36.0682 4056 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:11:36.0682 4056 avkmgr - ok
10:11:36.0744 4056 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:11:36.0744 4056 AxInstSV - ok
10:11:36.0775 4056 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:11:36.0791 4056 b06bdrv - ok
10:11:36.0822 4056 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:11:36.0822 4056 b57nd60a - ok
10:11:36.0869 4056 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:11:36.0869 4056 BDESVC - ok
10:11:36.0884 4056 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:11:36.0884 4056 Beep - ok
10:11:36.0962 4056 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:11:36.0978 4056 BFE - ok
10:11:37.0040 4056 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:11:37.0056 4056 BITS - ok
10:11:37.0072 4056 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:11:37.0072 4056 blbdrive - ok
10:11:37.0118 4056 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:11:37.0118 4056 bowser - ok
10:11:37.0150 4056 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:11:37.0150 4056 BrFiltLo - ok
10:11:37.0165 4056 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:11:37.0165 4056 BrFiltUp - ok
10:11:37.0196 4056 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:11:37.0196 4056 Browser - ok
10:11:37.0228 4056 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:11:37.0228 4056 Brserid - ok
10:11:37.0259 4056 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:11:37.0259 4056 BrSerWdm - ok
10:11:37.0274 4056 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:11:37.0274 4056 BrUsbMdm - ok
10:11:37.0274 4056 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:11:37.0274 4056 BrUsbSer - ok
10:11:37.0306 4056 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:11:37.0306 4056 BTHMODEM - ok
10:11:37.0352 4056 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:11:37.0352 4056 bthserv - ok
10:11:37.0384 4056 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:11:37.0384 4056 cdfs - ok
10:11:37.0446 4056 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:11:37.0446 4056 cdrom - ok
10:11:37.0493 4056 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:11:37.0493 4056 CertPropSvc - ok
10:11:37.0524 4056 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:11:37.0524 4056 circlass - ok
10:11:37.0571 4056 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:11:37.0571 4056 CLFS - ok
10:11:37.0649 4056 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:11:37.0664 4056 clr_optimization_v2.0.50727_32 - ok
10:11:37.0711 4056 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:11:37.0727 4056 clr_optimization_v2.0.50727_64 - ok
10:11:37.0805 4056 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:11:37.0805 4056 clr_optimization_v4.0.30319_32 - ok
10:11:37.0836 4056 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:11:37.0836 4056 clr_optimization_v4.0.30319_64 - ok
10:11:37.0867 4056 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:11:37.0883 4056 CmBatt - ok
10:11:37.0914 4056 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:11:37.0914 4056 cmdide - ok
10:11:37.0961 4056 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:11:37.0961 4056 CNG - ok
10:11:37.0961 4056 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:11:37.0976 4056 Compbatt - ok
10:11:38.0008 4056 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:11:38.0008 4056 CompositeBus - ok
10:11:38.0023 4056 COMSysApp - ok
10:11:38.0054 4056 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:11:38.0054 4056 crcdisk - ok
10:11:38.0101 4056 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:11:38.0117 4056 CryptSvc - ok
10:11:38.0179 4056 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:11:38.0195 4056 DcomLaunch - ok
10:11:38.0226 4056 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:11:38.0226 4056 defragsvc - ok
10:11:38.0273 4056 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:11:38.0273 4056 DfsC - ok
10:11:38.0304 4056 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:11:38.0304 4056 Dhcp - ok
10:11:38.0335 4056 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:11:38.0335 4056 discache - ok
10:11:38.0382 4056 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:11:38.0382 4056 Disk - ok
10:11:38.0398 4056 DNIMp50a64 - ok
10:11:38.0413 4056 DNISp50a64 - ok
10:11:38.0460 4056 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:11:38.0460 4056 Dnscache - ok
10:11:38.0507 4056 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:11:38.0507 4056 dot3svc - ok
10:11:38.0554 4056 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:11:38.0569 4056 DPS - ok
10:11:38.0585 4056 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:11:38.0585 4056 drmkaud - ok
10:11:38.0632 4056 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:11:38.0647 4056 dtsoftbus01 - ok
10:11:38.0694 4056 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:11:38.0694 4056 DXGKrnl - ok
10:11:38.0725 4056 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:11:38.0725 4056 EapHost - ok
10:11:38.0834 4056 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:11:38.0866 4056 ebdrv - ok
10:11:38.0897 4056 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:11:38.0897 4056 EFS - ok
10:11:38.0975 4056 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:11:39.0006 4056 ehRecvr - ok
10:11:39.0022 4056 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:11:39.0037 4056 ehSched - ok
10:11:39.0084 4056 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:11:39.0084 4056 elxstor - ok
10:11:39.0100 4056 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:11:39.0100 4056 ErrDev - ok
10:11:39.0131 4056 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:11:39.0131 4056 EventSystem - ok
10:11:39.0178 4056 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:11:39.0178 4056 exfat - ok
10:11:39.0193 4056 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:11:39.0193 4056 fastfat - ok
10:11:39.0271 4056 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:11:39.0271 4056 Fax - ok
10:11:39.0287 4056 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:11:39.0287 4056 fdc - ok
10:11:39.0302 4056 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:11:39.0318 4056 fdPHost - ok
10:11:39.0334 4056 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:11:39.0334 4056 FDResPub - ok
10:11:39.0349 4056 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:11:39.0349 4056 FileInfo - ok
10:11:39.0365 4056 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:11:39.0365 4056 Filetrace - ok
10:11:39.0380 4056 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:11:39.0380 4056 flpydisk - ok
10:11:39.0443 4056 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:11:39.0458 4056 FltMgr - ok
10:11:39.0521 4056 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:11:39.0552 4056 FontCache - ok
10:11:39.0599 4056 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:11:39.0614 4056 FontCache3.0.0.0 - ok
10:11:39.0646 4056 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:11:39.0646 4056 FsDepends - ok
10:11:39.0677 4056 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:11:39.0677 4056 Fs_Rec - ok
