Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Desktopsymbole lassen sich nicht mehr anordnen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.10.2012, 01:03   #1
TT262
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Hallo Trojaner-Board,

ich habe seit einigen Wochen das Problem, dass sich meine Desktopsymbole nach jedem Herunterfahren neu am Raster anordnen - das macht eine Ordnung auf dem Desktop unmöglich.

Zudem läuft der Rechner langsamer als er Hardware-technisch meiner Meinung nach laufen müsste.

Außerdem meldet sich öfters als normal (zumidnest kommt es mir so vor) der "Adobe Flashplayer". - traue der Sache nicht so ganz ...

Ich bin aber im Internet bei meiner Lösungssuche über ähnliche Merkmale gestolpert. Leider zeigten alle bishergen Versuche das Problem in den Griff zubekommen keine Wirkung.

Ich habe nun defogger laufen lassen:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:22 on 11/10/2012 (Tobi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-
         
Im Anschluss OTL:
Code:
ATTFilter
OTL logfile created on: 11.10.2012 01:28:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tobi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 9,43 Gb Available Physical Memory | 78,62% Memory free
23,99 Gb Paging File | 21,42 Gb Available in Paging File | 89,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 21,54 Gb Free Space | 14,46% Space Free | Partition Type: NTFS
Drive E: | 153,38 Gb Total Space | 43,53 Gb Free Space | 28,38% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 107,35 Gb Free Space | 23,05% Space Free | Partition Type: FAT32
Drive K: | 7,39 Gb Total Space | 7,07 Gb Free Space | 95,62% Space Free | Partition Type: FAT32
 
Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.11 01:27:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.08 23:55:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.08 21:37:55 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 14:22:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 14:22:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.14 13:59:19 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2011.12.14 13:41:55 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011.09.22 18:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011.09.14 12:05:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009.10.01 14:44:44 | 001,748,992 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
PRC - [2008.12.10 17:03:44 | 001,736,704 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.27 22:51:54 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.14 00:09:45 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.08 12:50:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.08 21:37:55 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.10 21:21:48 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2012.05.08 14:22:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 14:22:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.09.22 18:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.05.20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.29 03:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe -- (jswpsapi)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.19 23:56:41 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.05.08 14:22:22 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 14:22:22 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.10 08:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.02 11:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 11:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.05.20 16:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010.04.27 22:02:24 | 000,783,360 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.08.24 00:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.10.01 17:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008.01.21 10:20:50 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)
DRV:64bit: - [2006.11.28 22:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006.11.28 22:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2005.09.23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2012.05.10 21:20:14 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver4.2.0)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 0A C5 C1 95 33 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA@2020Technologies.com:5.0.93.0
FF - prefs.js..extensions.enabledAddons: client@anonymox.net:0.9.9
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..network.proxy.http: "50.17.81.254"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.10.06 16:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 12:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.12 21:28:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 12:50:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.23 18:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions
[2012.10.10 01:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\twpqihzq.default\extensions
[2012.10.06 16:44:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\twpqihzq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.09.18 20:44:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\twpqihzq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.17 15:48:34 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\twpqihzq.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.10.03 00:38:34 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\twpqihzq.default\extensions\foxmarks@kei.com
[2012.07.08 19:22:04 | 000,363,041 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\client@anonymox.net.xpi
[2012.10.10 01:34:47 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\firebug@software.joehewitt.com.xpi
[2012.07.28 12:26:04 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\stealthyextension@gmail.com.xpi
[2012.03.29 10:59:14 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.08.23 21:21:00 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.07.26 18:43:12 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\twpqihzq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.14 00:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.08 12:50:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.08 12:50:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.19 09:23:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 12:10:07 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 09:23:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 09:23:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 09:23:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 09:23:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNDA3100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SaitekInstall] C:\Windows\temp\Saitek\Saitek_Cyborg_Keyboard_SD6_64_Drivers\00000011\setup.exe (Saitek)
O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31907D42-3897-4D5E-BED3-BCD19D86F370}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEF4E0CB-2C46-4B65-A1FD-E290529BBAAE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e911b645-7ce0-11e1-80d4-5404a610285e}\Shell - "" = AutoRun
O33 - MountPoints2\{e911b645-7ce0-11e1-80d4-5404a610285e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{fa94e2ec-2d5c-11e1-8c7c-5404a610285e}\Shell - "" = AutoRun
O33 - MountPoints2\{fa94e2ec-2d5c-11e1-8c7c-5404a610285e}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.11 01:27:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2012.10.11 01:20:45 | 000,000,000 | R--D | C] -- C:\Users\Tobi\Desktop\Desktop
[2012.10.03 18:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.09.20 09:25:57 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Nik Software
[2012.09.20 09:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Nik Software
[2012.09.20 09:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2012.09.14 00:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.14 00:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.11 01:28:02 | 000,000,086 | ---- | M] () -- C:\Users\Tobi\Desktop\Trojaner-Board - Neues Thema erstellen.URL
[2012.10.11 01:27:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2012.10.11 01:22:36 | 000,000,000 | ---- | M] () -- C:\Users\Tobi\defogger_reenable
[2012.10.11 01:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.11 01:20:36 | 000,050,477 | ---- | M] () -- C:\Users\Tobi\Desktop\Defogger.exe
[2012.10.10 21:59:53 | 000,022,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 21:59:53 | 000,022,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 21:48:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 21:48:32 | 1072,259,070 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 04:19:08 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.09 04:19:08 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.09 04:19:08 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.09 04:19:08 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.09 04:19:08 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.06 16:31:53 | 009,747,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.16 21:44:25 | 000,001,456 | ---- | M] () -- C:\Users\Tobi\AppData\Local\Adobe Für Web speichern 12.0 Prefs
 
========== Files Created - No Company Name ==========
 
[2012.10.11 01:28:02 | 000,000,086 | ---- | C] () -- C:\Users\Tobi\Desktop\Trojaner-Board - Neues Thema erstellen.URL
[2012.10.11 01:22:36 | 000,000,000 | ---- | C] () -- C:\Users\Tobi\defogger_reenable
[2012.10.11 01:20:35 | 000,050,477 | ---- | C] () -- C:\Users\Tobi\Desktop\Defogger.exe
[2012.09.14 01:00:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.25 02:28:08 | 000,000,132 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.07.09 18:31:44 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.08 21:37:56 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.18 10:12:37 | 000,000,132 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2012.05.20 00:06:02 | 000,000,292 | ---- | C] () -- C:\Windows\EReg072.dat
[2012.05.20 00:04:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ealtest.exe
[2012.04.25 00:24:05 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2012.04.18 15:47:49 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.19 20:01:18 | 000,016,896 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.07 20:42:12 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.02.07 20:42:12 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.02.05 03:43:16 | 000,001,456 | ---- | C] () -- C:\Users\Tobi\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.01.30 00:34:35 | 000,000,132 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.04 02:02:18 | 000,001,197 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\gd.db
[2012.01.04 02:02:17 | 000,000,254 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\groovedown.settings
[2011.12.22 13:11:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.22 13:04:16 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.12.22 13:04:16 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.12.22 13:00:55 | 000,044,674 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.12.22 12:59:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.22 12:59:45 | 000,034,198 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.22 18:31:04 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.25 06:08:52 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Canneverbe Limited
[2012.04.07 15:41:18 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.19 05:05:03 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\com.adobe.dmp.contentviewer
[2012.05.20 00:02:44 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DAEMON Tools Lite
[2012.04.25 00:24:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DonationCoder
[2012.10.10 22:21:04 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Dropbox
[2012.02.19 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DVDVideoSoft
[2012.02.19 19:34:22 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.28 00:54:28 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Groovedown
[2012.07.15 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Imagenomic
[2012.04.26 00:42:16 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ImTOO
[2012.01.04 02:02:17 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\lang
[2012.07.11 03:10:56 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Omvoi
[2011.12.29 17:24:00 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\OpenOffice.org
[2012.07.09 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Osfuu
[2012.04.16 04:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\PACE Anti-Piracy
[2012.06.19 22:06:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Publish Providers
[2012.06.19 22:43:52 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Sony
[2012.03.26 03:05:04 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.01.04 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\TeamViewer
[2011.12.25 04:54:40 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Thunderbird
[2012.07.11 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Tumos
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1161 bytes -> C:\Users\Tobi\AppData\Local\Temp:scsZcEmaPZzMpIKz1jyc0DRw

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 11.10.2012 01:28:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tobi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 9,43 Gb Available Physical Memory | 78,62% Memory free
23,99 Gb Paging File | 21,42 Gb Available in Paging File | 89,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 21,54 Gb Free Space | 14,46% Space Free | Partition Type: NTFS
Drive E: | 153,38 Gb Total Space | 43,53 Gb Free Space | 28,38% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 107,35 Gb Free Space | 23,05% Space Free | Partition Type: FAT32
Drive K: | 7,39 Gb Total Space | 7,07 Gb Free Space | 95,62% Space Free | Partition Type: FAT32
 
Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1089C6D7-5357-4B1A-A7A9-C7A090285683}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1582AAF0-01EC-45BC-93FB-83A2915E8A48}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1C86C4F5-7643-4328-A49D-79FCF2E95275}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{28081D07-6C02-4BF4-82C9-40412D125E37}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E053FCE-137E-4A73-9D9A-697E8D5EB1D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36B0E66C-6854-434C-B98F-B2888A9A6283}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3CF78210-7676-4C2E-BFFA-F42103325226}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3E23D4EE-555E-40CA-B210-2A38613ECCCE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{465C3BDC-A5E6-4C4B-BEE7-2D0F09CF00E2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{477997FC-B4C0-4B54-A39C-D42D0BF09185}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{62B2CEFE-CDFF-465E-82AB-FD490528E506}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6B07163F-D95B-4216-B18C-73B64421D356}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6C268A15-A224-4195-9C0B-5A3466D4E6D9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{83C43FAA-1A79-4DD3-B7DE-051235B43BFF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{83C95608-AE39-4D9D-8AFA-80FB0E139C8C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1C18AA7-6E56-481A-B398-E193C16AC50F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A794480A-2BD4-480B-AC40-086F96D30CBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B8E46CFD-77ED-40AC-9AEF-6C07A25E5A88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D5665CC4-34B3-43DE-A0B2-14A1556E3171}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DAFA365F-7FFA-4B25-A750-2FFB33D9F381}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EFA1900C-0418-4D29-BD90-881D2E9314FF}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0889C194-60EB-4D6F-8D73-C77D9E0E50DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CEA7AA6-E0D6-4044-B4A0-085C33229906}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0D97FECD-EAE6-46A2-8163-83BB578AEB8B}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe | 
"{0DD7188C-5F9C-452A-9CE3-ADE7AD0BAE72}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{101A5C4F-B2FC-4BD0-834A-B8449EEE9252}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1289783A-F882-4C5A-93EB-5A9754C3495A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{236AE738-0FDB-4BDE-BC45-AC30FCA15C2B}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{2733DA83-4E9B-494D-B8F0-5FA1BC88587D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2DF8F9DF-2308-4F6C-A9C9-20EBAB53E7E0}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe | 
"{2E7507F9-9282-4DCC-888F-5CE64EA4467E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2EEE21AC-937A-4A4B-B82B-DFCCB4657FD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{36A9EE42-26E0-4E92-BD9A-6C79FFDC0B96}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{3C21719D-CCD6-4C0F-9E43-167F5BA920C1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{5299B5F5-34F8-4547-A1B2-395D9FDF079F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{53706A20-9C5A-417B-8FBB-21235ED73AB3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5C38B9FF-BC56-4079-856D-CFD1223BCB4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{6251C5D1-894E-4EC8-80F3-6EB9BD18C4FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{630C7A92-8018-4890-9C42-6C8BF098043B}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe | 
"{6509C86F-8611-401A-8A06-AC7202EFA9CB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{65DB8360-330A-4A89-B788-BE01A1B5F3FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6B08003B-B081-423B-AC26-F55E15BF5C42}" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{71A83019-CE57-4DB4-807A-1E05C674CDFD}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe | 
"{7235DBEF-B1FC-4027-A632-B254FF31AD48}" = protocol=6 | dir=out | app=system | 
"{725303B1-6C32-4FDA-8ED4-F4798943DF11}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{7522271D-B6C6-4A12-B99C-A9F361086390}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{77D451A4-5A14-4FF1-9F68-D7110602B064}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BBD531D-A9B2-4A21-8A32-83C9A93F45A5}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe | 
"{816C19E7-5703-478C-8222-F3D7B62A568D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{8BF3C074-15F0-4818-BC5D-75857C04C518}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{98E0946A-0860-4679-8484-A9CDC097AACB}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe | 
"{98FB51D6-4117-4447-84E8-6220330B238C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{9A6D6D67-AC8C-4C6D-BF55-75023A925F50}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A2108B5D-7D32-4157-8448-9B737FB2DFC3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{A2648710-754D-47CF-9270-60D86899B2A6}" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A4BCD778-BF6E-4BF6-9928-EDCB4829DE81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B22A92CC-E34E-4EC3-B763-36C798B7E8D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{BD8DA715-F15B-4AB1-87B0-D0FC35D0E803}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{C5FD1808-9E9C-4632-9D72-3768CF45F637}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{CE2CC7FA-933E-4602-8957-62B9B837990E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{D9652749-80DE-481D-A918-4CC74EE4CD32}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{DB7FE8F6-B501-4A80-B7F1-0F67935299CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E00E5F60-C301-4019-91A4-83F05CA0889C}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{E7769166-D459-4359-BD8C-0677F1F40017}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EC2F9E0C-2399-4918-91C5-410DDA5910EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EF74A67C-EEA0-49CA-AEE9-BEA4A8EB62A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{FD6EA234-FC88-4C15-9483-1F091E2F4176}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{269CAFAF-932D-4452-9DE8-FC868FD76A0E}F:\ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=f:\ftp\ws_ftp95.exe | 
"TCP Query User{3F653513-39A2-4CAF-AA14-AABFA645835B}G:\poptb.exe" = protocol=6 | dir=in | app=g:\poptb.exe | 
"TCP Query User{47AC9755-9EB6-4A9D-8C0C-36CD63221135}C:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{98E9121A-46C0-466E-B867-94737A560E22}C:\users\tobi\appdata\roaming\tumos\myedo.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\tumos\myedo.exe | 
"TCP Query User{ACD54B24-3059-4919-9FDD-78CB0E293F92}C:\program files (x86)\bullfrog\populous\poptb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bullfrog\populous\poptb.exe | 
"TCP Query User{B40B79A3-B207-4BB4-ABC4-90E7CC1065A5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{D5126845-3229-44B5-942D-BFC8B9AC89CD}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{100BE0C3-4881-4726-B43D-E7E09D354569}C:\program files (x86)\bullfrog\populous\poptb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bullfrog\populous\poptb.exe | 
"UDP Query User{3E16965B-99B1-4470-AF3B-5B81C34C8E0A}F:\ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=f:\ftp\ws_ftp95.exe | 
"UDP Query User{4633AE55-EC52-4AC1-9046-C2DB6B2688E2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{52517730-ECB2-49ED-BBF0-0FDF1C71E278}C:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{54E9269B-FC4E-4DCF-99A4-CF392DD76E7E}G:\poptb.exe" = protocol=17 | dir=in | app=g:\poptb.exe | 
"UDP Query User{AADEC68D-1C4A-4A9E-A183-B42CABD30F08}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{B727D93F-12F8-43CB-A430-D6FC71BD2FDA}C:\users\tobi\appdata\roaming\tumos\myedo.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\tumos\myedo.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AF43C18E-693D-4126-B190-8F55E3623D5D}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{BC915A04-93BD-A74E-F90D-4BC84D88F087}" = AMD AVIVO64 Codecs
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA9C4D2-67B3-4518-EC70-865A7EFD40FD}" = AMD Drag and Drop Transcoding
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In 
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.3 Plug-in (build 2308)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FFC7D9-3D8F-D20B-502E-587CEBD8AF3A}" = HydraVision
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1FAB12-F426-432E-8579-75CAB60C69CF}" = AMD OverDrive
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = WNDA3100
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4911E92-A059-4901-8AB3-8638B6D96456}_is1" = Groovedown Version 0.84
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E41C2A-3A29-476D-9685-3F8055AF696A}" = Adobe Creative Suite 5.5 Production Premium
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 4" = Color Efex Pro 4
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"ImTOO SWF Converter 6" = ImTOO SWF Converter 6
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Populous: The Beginning" = Populous: The Beginning
"RocketDock_is1" = RocketDock 1.3.5
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.2
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 19:38:15 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AdobeQTServer.exe, Version: 12.0.0.1,
 Zeitstempel: 0x4d90cd87  Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4ea5d656  Ausnahmecode: 0xc0000005  Fehleroffset: 0x5722aa99
ID
 des fehlerhaften Prozesses: 0x1348  Startzeit der fehlerhaften Anwendung: 0x01cda34e99b4cdc3
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Required\AdobeQTServer.exe
Pfad
 des fehlerhaften Moduls: QuickTime.qts  Berichtskennung: bb88c1a3-0f45-11e2-b648-5404a610285e
 
Error - 05.10.2012 19:39:14 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1126,
 Zeitstempel: 0x50134a19  Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1126,
 Zeitstempel: 0x50134a19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001a7bd
ID
 des fehlerhaften Prozesses: 0x4fc  Startzeit der fehlerhaften Anwendung: 0x01cda0ed2e868057
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\atieclxx.exe  Berichtskennung: deb09d66-0f45-11e2-b648-5404a610285e
 