10:11:39.0739 4056 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:11:39.0739 4056 fvevol - ok
10:11:39.0770 4056 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:11:39.0770 4056 gagp30kx - ok
10:11:39.0833 4056 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:11:39.0848 4056 gpsvc - ok
10:11:39.0864 4056 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:11:39.0864 4056 hcw85cir - ok
10:11:39.0911 4056 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:11:39.0926 4056 HdAudAddService - ok
10:11:39.0958 4056 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:11:39.0958 4056 HDAudBus - ok
10:11:39.0973 4056 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:11:39.0973 4056 HidBatt - ok
10:11:39.0989 4056 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:11:39.0989 4056 HidBth - ok
10:11:40.0004 4056 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:11:40.0004 4056 HidIr - ok
10:11:40.0020 4056 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:11:40.0020 4056 hidserv - ok
10:11:40.0067 4056 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:11:40.0067 4056 HidUsb - ok
10:11:40.0098 4056 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:11:40.0114 4056 hkmsvc - ok
10:11:40.0145 4056 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:11:40.0160 4056 HomeGroupListener - ok
10:11:40.0207 4056 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:11:40.0207 4056 HomeGroupProvider - ok
10:11:40.0270 4056 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:11:40.0270 4056 HpSAMD - ok
10:11:40.0332 4056 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:11:40.0348 4056 HTTP - ok
10:11:40.0348 4056 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:11:40.0348 4056 hwpolicy - ok
10:11:40.0394 4056 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:11:40.0394 4056 i8042prt - ok
10:11:40.0426 4056 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:11:40.0441 4056 iaStorV - ok
10:11:40.0504 4056 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:11:40.0535 4056 idsvc - ok
10:11:40.0566 4056 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:11:40.0566 4056 iirsp - ok
10:11:40.0613 4056 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:11:40.0628 4056 IKEEXT - ok
10:11:40.0738 4056 [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:11:40.0769 4056 IntcAzAudAddService - ok
10:11:40.0800 4056 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:11:40.0800 4056 intelide - ok
10:11:40.0831 4056 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:11:40.0831 4056 intelppm - ok
10:11:40.0847 4056 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:11:40.0847 4056 IPBusEnum - ok
10:11:40.0894 4056 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:11:40.0894 4056 IpFilterDriver - ok
10:11:40.0956 4056 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:11:40.0972 4056 iphlpsvc - ok
10:11:41.0018 4056 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:11:41.0018 4056 IPMIDRV - ok
10:11:41.0050 4056 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:11:41.0050 4056 IPNAT - ok
10:11:41.0081 4056 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:11:41.0081 4056 IRENUM - ok
10:11:41.0112 4056 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:11:41.0112 4056 isapnp - ok
10:11:41.0143 4056 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:11:41.0143 4056 iScsiPrt - ok
10:11:41.0284 4056 [ 78D233D835A8876035AC559AFE02B940 ] jswpsapi C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe
10:11:41.0284 4056 jswpsapi - ok
10:11:41.0330 4056 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys
10:11:41.0330 4056 JSWPSLWF - ok
10:11:41.0377 4056 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:11:41.0377 4056 kbdclass - ok
10:11:41.0408 4056 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:11:41.0408 4056 kbdhid - ok
10:11:41.0440 4056 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:11:41.0440 4056 KeyIso - ok
10:11:41.0486 4056 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:11:41.0486 4056 KSecDD - ok
10:11:41.0549 4056 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:11:41.0549 4056 KSecPkg - ok
10:11:41.0580 4056 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:11:41.0580 4056 ksthunk - ok
10:11:41.0627 4056 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:11:41.0627 4056 KtmRm - ok
10:11:41.0689 4056 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:11:41.0705 4056 LanmanServer - ok
10:11:41.0752 4056 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:11:41.0752 4056 LanmanWorkstation - ok
10:11:41.0783 4056 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:11:41.0783 4056 lltdio - ok
10:11:41.0814 4056 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:11:41.0814 4056 lltdsvc - ok
10:11:41.0830 4056 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:11:41.0830 4056 lmhosts - ok
10:11:41.0845 4056 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:11:41.0845 4056 LSI_FC - ok
10:11:41.0876 4056 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:11:41.0876 4056 LSI_SAS - ok
10:11:41.0876 4056 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:11:41.0876 4056 LSI_SAS2 - ok
10:11:41.0908 4056 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:11:41.0908 4056 LSI_SCSI - ok
10:11:41.0923 4056 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:11:41.0923 4056 luafv - ok
10:11:41.0986 4056 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
10:11:41.0986 4056 MarvinBus - ok
10:11:42.0032 4056 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:11:42.0048 4056 Mcx2Svc - ok
10:11:42.0064 4056 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:11:42.0064 4056 megasas - ok
10:11:42.0095 4056 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:11:42.0095 4056 MegaSR - ok
10:11:42.0110 4056 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:11:42.0126 4056 MMCSS - ok
10:11:42.0157 4056 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:11:42.0157 4056 Modem - ok
10:11:42.0173 4056 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:11:42.0173 4056 monitor - ok
10:11:42.0220 4056 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:11:42.0220 4056 mouclass - ok
10:11:42.0266 4056 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:11:42.0266 4056 mouhid - ok
10:11:42.0313 4056 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:11:42.0313 4056 mountmgr - ok
10:11:42.0376 4056 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:11:42.0376 4056 MozillaMaintenance - ok
10:11:42.0422 4056 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:11:42.0422 4056 mpio - ok
10:11:42.0438 4056 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:11:42.0438 4056 mpsdrv - ok
10:11:42.0516 4056 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:11:42.0532 4056 MpsSvc - ok
10:11:42.0563 4056 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:11:42.0563 4056 MRxDAV - ok
10:11:42.0594 4056 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:11:42.0594 4056 mrxsmb - ok
10:11:42.0610 4056 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:11:42.0610 4056 mrxsmb10 - ok
10:11:42.0625 4056 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:11:42.0625 4056 mrxsmb20 - ok