Error - 06.10.2012 19:20:24 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AdobeQTServer.exe, Version: 12.0.0.1,
 Zeitstempel: 0x4d90cd87  Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4ea5d656  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6974aa99
ID
 des fehlerhaften Prozesses: 0xfc0  Startzeit der fehlerhaften Anwendung: 0x01cda3d00862bcc3
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Required\AdobeQTServer.exe
Pfad
 des fehlerhaften Moduls: QuickTime.qts  Berichtskennung: 67759cae-100c-11e2-87f5-5404a610285e
 
Error - 06.10.2012 19:20:48 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x7cc  Startzeit der fehlerhaften Anwendung: 0x01cda3cf5be772bb
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 75984043-100c-11e2-87f5-5404a610285e
 
Error - 07.10.2012 16:15:18 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Bridge.exe, Version: 4.1.0.54, Zeitstempel:
 0x4d6f26b3  Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version: 0.0.0.0,
 Zeitstempel: 0x4ea5d656  Ausnahmecode: 0xc0000005  Fehleroffset: 0x55edaa99  ID des fehlerhaften
 Prozesses: 0x1684  Startzeit der fehlerhaften Anwendung: 0x01cda4c871c83ec1  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe
Pfad
 des fehlerhaften Moduls: QuickTime.qts  Berichtskennung: b610d710-10bb-11e2-86d6-5404a610285e
 
Error - 09.10.2012 03:52:04 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Adobe QT32 Server.exe, Version: 5.5.0.0,
 Zeitstempel: 0x4d8a71c2  Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4ea5d656  Ausnahmecode: 0xc0000005  Fehleroffset: 0x60edaa99
ID
 des fehlerhaften Prozesses: 0x1764  Startzeit der fehlerhaften Anwendung: 0x01cda57ebd679bc4
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Premiere Pro CS5.5\32\Adobe
 QT32 Server.exe  Pfad des fehlerhaften Moduls: QuickTime.qts  Berichtskennung: 36faf398-11e6-11e2-86d6-5404a610285e
 
Error - 09.10.2012 03:52:08 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Adobe QT32 Server.exe, Version: 5.5.0.0,
 Zeitstempel: 0x4d899f2f  Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4ea5d656  Ausnahmecode: 0xc0000005  Fehleroffset: 0x633aaa99
ID
 des fehlerhaften Prozesses: 0x1dbc  Startzeit der fehlerhaften Anwendung: 0x01cda57f04a4bc4d
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe After Effects CS5.5\Support
 Files\32\Adobe QT32 Server.exe  Pfad des fehlerhaften Moduls: QuickTime.qts  Berichtskennung:
 395a222c-11e6-11e2-86d6-5404a610285e
 
Error - 09.10.2012 03:52:18 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.1.0.0,
 Zeitstempel: 0x4d90d339  Name des fehlerhaften Moduls: image_runtime.dll, Version:
 2.0.0.1, Zeitstempel: 0x4d90ce41  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000007cc2
ID
 des fehlerhaften Prozesses: 0xeb8  Startzeit der fehlerhaften Anwendung: 0x01cda4cd759c669d
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\image_runtime.dll
Berichtskennung:
 3ef6ad95-11e6-11e2-86d6-5404a610285e
 
Error - 09.10.2012 03:52:37 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AdobeQTServer.exe, Version: 12.0.0.1,
 Zeitstempel: 0x4d90cd87  Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4ea5d656  Ausnahmecode: 0xc0000005  Fehleroffset: 0x54a7aa99
ID
 des fehlerhaften Prozesses: 0x1468  Startzeit der fehlerhaften Anwendung: 0x01cda4cd78b9b7da
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Required\AdobeQTServer.exe
Pfad
 des fehlerhaften Moduls: QuickTime.qts  Berichtskennung: 4aad339c-11e6-11e2-86d6-5404a610285e
 
Error - 09.10.2012 03:54:03 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x6f4  Startzeit der fehlerhaften Anwendung: 0x01cda480ae00a938
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 7d7eddf6-11e6-11e2-86d6-5404a610285e
 
Error - 09.10.2012 21:09:45 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x7f4  Startzeit der fehlerhaften Anwendung: 0x01cda6732d8385ba
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 2d2536ae-1277-11e2-8def-5404a610285e
 
[ System Events ]
Error - 05.07.2012 13:20:52 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 05.07.2012 13:21:08 | Computer Name = Tobi-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 05.07.2012 21:06:49 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 06.07.2012 12:21:34 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 06.07.2012 12:24:35 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 06.07.2012 12:24:49 | Computer Name = Tobi-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 07.07.2012 06:08:05 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 07.07.2012 06:08:05 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 07.07.2012 06:08:05 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1069
 
Error - 07.07.2012 19:49:14 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
Beim "QuickScan" brachte OTL mir mehrfach die Fehlermeldung
"Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk2\DR2 ein."
Durch drücken des "Weiter-Buttons" konnte ich den Scan aber beenden.

Ich hoffe ihr könnt mir helfen.

Beste Grüße und schonmal ein Lob und Danke an das gesamte Board.

Tobias

Alt 11.10.2012, 07:16   #2
Psychotic
/// Malwareteam
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 11.10.2012, 09:25   #3
TT262
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Hallo Marius,

vielen Dank für deine Hilfe.

Ich habe deine Anleitung befolgt, anbei die Logs:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-11 09:21:04
-----------------------------
09:21:04.954    OS Version: Windows x64 6.1.7601 Service Pack 1
09:21:04.954    Number of processors: 4 586 0x403
09:21:04.954    ComputerName: TOBI-PC  UserName: Tobi
09:21:05.593    Initialize success
09:23:46.149    AVAST engine defs: 12101001
09:24:22.216    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-7
09:24:22.216    Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABEA Size: 152627MB BusType: 3
09:24:22.231    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-6
09:24:22.231    Disk 1 Vendor: ExcelStor_Technology_J8160 P22OA85A Size: 157066MB BusType: 3
09:24:22.263    Disk 0 MBR read successfully
09:24:22.263    Disk 0 MBR scan
09:24:22.278    Disk 0 Windows 7 default MBR code
09:24:22.294    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
09:24:22.325    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152525 MB offset 206848
09:24:22.356    Disk 0 scanning C:\Windows\system32\drivers
09:24:36.396    Service scanning
09:25:11.106    Modules scanning
09:25:11.122    Disk 0 trace - called modules:
09:25:11.138    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
09:25:11.153    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800aa1b060]
09:25:11.153    3 CLASSPNP.SYS[fffff880018ab43f] -> nt!IofCallDriver -> [0xfffffa800a9569b0]
09:25:11.153    5 ACPI.sys[fffff88000ed57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-7[0xfffffa800aa2c060]
09:25:11.949    AVAST engine scan C:\Windows
09:25:14.538    AVAST engine scan C:\Windows\system32
09:29:36.026    AVAST engine scan C:\Windows\system32\drivers
09:29:51.938    AVAST engine scan C:\Users\Tobi
10:03:07.261    AVAST engine scan C:\ProgramData
10:05:06.883    Scan finished successfully
10:09:47.714    Disk 0 MBR has been saved successfully to "C:\Users\Tobi\Desktop\MBR.dat"
10:09:47.714    The log file has been saved successfully to "C:\Users\Tobi\Desktop\aswMBR.txt"
         