10:11:42.0656 4056 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:11:42.0656 4056 msahci - ok
10:11:42.0734 4056 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
10:11:42.0734 4056 MSCamSvc - ok
10:11:42.0766 4056 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:11:42.0781 4056 msdsm - ok
10:11:42.0812 4056 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:11:42.0812 4056 MSDTC - ok
10:11:42.0828 4056 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:11:42.0828 4056 Msfs - ok
10:11:42.0844 4056 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:11:42.0844 4056 mshidkmdf - ok
10:11:42.0875 4056 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:11:42.0875 4056 msisadrv - ok
10:11:42.0906 4056 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:11:42.0906 4056 MSiSCSI - ok
10:11:42.0922 4056 msiserver - ok
10:11:42.0953 4056 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:11:42.0953 4056 MSKSSRV - ok
10:11:42.0953 4056 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:11:42.0953 4056 MSPCLOCK - ok
10:11:42.0968 4056 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:11:42.0968 4056 MSPQM - ok
10:11:43.0015 4056 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:11:43.0015 4056 MsRPC - ok
10:11:43.0062 4056 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:11:43.0062 4056 mssmbios - ok
10:11:43.0078 4056 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:11:43.0078 4056 MSTEE - ok
10:11:43.0093 4056 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:11:43.0093 4056 MTConfig - ok
10:11:43.0140 4056 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
10:11:43.0140 4056 MTsensor - ok
10:11:43.0156 4056 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:11:43.0156 4056 Mup - ok
10:11:43.0202 4056 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:11:43.0202 4056 napagent - ok
10:11:43.0234 4056 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:11:43.0249 4056 NativeWifiP - ok
10:11:43.0312 4056 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:11:43.0312 4056 NDIS - ok
10:11:43.0343 4056 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:11:43.0343 4056 NdisCap - ok
10:11:43.0374 4056 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:11:43.0374 4056 NdisTapi - ok
10:11:43.0421 4056 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:11:43.0421 4056 Ndisuio - ok
10:11:43.0468 4056 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:43.0483 4056 NdisWan - ok
10:11:43.0514 4056 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:11:43.0514 4056 NDProxy - ok
10:11:43.0546 4056 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:11:43.0546 4056 NetBIOS - ok
10:11:43.0592 4056 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:11:43.0592 4056 NetBT - ok
10:11:43.0608 4056 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:11:43.0608 4056 Netlogon - ok
10:11:43.0655 4056 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:11:43.0670 4056 Netman - ok
10:11:43.0702 4056 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:11:43.0702 4056 netprofm - ok
10:11:43.0733 4056 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:11:43.0733 4056 NetTcpPortSharing - ok
10:11:43.0780 4056 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:11:43.0780 4056 nfrd960 - ok
10:11:43.0842 4056 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:11:43.0842 4056 NlaSvc - ok
10:11:43.0936 4056 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe
10:11:43.0951 4056 nlsX86cc - ok
10:11:44.0014 4056 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
10:11:44.0029 4056 NPF - ok
10:11:44.0029 4056 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:11:44.0045 4056 Npfs - ok
10:11:44.0076 4056 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:11:44.0076 4056 nsi - ok
10:11:44.0092 4056 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:11:44.0092 4056 nsiproxy - ok
10:11:44.0170 4056 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:11:44.0201 4056 Ntfs - ok
10:11:44.0216 4056 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:11:44.0216 4056 Null - ok
10:11:44.0248 4056 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:11:44.0248 4056 nvraid - ok
10:11:44.0294 4056 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:11:44.0294 4056 nvstor - ok
10:11:44.0357 4056 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:11:44.0357 4056 nv_agp - ok
10:11:44.0372 4056 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:11:44.0372 4056 ohci1394 - ok
10:11:44.0419 4056 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:11:44.0435 4056 p2pimsvc - ok
10:11:44.0466 4056 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:11:44.0466 4056 p2psvc - ok
10:11:44.0497 4056 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:11:44.0497 4056 Parport - ok
10:11:44.0544 4056 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:11:44.0544 4056 partmgr - ok
10:11:44.0575 4056 [ 304E6AC43613A9C43896C4300009442B ] PCAMp50a64 C:\Windows\system32\Drivers\PCAMp50a64.sys
10:11:44.0575 4056 PCAMp50a64 - ok
10:11:44.0606 4056 [ 18B6869E23937175144E6F1D3CB85FC2 ] PCASp50a64 C:\Windows\system32\Drivers\PCASp50a64.sys
10:11:44.0606 4056 PCASp50a64 - ok
10:11:44.0653 4056 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:11:44.0669 4056 PcaSvc - ok
10:11:44.0716 4056 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:11:44.0716 4056 pci - ok
10:11:44.0731 4056 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:11:44.0731 4056 pciide - ok
10:11:44.0762 4056 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:11:44.0762 4056 pcmcia - ok
10:11:44.0778 4056 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:11:44.0778 4056 pcw - ok
10:11:44.0794 4056 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:11:44.0794 4056 PEAUTH - ok
10:11:44.0825 4056 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:11:44.0840 4056 PerfHost - ok
10:11:44.0903 4056 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:11:44.0918 4056 pla - ok
10:11:44.0981 4056 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:11:44.0996 4056 PlugPlay - ok
10:11:45.0028 4056 PnkBstrA - ok
10:11:45.0043 4056 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:11:45.0043 4056 PNRPAutoReg - ok
10:11:45.0059 4056 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:11:45.0059 4056 PNRPsvc - ok
10:11:45.0090 4056 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:11:45.0106 4056 PolicyAgent - ok
10:11:45.0121 4056 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:11:45.0137 4056 Power - ok
10:11:45.0168 4056 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:11:45.0168 4056 PptpMiniport - ok
10:11:45.0199 4056 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:11:45.0199 4056 Processor - ok
10:11:45.0246 4056 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:11:45.0246 4056 ProfSvc - ok
10:11:45.0262 4056 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:11:45.0262 4056 ProtectedStorage - ok
10:11:45.0308 4056 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:11:45.0308 4056 Psched - ok
10:11:45.0355 4056 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:11:45.0355 4056 PxHlpa64 - ok