Code:
ATTFilter
10:10:52.0362 1504  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:10:52.0409 1504  ============================================================
10:10:52.0409 1504  Current date / time: 2012/10/11 10:10:52.0409
10:10:52.0409 1504  SystemInfo:
10:10:52.0409 1504  
10:10:52.0409 1504  OS Version: 6.1.7601 ServicePack: 1.0
10:10:52.0409 1504  Product type: Workstation
10:10:52.0409 1504  ComputerName: TOBI-PC
10:10:52.0409 1504  UserName: Tobi
10:10:52.0409 1504  Windows directory: C:\Windows
10:10:52.0409 1504  System windows directory: C:\Windows
10:10:52.0409 1504  Running under WOW64
10:10:52.0409 1504  Processor architecture: Intel x64
10:10:52.0409 1504  Number of processors: 4
10:10:52.0409 1504  Page size: 0x1000
10:10:52.0409 1504  Boot type: Normal boot
10:10:52.0409 1504  ============================================================
10:10:53.0844 1504  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:10:57.0448 1504  Drive \Device\Harddisk1\DR1 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:10:57.0463 1504  Drive \Device\Harddisk4\DR4 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:10:57.0463 1504  Drive \Device\Harddisk6\DR6 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:11:02.0830 1504  ============================================================
10:11:02.0830 1504  \Device\Harddisk0\DR0:
10:11:02.0830 1504  MBR partitions:
10:11:02.0830 1504  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:11:02.0830 1504  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
10:11:02.0830 1504  \Device\Harddisk1\DR1:
10:11:02.0830 1504  MBR partitions:
10:11:02.0830 1504  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C0A77
10:11:02.0830 1504  \Device\Harddisk4\DR4:
10:11:02.0830 1504  MBR partitions:
10:11:02.0830 1504  \Device\Harddisk4\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
10:11:02.0830 1504  \Device\Harddisk6\DR6:
10:11:02.0830 1504  MBR partitions:
10:11:02.0830 1504  \Device\Harddisk6\DR6\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
10:11:02.0830 1504  ============================================================
10:11:02.0861 1504  C: <-> \Device\Harddisk0\DR0\Partition2
10:11:02.0892 1504  E: <-> \Device\Harddisk1\DR1\Partition1
10:11:02.0892 1504  F: <-> \Device\Harddisk6\DR6\Partition1
10:11:02.0892 1504  ============================================================
10:11:02.0892 1504  Initialize success
10:11:02.0892 1504  ============================================================
10:11:32.0563 4056  ============================================================
10:11:32.0563 4056  Scan started
10:11:32.0563 4056  Mode: Manual; 
10:11:32.0563 4056  ============================================================
10:11:33.0811 4056  ================ Scan system memory ========================
10:11:33.0811 4056  System memory - ok
10:11:33.0811 4056  ================ Scan services =============================
10:11:33.0967 4056  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:11:33.0967 4056  1394ohci - ok
10:11:34.0030 4056  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:11:34.0030 4056  ACPI - ok
10:11:34.0076 4056  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:11:34.0076 4056  AcpiPmi - ok
10:11:34.0201 4056  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:11:34.0201 4056  AdobeARMservice - ok
10:11:34.0342 4056  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:11:34.0342 4056  AdobeFlashPlayerUpdateSvc - ok
10:11:34.0388 4056  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:11:34.0388 4056  adp94xx - ok
10:11:34.0420 4056  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:11:34.0420 4056  adpahci - ok
10:11:34.0435 4056  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:11:34.0435 4056  adpu320 - ok
10:11:34.0451 4056  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:11:34.0451 4056  AeLookupSvc - ok
10:11:34.0513 4056  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:11:34.0513 4056  AFD - ok
10:11:34.0560 4056  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:11:34.0560 4056  agp440 - ok
10:11:34.0591 4056  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:11:34.0591 4056  ALG - ok
10:11:34.0638 4056  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:11:34.0638 4056  aliide - ok
10:11:34.0794 4056  ALSysIO - ok
10:11:34.0856 4056  [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:11:34.0856 4056  AMD External Events Utility - ok
10:11:34.0888 4056  AMD FUEL Service - ok
10:11:34.0919 4056  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:11:34.0919 4056  amdide - ok
10:11:34.0950 4056  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
10:11:34.0950 4056  amdiox64 - ok
10:11:34.0997 4056  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:11:34.0997 4056  AmdK8 - ok
10:11:35.0278 4056  [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:11:35.0480 4056  amdkmdag - ok
10:11:35.0527 4056  [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:11:35.0527 4056  amdkmdap - ok
10:11:35.0558 4056  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:11:35.0558 4056  AmdPPM - ok
10:11:35.0605 4056  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:11:35.0605 4056  amdsata - ok
10:11:35.0636 4056  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:11:35.0636 4056  amdsbs - ok
10:11:35.0652 4056  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:11:35.0652 4056  amdxata - ok
10:11:35.0746 4056  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:11:35.0746 4056  AntiVirSchedulerService - ok
10:11:35.0792 4056  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:11:35.0792 4056  AntiVirService - ok
10:11:35.0839 4056  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:11:35.0839 4056  AODDriver4.01 - ok
10:11:35.0870 4056  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:11:35.0870 4056  AODDriver4.1 - ok
10:11:35.0980 4056  [ CCA0610205BFE4EA3A7B7319AE7EF2A2 ] AODDriver4.2.0  C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
10:11:35.0980 4056  AODDriver4.2.0 - ok
10:11:36.0011 4056  [ 01CB9EE6ADAED004E86F9870A14F86EB ] AODService      C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
10:11:36.0011 4056  AODService - ok
10:11:36.0073 4056  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:11:36.0073 4056  AppID - ok
10:11:36.0104 4056  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:11:36.0104 4056  AppIDSvc - ok
10:11:36.0151 4056  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:11:36.0151 4056  Appinfo - ok
10:11:36.0182 4056  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:11:36.0182 4056  arc - ok
10:11:36.0214 4056  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:11:36.0214 4056  arcsas - ok
10:11:36.0276 4056  [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
10:11:36.0276 4056  AsIO - ok
10:11:36.0292 4056  [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
10:11:36.0292 4056  asmthub3 - ok
10:11:36.0338 4056  [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
10:11:36.0338 4056  asmtxhci - ok
10:11:36.0354 4056  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:11:36.0354 4056  AsyncMac - ok
10:11:36.0385 4056  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:11:36.0385 4056  atapi - ok
10:11:36.0463 4056  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:11:36.0463 4056  AtiHDAudioService - ok
10:11:36.0494 4056  [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
10:11:36.0494 4056  AtiPcie - ok
10:11:36.0572 4056  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:11:36.0588 4056  AudioEndpointBuilder - ok
10:11:36.0619 4056  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:11:36.0619 4056  AudioSrv - ok
10:11:36.0650 4056  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:11:36.0650 4056  avgntflt - ok
10:11:36.0682 4056  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:11:36.0682 4056  avipbb - ok
10:11:36.0682 4056  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:11:36.0682 4056  avkmgr - ok
10:11:36.0744 4056  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:11:36.0744 4056  AxInstSV - ok
10:11:36.0775 4056  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:11:36.0791 4056  b06bdrv - ok
10:11:36.0822 4056  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:11:36.0822 4056  b57nd60a - ok
10:11:36.0869 4056  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:11:36.0869 4056  BDESVC - ok
10:11:36.0884 4056  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:11:36.0884 4056  Beep - ok
10:11:36.0962 4056  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:11:36.0978 4056  BFE - ok
10:11:37.0040 4056  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:11:37.0056 4056  BITS - ok
10:11:37.0072 4056  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:11:37.0072 4056  blbdrive - ok
10:11:37.0118 4056  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:11:37.0118 4056  bowser - ok
10:11:37.0150 4056  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:11:37.0150 4056  BrFiltLo - ok
10:11:37.0165 4056  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:11:37.0165 4056  BrFiltUp - ok
10:11:37.0196 4056  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:11:37.0196 4056  Browser - ok
10:11:37.0228 4056  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:11:37.0228 4056  Brserid - ok
10:11:37.0259 4056  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:11:37.0259 4056  BrSerWdm - ok
10:11:37.0274 4056  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:11:37.0274 4056  BrUsbMdm - ok
10:11:37.0274 4056  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:11:37.0274 4056  BrUsbSer - ok
10:11:37.0306 4056  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:11:37.0306 4056  BTHMODEM - ok
10:11:37.0352 4056  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:11:37.0352 4056  bthserv - ok
10:11:37.0384 4056  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:11:37.0384 4056  cdfs - ok
10:11:37.0446 4056  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:11:37.0446 4056  cdrom - ok
10:11:37.0493 4056  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:11:37.0493 4056  CertPropSvc - ok
10:11:37.0524 4056  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:11:37.0524 4056  circlass - ok
10:11:37.0571 4056  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:11:37.0571 4056  CLFS - ok
10:11:37.0649 4056  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:11:37.0664 4056  clr_optimization_v2.0.50727_32 - ok
10:11:37.0711 4056  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:11:37.0727 4056  clr_optimization_v2.0.50727_64 - ok
10:11:37.0805 4056  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:11:37.0805 4056  clr_optimization_v4.0.30319_32 - ok
10:11:37.0836 4056  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:11:37.0836 4056  clr_optimization_v4.0.30319_64 - ok
10:11:37.0867 4056  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:11:37.0883 4056  CmBatt - ok
10:11:37.0914 4056  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:11:37.0914 4056  cmdide - ok
10:11:37.0961 4056  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
10:11:37.0961 4056  CNG - ok
10:11:37.0961 4056  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:11:37.0976 4056  Compbatt - ok
10:11:38.0008 4056  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:11:38.0008 4056  CompositeBus - ok
10:11:38.0023 4056  COMSysApp - ok
10:11:38.0054 4056  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:11:38.0054 4056  crcdisk - ok
10:11:38.0101 4056  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:11:38.0117 4056  CryptSvc - ok
10:11:38.0179 4056  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:11:38.0195 4056  DcomLaunch - ok
10:11:38.0226 4056  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:11:38.0226 4056  defragsvc - ok
10:11:38.0273 4056  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:11:38.0273 4056  DfsC - ok
10:11:38.0304 4056  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:11:38.0304 4056  Dhcp - ok
10:11:38.0335 4056  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:11:38.0335 4056  discache - ok