10:11:45.0402 4056 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:11:45.0418 4056 ql2300 - ok
10:11:45.0433 4056 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:11:45.0433 4056 ql40xx - ok
10:11:45.0464 4056 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:11:45.0480 4056 QWAVE - ok
10:11:45.0496 4056 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:11:45.0496 4056 QWAVEdrv - ok
10:11:45.0511 4056 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:11:45.0511 4056 RasAcd - ok
10:11:45.0527 4056 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:11:45.0527 4056 RasAgileVpn - ok
10:11:45.0542 4056 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:11:45.0542 4056 RasAuto - ok
10:11:45.0589 4056 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:11:45.0589 4056 Rasl2tp - ok
10:11:45.0636 4056 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:11:45.0636 4056 RasMan - ok
10:11:45.0667 4056 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:11:45.0667 4056 RasPppoe - ok
10:11:45.0683 4056 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:11:45.0683 4056 RasSstp - ok
10:11:45.0698 4056 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:11:45.0698 4056 rdbss - ok
10:11:45.0714 4056 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:11:45.0714 4056 rdpbus - ok
10:11:45.0730 4056 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:11:45.0730 4056 RDPCDD - ok
10:11:45.0745 4056 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:11:45.0745 4056 RDPENCDD - ok
10:11:45.0761 4056 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:11:45.0761 4056 RDPREFMP - ok
10:11:45.0808 4056 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:11:45.0808 4056 RDPWD - ok
10:11:45.0870 4056 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:11:45.0870 4056 rdyboost - ok
10:11:45.0886 4056 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:11:45.0886 4056 RemoteAccess - ok
10:11:45.0917 4056 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:11:45.0932 4056 RemoteRegistry - ok
10:11:45.0995 4056 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
10:11:45.0995 4056 rpcapd - ok
10:11:46.0010 4056 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:11:46.0010 4056 RpcEptMapper - ok
10:11:46.0042 4056 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:11:46.0042 4056 RpcLocator - ok
10:11:46.0104 4056 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:11:46.0120 4056 RpcSs - ok
10:11:46.0135 4056 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:11:46.0151 4056 rspndr - ok
10:11:46.0182 4056 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:11:46.0182 4056 RTL8167 - ok
10:11:46.0229 4056 [ 476BAA3EEBE9DB94BF6BDFAF46747E5D ] SaiK0728 C:\Windows\system32\DRIVERS\SaiK0728.sys
10:11:46.0229 4056 SaiK0728 - ok
10:11:46.0244 4056 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:11:46.0244 4056 SamSs - ok
10:11:46.0291 4056 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:11:46.0291 4056 sbp2port - ok
10:11:46.0322 4056 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:11:46.0338 4056 SCardSvr - ok
10:11:46.0369 4056 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:11:46.0369 4056 scfilter - ok
10:11:46.0447 4056 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:11:46.0463 4056 Schedule - ok
10:11:46.0494 4056 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:11:46.0494 4056 SCPolicySvc - ok
10:11:46.0541 4056 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:11:46.0541 4056 SDRSVC - ok
10:11:46.0572 4056 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:11:46.0572 4056 secdrv - ok
10:11:46.0572 4056 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:11:46.0572 4056 seclogon - ok
10:11:46.0619 4056 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:11:46.0619 4056 SENS - ok
10:11:46.0634 4056 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:11:46.0634 4056 SensrSvc - ok
10:11:46.0666 4056 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:11:46.0666 4056 Serenum - ok
10:11:46.0697 4056 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:11:46.0697 4056 Serial - ok
10:11:46.0744 4056 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:11:46.0744 4056 sermouse - ok
10:11:46.0806 4056 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:11:46.0806 4056 SessionEnv - ok
10:11:46.0837 4056 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:11:46.0837 4056 sffdisk - ok
10:11:46.0837 4056 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:11:46.0837 4056 sffp_mmc - ok
10:11:46.0853 4056 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:11:46.0853 4056 sffp_sd - ok
10:11:46.0884 4056 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:11:46.0884 4056 sfloppy - ok
10:11:46.0915 4056 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:11:46.0915 4056 SharedAccess - ok
10:11:46.0931 4056 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:11:46.0946 4056 ShellHWDetection - ok
10:11:46.0946 4056 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:11:46.0946 4056 SiSRaid2 - ok
10:11:46.0962 4056 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:11:46.0962 4056 SiSRaid4 - ok
10:11:47.0149 4056 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:11:47.0180 4056 Skype C2C Service - ok
10:11:47.0227 4056 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:11:47.0227 4056 SkypeUpdate - ok
10:11:47.0258 4056 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:11:47.0274 4056 Smb - ok
10:11:47.0321 4056 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:11:47.0321 4056 SNMPTRAP - ok
10:11:47.0352 4056 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:11:47.0352 4056 spldr - ok
10:11:47.0414 4056 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:11:47.0414 4056 Spooler - ok
10:11:47.0524 4056 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:11:47.0555 4056 sppsvc - ok
10:11:47.0570 4056 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:11:47.0570 4056 sppuinotify - ok
10:11:47.0617 4056 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:11:47.0633 4056 srv - ok
10:11:47.0664 4056 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:11:47.0664 4056 srv2 - ok
10:11:47.0680 4056 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:11:47.0680 4056 srvnet - ok
10:11:47.0711 4056 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:11:47.0726 4056 SSDPSRV - ok
10:11:47.0726 4056 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:11:47.0742 4056 SstpSvc - ok
10:11:47.0758 4056 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:11:47.0758 4056 stexstor - ok
10:11:47.0804 4056 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
10:11:47.0804 4056 StillCam - ok
10:11:47.0867 4056 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:11:47.0867 4056 stisvc - ok
10:11:47.0914 4056 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:11:47.0914 4056 swenum - ok
10:11:48.0007 4056 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:11:48.0007 4056 SwitchBoard - ok
10:11:48.0054 4056 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:11:48.0070 4056 swprv - ok
10:11:48.0148 4056 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:11:48.0179 4056 SysMain - ok