10:11:38.0382 4056  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:11:38.0382 4056  Disk - ok
10:11:38.0398 4056  DNIMp50a64 - ok
10:11:38.0413 4056  DNISp50a64 - ok
10:11:38.0460 4056  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:11:38.0460 4056  Dnscache - ok
10:11:38.0507 4056  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:11:38.0507 4056  dot3svc - ok
10:11:38.0554 4056  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:11:38.0569 4056  DPS - ok
10:11:38.0585 4056  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:11:38.0585 4056  drmkaud - ok
10:11:38.0632 4056  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:11:38.0647 4056  dtsoftbus01 - ok
10:11:38.0694 4056  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:11:38.0694 4056  DXGKrnl - ok
10:11:38.0725 4056  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:11:38.0725 4056  EapHost - ok
10:11:38.0834 4056  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:11:38.0866 4056  ebdrv - ok
10:11:38.0897 4056  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:11:38.0897 4056  EFS - ok
10:11:38.0975 4056  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:11:39.0006 4056  ehRecvr - ok
10:11:39.0022 4056  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:11:39.0037 4056  ehSched - ok
10:11:39.0084 4056  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:11:39.0084 4056  elxstor - ok
10:11:39.0100 4056  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:11:39.0100 4056  ErrDev - ok
10:11:39.0131 4056  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:11:39.0131 4056  EventSystem - ok
10:11:39.0178 4056  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:11:39.0178 4056  exfat - ok
10:11:39.0193 4056  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:11:39.0193 4056  fastfat - ok
10:11:39.0271 4056  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:11:39.0271 4056  Fax - ok
10:11:39.0287 4056  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:11:39.0287 4056  fdc - ok
10:11:39.0302 4056  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:11:39.0318 4056  fdPHost - ok
10:11:39.0334 4056  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:11:39.0334 4056  FDResPub - ok
10:11:39.0349 4056  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:11:39.0349 4056  FileInfo - ok
10:11:39.0365 4056  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:11:39.0365 4056  Filetrace - ok
10:11:39.0380 4056  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:11:39.0380 4056  flpydisk - ok
10:11:39.0443 4056  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:11:39.0458 4056  FltMgr - ok
10:11:39.0521 4056  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:11:39.0552 4056  FontCache - ok
10:11:39.0599 4056  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:11:39.0614 4056  FontCache3.0.0.0 - ok
10:11:39.0646 4056  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:11:39.0646 4056  FsDepends - ok
10:11:39.0677 4056  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:11:39.0677 4056  Fs_Rec - ok
10:11:39.0739 4056  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:11:39.0739 4056  fvevol - ok
10:11:39.0770 4056  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:11:39.0770 4056  gagp30kx - ok
10:11:39.0833 4056  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:11:39.0848 4056  gpsvc - ok
10:11:39.0864 4056  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:11:39.0864 4056  hcw85cir - ok
10:11:39.0911 4056  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:11:39.0926 4056  HdAudAddService - ok
10:11:39.0958 4056  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:11:39.0958 4056  HDAudBus - ok
10:11:39.0973 4056  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:11:39.0973 4056  HidBatt - ok
10:11:39.0989 4056  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:11:39.0989 4056  HidBth - ok
10:11:40.0004 4056  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:11:40.0004 4056  HidIr - ok
10:11:40.0020 4056  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:11:40.0020 4056  hidserv - ok
10:11:40.0067 4056  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:11:40.0067 4056  HidUsb - ok
10:11:40.0098 4056  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:11:40.0114 4056  hkmsvc - ok
10:11:40.0145 4056  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:11:40.0160 4056  HomeGroupListener - ok
10:11:40.0207 4056  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:11:40.0207 4056  HomeGroupProvider - ok
10:11:40.0270 4056  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:11:40.0270 4056  HpSAMD - ok
10:11:40.0332 4056  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:11:40.0348 4056  HTTP - ok
10:11:40.0348 4056  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:11:40.0348 4056  hwpolicy - ok
10:11:40.0394 4056  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:11:40.0394 4056  i8042prt - ok
10:11:40.0426 4056  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:11:40.0441 4056  iaStorV - ok
10:11:40.0504 4056  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:11:40.0535 4056  idsvc - ok
10:11:40.0566 4056  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:11:40.0566 4056  iirsp - ok
10:11:40.0613 4056  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:11:40.0628 4056  IKEEXT - ok
10:11:40.0738 4056  [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:11:40.0769 4056  IntcAzAudAddService - ok
10:11:40.0800 4056  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:11:40.0800 4056  intelide - ok
10:11:40.0831 4056  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:11:40.0831 4056  intelppm - ok
10:11:40.0847 4056  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:11:40.0847 4056  IPBusEnum - ok
10:11:40.0894 4056  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:11:40.0894 4056  IpFilterDriver - ok
10:11:40.0956 4056  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:11:40.0972 4056  iphlpsvc - ok
10:11:41.0018 4056  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:11:41.0018 4056  IPMIDRV - ok
10:11:41.0050 4056  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:11:41.0050 4056  IPNAT - ok
10:11:41.0081 4056  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:11:41.0081 4056  IRENUM - ok
10:11:41.0112 4056  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:11:41.0112 4056  isapnp - ok
10:11:41.0143 4056  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:11:41.0143 4056  iScsiPrt - ok
10:11:41.0284 4056  [ 78D233D835A8876035AC559AFE02B940 ] jswpsapi        C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe
10:11:41.0284 4056  jswpsapi - ok
10:11:41.0330 4056  [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF        C:\Windows\system32\DRIVERS\jswpslwfx.sys
10:11:41.0330 4056  JSWPSLWF - ok
10:11:41.0377 4056  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:11:41.0377 4056  kbdclass - ok
10:11:41.0408 4056  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:11:41.0408 4056  kbdhid - ok
10:11:41.0440 4056  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:11:41.0440 4056  KeyIso - ok
10:11:41.0486 4056  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:11:41.0486 4056  KSecDD - ok
10:11:41.0549 4056  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:11:41.0549 4056  KSecPkg - ok
10:11:41.0580 4056  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:11:41.0580 4056  ksthunk - ok
10:11:41.0627 4056  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:11:41.0627 4056  KtmRm - ok
10:11:41.0689 4056  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:11:41.0705 4056  LanmanServer - ok
10:11:41.0752 4056  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:11:41.0752 4056  LanmanWorkstation - ok
10:11:41.0783 4056  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:11:41.0783 4056  lltdio - ok
10:11:41.0814 4056  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:11:41.0814 4056  lltdsvc - ok
10:11:41.0830 4056  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:11:41.0830 4056  lmhosts - ok
10:11:41.0845 4056  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:11:41.0845 4056  LSI_FC - ok
10:11:41.0876 4056  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:11:41.0876 4056  LSI_SAS - ok
10:11:41.0876 4056  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:11:41.0876 4056  LSI_SAS2 - ok
10:11:41.0908 4056  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:11:41.0908 4056  LSI_SCSI - ok
10:11:41.0923 4056  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:11:41.0923 4056  luafv - ok
10:11:41.0986 4056  [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus64.sys
10:11:41.0986 4056  MarvinBus - ok
10:11:42.0032 4056  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:11:42.0048 4056  Mcx2Svc - ok
10:11:42.0064 4056  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:11:42.0064 4056  megasas - ok
10:11:42.0095 4056  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:11:42.0095 4056  MegaSR - ok
10:11:42.0110 4056  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:11:42.0126 4056  MMCSS - ok
10:11:42.0157 4056  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:11:42.0157 4056  Modem - ok
10:11:42.0173 4056  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:11:42.0173 4056  monitor - ok
10:11:42.0220 4056  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:11:42.0220 4056  mouclass - ok
10:11:42.0266 4056  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:11:42.0266 4056  mouhid - ok
10:11:42.0313 4056  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:11:42.0313 4056  mountmgr - ok
10:11:42.0376 4056  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:11:42.0376 4056  MozillaMaintenance - ok
10:11:42.0422 4056  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:11:42.0422 4056  mpio - ok
10:11:42.0438 4056  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:11:42.0438 4056  mpsdrv - ok
10:11:42.0516 4056  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:11:42.0532 4056  MpsSvc - ok
10:11:42.0563 4056  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:11:42.0563 4056  MRxDAV - ok
10:11:42.0594 4056  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:11:42.0594 4056  mrxsmb - ok
10:11:42.0610 4056  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:11:42.0610 4056  mrxsmb10 - ok
10:11:42.0625 4056  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:11:42.0625 4056  mrxsmb20 - ok
10:11:42.0656 4056  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:11:42.0656 4056  msahci - ok
10:11:42.0734 4056  [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
10:11:42.0734 4056  MSCamSvc - ok
10:11:42.0766 4056  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:11:42.0781 4056  msdsm - ok
10:11:42.0812 4056  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:11:42.0812 4056  MSDTC - ok
10:11:42.0828 4056  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:11:42.0828 4056  Msfs - ok
10:11:42.0844 4056  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:11:42.0844 4056  mshidkmdf - ok
10:11:42.0875 4056  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:11:42.0875 4056  msisadrv - ok
10:11:42.0906 4056  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:11:42.0906 4056  MSiSCSI - ok
10:11:42.0922 4056  msiserver - ok
10:11:42.0953 4056  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:11:42.0953 4056  MSKSSRV - ok
10:11:42.0953 4056  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:11:42.0953 4056  MSPCLOCK - ok
10:11:42.0968 4056  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:11:42.0968 4056  MSPQM - ok
10:11:43.0015 4056  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:11:43.0015 4056  MsRPC - ok
10:11:43.0062 4056  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:11:43.0062 4056  mssmbios - ok
10:11:43.0078 4056  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:11:43.0078 4056  MSTEE - ok
10:11:43.0093 4056  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:11:43.0093 4056  MTConfig - ok
10:11:43.0140 4056  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