10:11:48.0210 4056 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:11:48.0210 4056 TabletInputService - ok
10:11:48.0241 4056 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:11:48.0257 4056 TapiSrv - ok
10:11:48.0272 4056 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:11:48.0272 4056 TBS - ok
10:11:48.0350 4056 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:11:48.0382 4056 Tcpip - ok
10:11:48.0397 4056 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:11:48.0413 4056 TCPIP6 - ok
10:11:48.0444 4056 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:11:48.0444 4056 tcpipreg - ok
10:11:48.0491 4056 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:11:48.0491 4056 TDPIPE - ok
10:11:48.0522 4056 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:11:48.0522 4056 TDTCP - ok
10:11:48.0553 4056 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:11:48.0553 4056 tdx - ok
10:11:48.0709 4056 [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
10:11:48.0740 4056 TeamViewer7 - ok
10:11:48.0756 4056 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:11:48.0756 4056 TermDD - ok
10:11:48.0803 4056 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:11:48.0818 4056 TermService - ok
10:11:48.0850 4056 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:11:48.0850 4056 Themes - ok
10:11:48.0881 4056 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:11:48.0881 4056 THREADORDER - ok
10:11:48.0896 4056 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:11:48.0896 4056 TrkWks - ok
10:11:48.0959 4056 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:11:48.0959 4056 TrustedInstaller - ok
10:11:49.0006 4056 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:11:49.0006 4056 tssecsrv - ok
10:11:49.0037 4056 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:11:49.0037 4056 TsUsbFlt - ok
10:11:49.0084 4056 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:11:49.0084 4056 tunnel - ok
10:11:49.0115 4056 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:11:49.0115 4056 uagp35 - ok
10:11:49.0177 4056 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:11:49.0177 4056 udfs - ok
10:11:49.0208 4056 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:11:49.0208 4056 UI0Detect - ok
10:11:49.0224 4056 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:11:49.0224 4056 uliagpkx - ok
10:11:49.0255 4056 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:11:49.0271 4056 umbus - ok
10:11:49.0286 4056 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:11:49.0286 4056 UmPass - ok
10:11:49.0333 4056 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:11:49.0349 4056 upnphost - ok
10:11:49.0380 4056 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:11:49.0380 4056 usbaudio - ok
10:11:49.0411 4056 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:11:49.0411 4056 usbccgp - ok
10:11:49.0427 4056 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:11:49.0427 4056 usbcir - ok
10:11:49.0458 4056 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:11:49.0458 4056 usbehci - ok
10:11:49.0489 4056 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:11:49.0505 4056 usbhub - ok
10:11:49.0520 4056 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:11:49.0520 4056 usbohci - ok
10:11:49.0536 4056 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:11:49.0536 4056 usbprint - ok
10:11:49.0583 4056 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:11:49.0583 4056 USBSTOR - ok
10:11:49.0598 4056 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:11:49.0598 4056 usbuhci - ok
10:11:49.0630 4056 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:11:49.0630 4056 UxSms - ok
10:11:49.0645 4056 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:11:49.0645 4056 VaultSvc - ok
10:11:49.0692 4056 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:11:49.0692 4056 vdrvroot - ok
10:11:49.0723 4056 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:11:49.0739 4056 vds - ok
10:11:49.0754 4056 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:11:49.0754 4056 vga - ok
10:11:49.0770 4056 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:11:49.0770 4056 VgaSave - ok
10:11:49.0801 4056 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:11:49.0817 4056 vhdmp - ok
10:11:49.0848 4056 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:11:49.0848 4056 viaide - ok
10:11:49.0879 4056 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:11:49.0879 4056 volmgr - ok
10:11:49.0926 4056 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:11:49.0926 4056 volmgrx - ok
10:11:49.0942 4056 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:11:49.0942 4056 volsnap - ok
10:11:49.0973 4056 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:11:49.0973 4056 vsmraid - ok
10:11:50.0082 4056 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:11:50.0098 4056 VSS - ok
10:11:50.0113 4056 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:11:50.0113 4056 vwifibus - ok
10:11:50.0113 4056 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:11:50.0113 4056 vwififlt - ok
10:11:50.0191 4056 [ C366AE91D2CC2C1C25380061D235C36B ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys
10:11:50.0207 4056 VX3000 - ok
10:11:50.0222 4056 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:11:50.0238 4056 W32Time - ok
10:11:50.0269 4056 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:11:50.0269 4056 WacomPen - ok
10:11:50.0316 4056 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:11:50.0316 4056 WANARP - ok
10:11:50.0332 4056 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:11:50.0332 4056 Wanarpv6 - ok
10:11:50.0410 4056 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:11:50.0441 4056 wbengine - ok
10:11:50.0472 4056 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:11:50.0472 4056 WbioSrvc - ok
10:11:50.0503 4056 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:11:50.0519 4056 wcncsvc - ok
10:11:50.0534 4056 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:11:50.0534 4056 WcsPlugInService - ok
10:11:50.0550 4056 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:11:50.0566 4056 Wd - ok
10:11:50.0597 4056 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:11:50.0612 4056 Wdf01000 - ok
10:11:50.0628 4056 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:11:50.0644 4056 WdiServiceHost - ok
10:11:50.0644 4056 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:11:50.0644 4056 WdiSystemHost - ok
10:11:50.0675 4056 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:11:50.0690 4056 WebClient - ok
10:11:50.0722 4056 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:11:50.0722 4056 Wecsvc - ok
10:11:50.0753 4056 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:11:50.0753 4056 wercplsupport - ok
10:11:50.0768 4056 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:11:50.0768 4056 WerSvc - ok
10:11:50.0784 4056 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:11:50.0784 4056 WfpLwf - ok
10:11:50.0815 4056 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:11:50.0815 4056 WIMMount - ok
10:11:50.0831 4056 WinDefend - ok
10:11:50.0831 4056 WinHttpAutoProxySvc - ok