10:11:43.0140 4056  MTsensor - ok
10:11:43.0156 4056  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:11:43.0156 4056  Mup - ok
10:11:43.0202 4056  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:11:43.0202 4056  napagent - ok
10:11:43.0234 4056  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:11:43.0249 4056  NativeWifiP - ok
10:11:43.0312 4056  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:11:43.0312 4056  NDIS - ok
10:11:43.0343 4056  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:11:43.0343 4056  NdisCap - ok
10:11:43.0374 4056  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:11:43.0374 4056  NdisTapi - ok
10:11:43.0421 4056  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:11:43.0421 4056  Ndisuio - ok
10:11:43.0468 4056  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:43.0483 4056  NdisWan - ok
10:11:43.0514 4056  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:11:43.0514 4056  NDProxy - ok
10:11:43.0546 4056  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:11:43.0546 4056  NetBIOS - ok
10:11:43.0592 4056  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:11:43.0592 4056  NetBT - ok
10:11:43.0608 4056  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:11:43.0608 4056  Netlogon - ok
10:11:43.0655 4056  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:11:43.0670 4056  Netman - ok
10:11:43.0702 4056  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:11:43.0702 4056  netprofm - ok
10:11:43.0733 4056  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:11:43.0733 4056  NetTcpPortSharing - ok
10:11:43.0780 4056  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:11:43.0780 4056  nfrd960 - ok
10:11:43.0842 4056  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:11:43.0842 4056  NlaSvc - ok
10:11:43.0936 4056  [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc        C:\Windows\SysWOW64\nlssrv32.exe
10:11:43.0951 4056  nlsX86cc - ok
10:11:44.0014 4056  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
10:11:44.0029 4056  NPF - ok
10:11:44.0029 4056  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:11:44.0045 4056  Npfs - ok
10:11:44.0076 4056  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:11:44.0076 4056  nsi - ok
10:11:44.0092 4056  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:11:44.0092 4056  nsiproxy - ok
10:11:44.0170 4056  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:11:44.0201 4056  Ntfs - ok
10:11:44.0216 4056  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:11:44.0216 4056  Null - ok
10:11:44.0248 4056  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:11:44.0248 4056  nvraid - ok
10:11:44.0294 4056  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:11:44.0294 4056  nvstor - ok
10:11:44.0357 4056  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:11:44.0357 4056  nv_agp - ok
10:11:44.0372 4056  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:11:44.0372 4056  ohci1394 - ok
10:11:44.0419 4056  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:11:44.0435 4056  p2pimsvc - ok
10:11:44.0466 4056  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:11:44.0466 4056  p2psvc - ok
10:11:44.0497 4056  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:11:44.0497 4056  Parport - ok
10:11:44.0544 4056  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:11:44.0544 4056  partmgr - ok
10:11:44.0575 4056  [ 304E6AC43613A9C43896C4300009442B ] PCAMp50a64      C:\Windows\system32\Drivers\PCAMp50a64.sys
10:11:44.0575 4056  PCAMp50a64 - ok
10:11:44.0606 4056  [ 18B6869E23937175144E6F1D3CB85FC2 ] PCASp50a64      C:\Windows\system32\Drivers\PCASp50a64.sys
10:11:44.0606 4056  PCASp50a64 - ok
10:11:44.0653 4056  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:11:44.0669 4056  PcaSvc - ok
10:11:44.0716 4056  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:11:44.0716 4056  pci - ok
10:11:44.0731 4056  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:11:44.0731 4056  pciide - ok
10:11:44.0762 4056  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:11:44.0762 4056  pcmcia - ok
10:11:44.0778 4056  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:11:44.0778 4056  pcw - ok
10:11:44.0794 4056  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:11:44.0794 4056  PEAUTH - ok
10:11:44.0825 4056  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:11:44.0840 4056  PerfHost - ok
10:11:44.0903 4056  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:11:44.0918 4056  pla - ok
10:11:44.0981 4056  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:11:44.0996 4056  PlugPlay - ok
10:11:45.0028 4056  PnkBstrA - ok
10:11:45.0043 4056  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:11:45.0043 4056  PNRPAutoReg - ok
10:11:45.0059 4056  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:11:45.0059 4056  PNRPsvc - ok
10:11:45.0090 4056  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:11:45.0106 4056  PolicyAgent - ok
10:11:45.0121 4056  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:11:45.0137 4056  Power - ok
10:11:45.0168 4056  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:11:45.0168 4056  PptpMiniport - ok
10:11:45.0199 4056  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:11:45.0199 4056  Processor - ok
10:11:45.0246 4056  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:11:45.0246 4056  ProfSvc - ok
10:11:45.0262 4056  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:11:45.0262 4056  ProtectedStorage - ok
10:11:45.0308 4056  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:11:45.0308 4056  Psched - ok
10:11:45.0355 4056  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
10:11:45.0355 4056  PxHlpa64 - ok
10:11:45.0402 4056  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:11:45.0418 4056  ql2300 - ok
10:11:45.0433 4056  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:11:45.0433 4056  ql40xx - ok
10:11:45.0464 4056  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:11:45.0480 4056  QWAVE - ok
10:11:45.0496 4056  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:11:45.0496 4056  QWAVEdrv - ok
10:11:45.0511 4056  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:11:45.0511 4056  RasAcd - ok
10:11:45.0527 4056  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:11:45.0527 4056  RasAgileVpn - ok
10:11:45.0542 4056  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:11:45.0542 4056  RasAuto - ok
10:11:45.0589 4056  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:11:45.0589 4056  Rasl2tp - ok
10:11:45.0636 4056  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:11:45.0636 4056  RasMan - ok
10:11:45.0667 4056  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:11:45.0667 4056  RasPppoe - ok
10:11:45.0683 4056  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:11:45.0683 4056  RasSstp - ok
10:11:45.0698 4056  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:11:45.0698 4056  rdbss - ok
10:11:45.0714 4056  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:11:45.0714 4056  rdpbus - ok
10:11:45.0730 4056  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:11:45.0730 4056  RDPCDD - ok
10:11:45.0745 4056  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:11:45.0745 4056  RDPENCDD - ok
10:11:45.0761 4056  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:11:45.0761 4056  RDPREFMP - ok
10:11:45.0808 4056  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:11:45.0808 4056  RDPWD - ok
10:11:45.0870 4056  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:11:45.0870 4056  rdyboost - ok
10:11:45.0886 4056  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:11:45.0886 4056  RemoteAccess - ok
10:11:45.0917 4056  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:11:45.0932 4056  RemoteRegistry - ok
10:11:45.0995 4056  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
10:11:45.0995 4056  rpcapd - ok
10:11:46.0010 4056  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:11:46.0010 4056  RpcEptMapper - ok
10:11:46.0042 4056  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:11:46.0042 4056  RpcLocator - ok
10:11:46.0104 4056  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:11:46.0120 4056  RpcSs - ok
10:11:46.0135 4056  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:11:46.0151 4056  rspndr - ok
10:11:46.0182 4056  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:11:46.0182 4056  RTL8167 - ok
10:11:46.0229 4056  [ 476BAA3EEBE9DB94BF6BDFAF46747E5D ] SaiK0728        C:\Windows\system32\DRIVERS\SaiK0728.sys
10:11:46.0229 4056  SaiK0728 - ok
10:11:46.0244 4056  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:11:46.0244 4056  SamSs - ok
10:11:46.0291 4056  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:11:46.0291 4056  sbp2port - ok
10:11:46.0322 4056  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:11:46.0338 4056  SCardSvr - ok
10:11:46.0369 4056  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:11:46.0369 4056  scfilter - ok
10:11:46.0447 4056  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:11:46.0463 4056  Schedule - ok
10:11:46.0494 4056  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:11:46.0494 4056  SCPolicySvc - ok
10:11:46.0541 4056  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:11:46.0541 4056  SDRSVC - ok
10:11:46.0572 4056  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:11:46.0572 4056  secdrv - ok
10:11:46.0572 4056  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:11:46.0572 4056  seclogon - ok
10:11:46.0619 4056  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:11:46.0619 4056  SENS - ok
10:11:46.0634 4056  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:11:46.0634 4056  SensrSvc - ok
10:11:46.0666 4056  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:11:46.0666 4056  Serenum - ok
10:11:46.0697 4056  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:11:46.0697 4056  Serial - ok
10:11:46.0744 4056  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:11:46.0744 4056  sermouse - ok
10:11:46.0806 4056  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:11:46.0806 4056  SessionEnv - ok
10:11:46.0837 4056  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:11:46.0837 4056  sffdisk - ok
10:11:46.0837 4056  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:11:46.0837 4056  sffp_mmc - ok
10:11:46.0853 4056  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:11:46.0853 4056  sffp_sd - ok
10:11:46.0884 4056  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:11:46.0884 4056  sfloppy - ok
10:11:46.0915 4056  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:11:46.0915 4056  SharedAccess - ok
10:11:46.0931 4056  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:11:46.0946 4056  ShellHWDetection - ok
10:11:46.0946 4056  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:11:46.0946 4056  SiSRaid2 - ok
10:11:46.0962 4056  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:11:46.0962 4056  SiSRaid4 - ok
10:11:47.0149 4056  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:11:47.0180 4056  Skype C2C Service - ok
10:11:47.0227 4056  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:11:47.0227 4056  SkypeUpdate - ok
10:11:47.0258 4056  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:11:47.0274 4056  Smb - ok
10:11:47.0321 4056  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:11:47.0321 4056  SNMPTRAP - ok
10:11:47.0352 4056  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:11:47.0352 4056  spldr - ok
10:11:47.0414 4056  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:11:47.0414 4056  Spooler - ok
10:11:47.0524 4056  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:11:47.0555 4056  sppsvc - ok
10:11:47.0570 4056  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:11:47.0570 4056  sppuinotify - ok
10:11:47.0617 4056  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:11:47.0633 4056  srv - ok
10:11:47.0664 4056  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:11:47.0664 4056  srv2 - ok
10:11:47.0680 4056  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:11:47.0680 4056  srvnet - ok