10:11:50.0878 4056 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:11:50.0878 4056 Winmgmt - ok
10:11:50.0940 4056 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:11:50.0956 4056 WinRM - ok
10:11:51.0002 4056 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:11:51.0002 4056 WinUsb - ok
10:11:51.0065 4056 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:11:51.0080 4056 Wlansvc - ok
10:11:51.0112 4056 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:11:51.0112 4056 WmiAcpi - ok
10:11:51.0143 4056 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:11:51.0143 4056 wmiApSrv - ok
10:11:51.0174 4056 WMPNetworkSvc - ok
10:11:51.0236 4056 [ 6BF703695177639B50BC89B83371FCE7 ] WN111v2 C:\Windows\system32\DRIVERS\WN111v2w7x.sys
10:11:51.0236 4056 WN111v2 - ok
10:11:51.0268 4056 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:11:51.0268 4056 WPCSvc - ok
10:11:51.0314 4056 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:11:51.0314 4056 WPDBusEnum - ok
10:11:51.0377 4056 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:11:51.0377 4056 ws2ifsl - ok
10:11:51.0424 4056 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:11:51.0424 4056 wscsvc - ok
10:11:51.0424 4056 WSearch - ok
10:11:51.0626 4056 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:11:51.0673 4056 wuauserv - ok
10:11:51.0720 4056 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:11:51.0720 4056 WudfPf - ok
10:11:51.0751 4056 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:11:51.0751 4056 WUDFRd - ok
10:11:51.0798 4056 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:11:51.0814 4056 wudfsvc - ok
10:11:51.0845 4056 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:11:51.0845 4056 WwanSvc - ok
10:11:51.0860 4056 ================ Scan global ===============================
10:11:51.0876 4056 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:11:51.0907 4056 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:11:51.0923 4056 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:11:51.0938 4056 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:11:51.0970 4056 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:11:51.0970 4056 [Global] - ok
10:11:51.0970 4056 ================ Scan MBR ==================================
10:11:51.0985 4056 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:11:52.0094 4056 \Device\Harddisk0\DR0 - ok
10:11:52.0110 4056 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
10:11:52.0126 4056 \Device\Harddisk1\DR1 - ok
10:11:52.0126 4056 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
10:11:52.0126 4056 \Device\Harddisk4\DR4 - ok
10:11:52.0141 4056 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR6
10:11:52.0141 4056 \Device\Harddisk6\DR6 - ok
10:11:52.0141 4056 ================ Scan VBR ==================================
10:11:52.0141 4056 [ E44DB3DA21C99F995304EB4A0EEB61DC ] \Device\Harddisk0\DR0\Partition1
10:11:52.0141 4056 \Device\Harddisk0\DR0\Partition1 - ok
10:11:52.0157 4056 [ 31B0D0989DB49F9DC11FC938C6AA15ED ] \Device\Harddisk0\DR0\Partition2
10:11:52.0157 4056 \Device\Harddisk0\DR0\Partition2 - ok
10:11:52.0157 4056 [ 86637374016811CF201A81561FA9FB12 ] \Device\Harddisk1\DR1\Partition1
10:11:52.0157 4056 \Device\Harddisk1\DR1\Partition1 - ok
10:11:52.0157 4056 [ 182FE52D51176087C1000BDFC12325C8 ] \Device\Harddisk4\DR4\Partition1
10:11:52.0157 4056 \Device\Harddisk4\DR4\Partition1 - ok
10:11:52.0157 4056 [ 81E29BE3568D461B88614988F61A91F6 ] \Device\Harddisk6\DR6\Partition1
10:11:52.0157 4056 \Device\Harddisk6\DR6\Partition1 - ok
10:11:52.0157 4056 ============================================================
10:11:52.0157 4056 Scan finished
10:11:52.0157 4056 ============================================================
10:11:52.0172 0128 Detected object count: 0
10:11:52.0172 0128 Actual detected object count: 0
10:12:14.0265 4276 Deinitialize success
Tobias |
|
11.10.2012, 09:28
| #4 | |
| /// Malwareteam | Desktopsymbole lassen sich nicht mehr anordnen Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
11.10.2012, 14:44
| #5 |
| | Desktopsymbole lassen sich nicht mehr anordnen Danke für deine schnelle Antwort! Anbei die ComboFix.txt: Code:
ATTFilter ComboFix 12-10-11.01 - Tobi 11.10.2012 10:53:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.12286.9732 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-11 bis 2012-10-11 ))))))))))))))))))))))))))))))
.
.
2012-10-11 08:58 . 2012-10-11 08:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 20:05 . 2012-08-20 15:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 19:58 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2798AC56-00DA-4F47-8AA3-A06454611F34}\mpengine.dll
2012-09-25 18:09 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-20 07:25 . 2012-09-20 07:25 -------- d-----w- c:\users\Tobi\AppData\Local\Nik Software
2012-09-20 07:25 . 2012-09-20 07:25 -------- d-----w- c:\programdata\Nik Software
2012-09-20 07:25 . 2012-09-20 07:25 -------- d-----w- c:\program files\Nik Software
2012-09-13 22:40 . 2012-09-13 22:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-13 22:39 . 2012-09-13 22:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-13 22:38 . 2012-09-13 22:37 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 22:38 . 2012-09-13 22:37 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-13 22:38 . 2012-09-13 22:37 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 22:37 . 2012-09-13 22:37 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-13 22:37 . 2012-09-13 22:37 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-13 22:37 . 2012-09-13 22:37 188904 ----a-w- c:\windows\system32\java.exe
2012-09-13 22:37 . 2012-09-13 22:37 -------- d-----w- c:\program files\Java
2012-09-11 19:38 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 19:38 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 19:38 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 19:38 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 19:38 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:38 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 19:38 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 01:01 . 2011-12-30 13:42 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-13 22:39 . 2012-08-15 21:02 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 22:39 . 2011-12-29 14:55 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-13 22:09 . 2012-04-11 09:09 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-13 22:09 . 2011-12-25 03:41 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 21:18 . 2012-07-09 16:31 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-20 17:38 . 2012-10-10 20:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2011-09-08 17:34 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2011-09-08 17:32 1100288 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2011-12-06 03:06 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2011-09-08 17:16 7052288 ----a-w- c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-09-08 16:52 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2011-12-06 02:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-18 18:15 . 2012-08-15 10:26 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
.