10:11:47.0711 4056  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:11:47.0726 4056  SSDPSRV - ok
10:11:47.0726 4056  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:11:47.0742 4056  SstpSvc - ok
10:11:47.0758 4056  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:11:47.0758 4056  stexstor - ok
10:11:47.0804 4056  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:11:47.0804 4056  StillCam - ok
10:11:47.0867 4056  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:11:47.0867 4056  stisvc - ok
10:11:47.0914 4056  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:11:47.0914 4056  swenum - ok
10:11:48.0007 4056  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:11:48.0007 4056  SwitchBoard - ok
10:11:48.0054 4056  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:11:48.0070 4056  swprv - ok
10:11:48.0148 4056  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:11:48.0179 4056  SysMain - ok
10:11:48.0210 4056  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:11:48.0210 4056  TabletInputService - ok
10:11:48.0241 4056  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:11:48.0257 4056  TapiSrv - ok
10:11:48.0272 4056  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:11:48.0272 4056  TBS - ok
10:11:48.0350 4056  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:11:48.0382 4056  Tcpip - ok
10:11:48.0397 4056  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:11:48.0413 4056  TCPIP6 - ok
10:11:48.0444 4056  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:11:48.0444 4056  tcpipreg - ok
10:11:48.0491 4056  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:11:48.0491 4056  TDPIPE - ok
10:11:48.0522 4056  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:11:48.0522 4056  TDTCP - ok
10:11:48.0553 4056  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:11:48.0553 4056  tdx - ok
10:11:48.0709 4056  [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
10:11:48.0740 4056  TeamViewer7 - ok
10:11:48.0756 4056  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:11:48.0756 4056  TermDD - ok
10:11:48.0803 4056  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:11:48.0818 4056  TermService - ok
10:11:48.0850 4056  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:11:48.0850 4056  Themes - ok
10:11:48.0881 4056  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:11:48.0881 4056  THREADORDER - ok
10:11:48.0896 4056  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:11:48.0896 4056  TrkWks - ok
10:11:48.0959 4056  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:11:48.0959 4056  TrustedInstaller - ok
10:11:49.0006 4056  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:11:49.0006 4056  tssecsrv - ok
10:11:49.0037 4056  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:11:49.0037 4056  TsUsbFlt - ok
10:11:49.0084 4056  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:11:49.0084 4056  tunnel - ok
10:11:49.0115 4056  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:11:49.0115 4056  uagp35 - ok
10:11:49.0177 4056  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:11:49.0177 4056  udfs - ok
10:11:49.0208 4056  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:11:49.0208 4056  UI0Detect - ok
10:11:49.0224 4056  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:11:49.0224 4056  uliagpkx - ok
10:11:49.0255 4056  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
10:11:49.0271 4056  umbus - ok
10:11:49.0286 4056  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:11:49.0286 4056  UmPass - ok
10:11:49.0333 4056  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:11:49.0349 4056  upnphost - ok
10:11:49.0380 4056  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:11:49.0380 4056  usbaudio - ok
10:11:49.0411 4056  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:11:49.0411 4056  usbccgp - ok
10:11:49.0427 4056  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:11:49.0427 4056  usbcir - ok
10:11:49.0458 4056  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:11:49.0458 4056  usbehci - ok
10:11:49.0489 4056  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:11:49.0505 4056  usbhub - ok
10:11:49.0520 4056  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
10:11:49.0520 4056  usbohci - ok
10:11:49.0536 4056  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:11:49.0536 4056  usbprint - ok
10:11:49.0583 4056  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:11:49.0583 4056  USBSTOR - ok
10:11:49.0598 4056  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:11:49.0598 4056  usbuhci - ok
10:11:49.0630 4056  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:11:49.0630 4056  UxSms - ok
10:11:49.0645 4056  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:11:49.0645 4056  VaultSvc - ok
10:11:49.0692 4056  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:11:49.0692 4056  vdrvroot - ok
10:11:49.0723 4056  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:11:49.0739 4056  vds - ok
10:11:49.0754 4056  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:11:49.0754 4056  vga - ok
10:11:49.0770 4056  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:11:49.0770 4056  VgaSave - ok
10:11:49.0801 4056  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:11:49.0817 4056  vhdmp - ok
10:11:49.0848 4056  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:11:49.0848 4056  viaide - ok
10:11:49.0879 4056  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:11:49.0879 4056  volmgr - ok
10:11:49.0926 4056  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:11:49.0926 4056  volmgrx - ok
10:11:49.0942 4056  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:11:49.0942 4056  volsnap - ok
10:11:49.0973 4056  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:11:49.0973 4056  vsmraid - ok
10:11:50.0082 4056  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:11:50.0098 4056  VSS - ok
10:11:50.0113 4056  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
10:11:50.0113 4056  vwifibus - ok
10:11:50.0113 4056  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:11:50.0113 4056  vwififlt - ok
10:11:50.0191 4056  [ C366AE91D2CC2C1C25380061D235C36B ] VX3000          C:\Windows\system32\DRIVERS\VX3000.sys
10:11:50.0207 4056  VX3000 - ok
10:11:50.0222 4056  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:11:50.0238 4056  W32Time - ok
10:11:50.0269 4056  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:11:50.0269 4056  WacomPen - ok
10:11:50.0316 4056  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:11:50.0316 4056  WANARP - ok
10:11:50.0332 4056  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:11:50.0332 4056  Wanarpv6 - ok
10:11:50.0410 4056  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:11:50.0441 4056  wbengine - ok
10:11:50.0472 4056  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:11:50.0472 4056  WbioSrvc - ok
10:11:50.0503 4056  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:11:50.0519 4056  wcncsvc - ok
10:11:50.0534 4056  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:11:50.0534 4056  WcsPlugInService - ok
10:11:50.0550 4056  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:11:50.0566 4056  Wd - ok
10:11:50.0597 4056  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:11:50.0612 4056  Wdf01000 - ok
10:11:50.0628 4056  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:11:50.0644 4056  WdiServiceHost - ok
10:11:50.0644 4056  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:11:50.0644 4056  WdiSystemHost - ok
10:11:50.0675 4056  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:11:50.0690 4056  WebClient - ok
10:11:50.0722 4056  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:11:50.0722 4056  Wecsvc - ok
10:11:50.0753 4056  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:11:50.0753 4056  wercplsupport - ok
10:11:50.0768 4056  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:11:50.0768 4056  WerSvc - ok
10:11:50.0784 4056  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:11:50.0784 4056  WfpLwf - ok
10:11:50.0815 4056  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:11:50.0815 4056  WIMMount - ok
10:11:50.0831 4056  WinDefend - ok
10:11:50.0831 4056  WinHttpAutoProxySvc - ok
10:11:50.0878 4056  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:11:50.0878 4056  Winmgmt - ok
10:11:50.0940 4056  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:11:50.0956 4056  WinRM - ok
10:11:51.0002 4056  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:11:51.0002 4056  WinUsb - ok
10:11:51.0065 4056  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:11:51.0080 4056  Wlansvc - ok
10:11:51.0112 4056  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:11:51.0112 4056  WmiAcpi - ok
10:11:51.0143 4056  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:11:51.0143 4056  wmiApSrv - ok
10:11:51.0174 4056  WMPNetworkSvc - ok
10:11:51.0236 4056  [ 6BF703695177639B50BC89B83371FCE7 ] WN111v2         C:\Windows\system32\DRIVERS\WN111v2w7x.sys
10:11:51.0236 4056  WN111v2 - ok
10:11:51.0268 4056  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:11:51.0268 4056  WPCSvc - ok
10:11:51.0314 4056  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:11:51.0314 4056  WPDBusEnum - ok
10:11:51.0377 4056  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:11:51.0377 4056  ws2ifsl - ok
10:11:51.0424 4056  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:11:51.0424 4056  wscsvc - ok
10:11:51.0424 4056  WSearch - ok
10:11:51.0626 4056  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:11:51.0673 4056  wuauserv - ok
10:11:51.0720 4056  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:11:51.0720 4056  WudfPf - ok
10:11:51.0751 4056  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:11:51.0751 4056  WUDFRd - ok
10:11:51.0798 4056  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:11:51.0814 4056  wudfsvc - ok
10:11:51.0845 4056  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:11:51.0845 4056  WwanSvc - ok
10:11:51.0860 4056  ================ Scan global ===============================
10:11:51.0876 4056  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:11:51.0907 4056  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:11:51.0923 4056  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:11:51.0938 4056  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:11:51.0970 4056  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:11:51.0970 4056  [Global] - ok
10:11:51.0970 4056  ================ Scan MBR ==================================
10:11:51.0985 4056  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:11:52.0094 4056  \Device\Harddisk0\DR0 - ok
10:11:52.0110 4056  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
10:11:52.0126 4056  \Device\Harddisk1\DR1 - ok
10:11:52.0126 4056  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
10:11:52.0126 4056  \Device\Harddisk4\DR4 - ok
10:11:52.0141 4056  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR6
10:11:52.0141 4056  \Device\Harddisk6\DR6 - ok
10:11:52.0141 4056  ================ Scan VBR ==================================
10:11:52.0141 4056  [ E44DB3DA21C99F995304EB4A0EEB61DC ] \Device\Harddisk0\DR0\Partition1
10:11:52.0141 4056  \Device\Harddisk0\DR0\Partition1 - ok
10:11:52.0157 4056  [ 31B0D0989DB49F9DC11FC938C6AA15ED ] \Device\Harddisk0\DR0\Partition2
10:11:52.0157 4056  \Device\Harddisk0\DR0\Partition2 - ok
10:11:52.0157 4056  [ 86637374016811CF201A81561FA9FB12 ] \Device\Harddisk1\DR1\Partition1
10:11:52.0157 4056  \Device\Harddisk1\DR1\Partition1 - ok
10:11:52.0157 4056  [ 182FE52D51176087C1000BDFC12325C8 ] \Device\Harddisk4\DR4\Partition1
10:11:52.0157 4056  \Device\Harddisk4\DR4\Partition1 - ok
10:11:52.0157 4056  [ 81E29BE3568D461B88614988F61A91F6 ] \Device\Harddisk6\DR6\Partition1
10:11:52.0157 4056  \Device\Harddisk6\DR6\Partition1 - ok
10:11:52.0157 4056  ============================================================
10:11:52.0157 4056  Scan finished
10:11:52.0157 4056  ============================================================
10:11:52.0172 0128  Detected object count: 0
10:11:52.0172 0128  Actual detected object count: 0
10:12:14.0265 4276  Deinitialize success
         