c:\users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-1 1748992]
NETGEAR WNDA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1736704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-05-10 136616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 DNIMp50a64;DNIMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50a64.sys [x]
R3 DNISp50a64;DNISp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50a64.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
R3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 129024]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 250568]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-19 283200]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-05-10 57472]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 ALSysIO;ALSysIO;c:\users\Tobi\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2010-04-27 783360]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 82755613
*NewlyCreated* - ALSYSIO
*NewlyCreated* - ASWMBR
*Deregistered* - 82755613
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\twpqihzq.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: network.proxy.http - 50.17.81.254
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNDA3100\jswtrayutil.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1672424288-703294569-2618543827-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0d,0c,f3,6c,29,6a,b0,fd,d8,cf,a8,82,ed,f7,46,33,1e,d2,51,29,5c,90,bb,
75,83,67,04,c1,55,e3,3d,19,66,df,62,a3,ee,f5,ca,e2,55,f4,3a,ac,6c,b7,cf,23,\
"??"=hex:8a,11,f2,63,89,99,0f,2d,03,e1,58,2e,af,13,60,78
.
[HKEY_USERS\S-1-5-21-1672424288-703294569-2618543827-1000\Software\SecuROM\License information*]
"datasecu"=hex:4e,b4,7e,ce,a5,9a,40,84,6d,4e,2b,92,1c,39,64,72,48,8c,53,7e,fb,
fa,90,f7,f2,21,72,27,e7,f1,39,7f,68,69,ee,04,92,6c,07,c6,89,23,b6,07,42,4f,\
"rkeysecu"=hex:ab,44,c7,05,e4,ae,8f,df,09,71,f6,df,a9,ef,a3,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-11 11:00:32
ComboFix-quarantined-files.txt 2012-10-11 09:00
.
Vor Suchlauf: 11 Verzeichnis(se), 21.468.246.016 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 22.793.994.240 Bytes frei
.
- - End Of File - - 6A7827FFE63F3C2F7C70B6534937ADEF
|
|
11.10.2012, 15:05
| #6 |
| /// Malwareteam | Desktopsymbole lassen sich nicht mehr anordnen Schritt 1: CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter FOLDER::
C:\Users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}
C:\Users\Tobi\AppData\Roaming\Omvoi
C:\Users\Tobi\AppData\Roaming\Osfuu
ADS::
C:\Users\Tobi\AppData\Local\Temp
REGISTRY::
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
""="%SystemRoot%\system32\shell32.dll"
"ThreadingModel"="Apartment"
CLEARJAVACACHE::
Wichtig:
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
__________________ --> Desktopsymbole lassen sich nicht mehr anordnen |
|
11.10.2012, 15:30
| #7 |
| | Desktopsymbole lassen sich nicht mehr anordnen ComboFix: Code:
ATTFilter ComboFix 12-10-11.03 - Tobi 11.10.2012 16:18:34.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.12286.10094 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Tobi\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Temp: deleted 1161 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}
c:\users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}\@
c:\users\Tobi\AppData\Roaming\Omvoi
c:\users\Tobi\AppData\Roaming\Osfuu
c:\users\Tobi\AppData\Roaming\Osfuu\resym.zik
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-11 bis 2012-10-11 ))))))))))))))))))))))))))))))
.
.
2012-10-11 14:21 . 2012-10-11 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 20:05 . 2012-08-20 15:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 19:58 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2798AC56-00DA-4F47-8AA3-A06454611F34}\mpengine.dll
2012-09-25 18:09 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-20 07:25 . 2012-09-20 07:25 -------- d-----w- c:\users\Tobi\AppData\Local\Nik Software
2012-09-20 07:25 . 2012-09-20 07:25 -------- d-----w- c:\programdata\Nik Software
2012-09-20 07:25 . 2012-09-20 07:25 -------- d-----w- c:\program files\Nik Software
2012-09-13 22:40 . 2012-09-13 22:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-13 22:39 . 2012-09-13 22:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-13 22:38 . 2012-09-13 22:37 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 22:38 . 2012-09-13 22:37 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-13 22:38 . 2012-09-13 22:37 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 22:37 . 2012-09-13 22:37 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-13 22:37 . 2012-09-13 22:37 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-13 22:37 . 2012-09-13 22:37 188904 ----a-w- c:\windows\system32\java.exe
2012-09-13 22:37 . 2012-09-13 22:37 -------- d-----w- c:\program files\Java
2012-09-11 19:38 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 19:38 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 19:38 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 19:38 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 19:38 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:38 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 19:38 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 01:01 . 2011-12-30 13:42 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-13 22:39 . 2012-08-15 21:02 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 22:39 . 2011-12-29 14:55 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-13 22:09 . 2012-04-11 09:09 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-13 22:09 . 2011-12-25 03:41 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 21:18 . 2012-07-09 16:31 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-20 17:38 . 2012-10-10 20:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2011-09-08 17:34 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2011-09-08 17:32 1100288 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2011-12-06 03:06 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2011-09-08 17:16 7052288 ----a-w- c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-09-08 16:52 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2011-12-06 02:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-18 18:15 . 2012-08-15 10:26 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
.
c:\users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-1 1748992]
NETGEAR WNDA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1736704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-05-10 136616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 DNIMp50a64;DNIMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50a64.sys [x]
R3 DNISp50a64;DNISp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50a64.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
R3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 129024]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 250568]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-19 283200]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-05-10 57472]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 ALSysIO;ALSysIO;c:\users\Tobi\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2010-04-27 783360]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 82755613
*NewlyCreated* - ALSYSIO
*NewlyCreated* - ASWMBR
*Deregistered* - 82755613
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\twpqihzq.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: network.proxy.http - 50.17.81.254
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1672424288-703294569-2618543827-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0d,0c,f3,6c,29,6a,b0,fd,d8,cf,a8,82,ed,f7,46,33,1e,d2,51,29,5c,90,bb,
75,83,67,04,c1,55,e3,3d,19,66,df,62,a3,ee,f5,ca,e2,55,f4,3a,ac,6c,b7,cf,23,\
"??"=hex:8a,11,f2,63,89,99,0f,2d,03,e1,58,2e,af,13,60,78
.
[HKEY_USERS\S-1-5-21-1672424288-703294569-2618543827-1000\Software\SecuROM\License information*]
"datasecu"=hex:4e,b4,7e,ce,a5,9a,40,84,6d,4e,2b,92,1c,39,64,72,48,8c,53,7e,fb,
fa,90,f7,f2,21,72,27,e7,f1,39,7f,68,69,ee,04,92,6c,07,c6,89,23,b6,07,42,4f,\
"rkeysecu"=hex:ab,44,c7,05,e4,ae,8f,df,09,71,f6,df,a9,ef,a3,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-11 16:22:39
ComboFix-quarantined-files.txt 2012-10-11 14:22
ComboFix2.txt 2012-10-11 09:00
.
Vor Suchlauf: 14 Verzeichnis(se), 22.774.992.896 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 22.709.829.632 Bytes frei
.
- - End Of File - - 8753950032070A5B184CFF6E2764BFCD
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.11.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tobi :: TOBI-PC [Administrator] 11.10.2012 16:25:45 mbam-log-2012-10-11 (16-25-45).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203675 Laufzeit: 4 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Tobi\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Die Icons sind da wo sie vor dem Neustart auch waren. so wie es sein soll! - suuuper!  |
|
12.10.2012, 06:24
| #8 | |
| /// Malwareteam | Desktopsymbole lassen sich nicht mehr anordnenZitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
12.10.2012, 08:51
| #9 |
| | Desktopsymbole lassen sich nicht mehr anordnen Vielen Dank für deien Hilfe! Nein, ich benutze ab und an das Addon "anonymox" bzw "stealthy" - kann das damit etwas zutun haben? |
|
12.10.2012, 09:12
| #10 |
| /// Malwareteam | Desktopsymbole lassen sich nicht mehr anordnen Ja, kann es!  Sieht ganz gut aus - kontrollieren wir alles nochmal!  Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
14.10.2012, 17:55
| #11 |
| | Desktopsymbole lassen sich nicht mehr anordnen Alles klar Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.12.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tobi :: TOBI-PC [Administrator] 12.10.2012 20:48:40 mbam-log-2012-10-12 (20-48-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 667188 Laufzeit: 2 Stunde(n), 49 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET.txt: Code:
ATTFilter C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\twpqihzq.default\user.js JS/SecurityDisabler.A.Gen application
E:\TOBI-PC\Backup Set 2012-02-07 194251\Backup Files 2012-02-07 194251\Backup files 12.zip a variant of Win32/SweetIM.B application
F:\Software\NIK-SOFTWARE-SILVER-EFEX- PRO-V2.0.0.0\SilverEfexPro2-pl-ver2.000all.exe NSIS/TrojanDownloader.Agent.NKF trojan
|
|
15.10.2012, 07:03
| #12 |
| /// Malwareteam | Desktopsymbole lassen sich nicht mehr anordnen Fix mit OTL
Code:
ATTFilter :files
C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\twpqihzq.default\user.js
E:\TOBI-PC\Backup Set 2012-02-07 194251\Backup Files 2012-02-07 194251\Backup files 12.zip
F:\Software\NIK-SOFTWARE-SILVER-EFEX- PRO-V2.0.0.0\SilverEfexPro2-pl-ver2.000all.exe
[emptytemp]
Ansonsten sind wir durch! Schritt 1: Mozilla Firefox update Dein Firefox-Browser ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
Schritt 2: VLC-Player update Dein VLC-Player ist veraltet. Um ihn zu aktualisieren, gehe bitte wie folgt vor:
Schritt 3: Mozilla Thunderbird update Dein Thunderbird-Mailclient ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
Defogger re-enable Starte bitte den Defogger und klicke den re-enable Button ComboFix Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. OTL Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. ComboFix
Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.10.2012, 23:32
| #13 |
| | Desktopsymbole lassen sich nicht mehr anordnen Hallo Marius, vielen vielen Dank für deine Hilfe. Der Rechner läuft wieder so wie er soll. Jetzt habe ich deine ganze Liste abgearbeitet und dabei festgestellt das er beim "bereinigen" auch die txt-Datei von OTL gelöscht hat. Hoffe das ist nicht dramatisch? -> Die damals gefunden Daten sind jedenfalls nicht mehr zu finden. |
|
16.10.2012, 07:11
| #14 |
| /// Malwareteam | Desktopsymbole lassen sich nicht mehr anordnen Das ist alles okay so!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
17.10.2012, 07:51
| #15 |
| /// Malwareteam | Desktopsymbole lassen sich nicht mehr anordnen Schön, dass wir helfen konnten!  Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Desktopsymbole lassen sich nicht mehr anordnen |
| adobe after effects, adobe flashplayer, antivir, autorun, avira, bho, converter, error, firefox, flash player, format, ftp, home, hängen, install.exe, internet, logfile, mozilla, msvcrt, netgear, officejet, plug-in, problem, realtek, registry, required, rundll, scan, security, software, svchost.exe, trojaner-board, usb 3.0, windows |
Textbox.
Linear-Darstellung