Gruß

Tobias
__________________

Alt 11.10.2012, 09:28   #4
Psychotic
/// Malwareteam
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 11.10.2012, 14:44   #5
TT262
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Danke für deine schnelle Antwort!

Anbei die ComboFix.txt:
Code:
ATTFilter
ComboFix 12-10-11.01 - Tobi 11.10.2012  10:53:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.12286.9732 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-11 bis 2012-10-11  ))))))))))))))))))))))))))))))
.
.
2012-10-11 08:58 . 2012-10-11 08:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-10 20:05 . 2012-08-20 15:33	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 19:58 . 2012-08-30 07:27	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2798AC56-00DA-4F47-8AA3-A06454611F34}\mpengine.dll
2012-09-25 18:09 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-20 07:25 . 2012-09-20 07:25	--------	d-----w-	c:\users\Tobi\AppData\Local\Nik Software
2012-09-20 07:25 . 2012-09-20 07:25	--------	d-----w-	c:\programdata\Nik Software
2012-09-20 07:25 . 2012-09-20 07:25	--------	d-----w-	c:\program files\Nik Software
2012-09-13 22:40 . 2012-09-13 22:40	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-13 22:39 . 2012-09-13 22:39	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-13 22:38 . 2012-09-13 22:37	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-13 22:38 . 2012-09-13 22:37	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-13 22:38 . 2012-09-13 22:37	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-13 22:37 . 2012-09-13 22:37	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-13 22:37 . 2012-09-13 22:37	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-13 22:37 . 2012-09-13 22:37	188904	----a-w-	c:\windows\system32\java.exe
2012-09-13 22:37 . 2012-09-13 22:37	--------	d-----w-	c:\program files\Java
2012-09-11 19:38 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-11 19:38 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 19:38 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-11 19:38 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-11 19:38 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:38 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-11 19:38 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 01:01 . 2011-12-30 13:42	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-09-13 22:39 . 2012-08-15 21:02	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 22:39 . 2011-12-29 14:55	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-13 22:09 . 2012-04-11 09:09	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-13 22:09 . 2011-12-25 03:41	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 21:18 . 2012-07-09 16:31	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-08-20 17:38 . 2012-10-10 20:06	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-07-28 04:09 . 2012-07-28 04:09	5538984	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07	10278912	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43	70144	----a-w-	c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19	24935424	----a-w-	c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50	20546560	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2011-09-08 17:34	931328	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2011-09-08 17:32	1100288	----a-w-	c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10	534528	----a-w-	c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2011-12-06 03:06	6430208	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2011-09-08 17:16	7052288	----a-w-	c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41	4266496	----a-w-	c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34	16034304	----a-w-	c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32	4751872	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30	13605888	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25	6676480	----a-w-	c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15	540160	----a-w-	c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	368640	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14	368640	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-09-08 16:52	129536	----a-w-	c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2011-12-06 02:11	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13	103936	----a-w-	c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13	83456	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47	65024	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46	16464896	----a-w-	c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46	13013504	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-07-18 18:15 . 2012-08-15 10:26	3148800	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
.
c:\users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-1 1748992]
NETGEAR WNDA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1736704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-05-10 136616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 DNIMp50a64;DNIMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50a64.sys [x]
R3 DNISp50a64;DNISp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50a64.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
R3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 129024]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 250568]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-19 283200]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-05-10 57472]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 ALSysIO;ALSysIO;c:\users\Tobi\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2010-04-27 783360]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 82755613
*NewlyCreated* - ALSYSIO
*NewlyCreated* - ASWMBR
*Deregistered* - 82755613
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\twpqihzq.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: network.proxy.http - 50.17.81.254
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNDA3100\jswtrayutil.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1672424288-703294569-2618543827-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0d,0c,f3,6c,29,6a,b0,fd,d8,cf,a8,82,ed,f7,46,33,1e,d2,51,29,5c,90,bb,
   75,83,67,04,c1,55,e3,3d,19,66,df,62,a3,ee,f5,ca,e2,55,f4,3a,ac,6c,b7,cf,23,\
"??"=hex:8a,11,f2,63,89,99,0f,2d,03,e1,58,2e,af,13,60,78
.
[HKEY_USERS\S-1-5-21-1672424288-703294569-2618543827-1000\Software\SecuROM\License information*]
"datasecu"=hex:4e,b4,7e,ce,a5,9a,40,84,6d,4e,2b,92,1c,39,64,72,48,8c,53,7e,fb,
   fa,90,f7,f2,21,72,27,e7,f1,39,7f,68,69,ee,04,92,6c,07,c6,89,23,b6,07,42,4f,\
"rkeysecu"=hex:ab,44,c7,05,e4,ae,8f,df,09,71,f6,df,a9,ef,a3,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-11  11:00:32
ComboFix-quarantined-files.txt  2012-10-11 09:00
.
Vor Suchlauf: 11 Verzeichnis(se), 21.468.246.016 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 22.793.994.240 Bytes frei
.
- - End Of File - - 6A7827FFE63F3C2F7C70B6534937ADEF
         


Alt 11.10.2012, 15:05   #6
Psychotic
/// Malwareteam
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Schritt 1: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
FOLDER::
C:\Users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}
C:\Users\Tobi\AppData\Roaming\Omvoi
C:\Users\Tobi\AppData\Roaming\Osfuu

ADS::
C:\Users\Tobi\AppData\Local\Temp

REGISTRY::
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
""="%SystemRoot%\system32\shell32.dll"
"ThreadingModel"="Apartment"

CLEARJAVACACHE::
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


Schritt 2: MBAM


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
--> Desktopsymbole lassen sich nicht mehr anordnen

Alt 11.10.2012, 15:30   #7
TT262
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



ComboFix:
Code:
ATTFilter
ComboFix 12-10-11.03 - Tobi 11.10.2012  16:18:34.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.12286.10094 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Tobi\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Temp: deleted 1161 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}
c:\users\Tobi\AppData\Local\{370a01ff-b7aa-5c3c-d79f-5fd9e21eb2db}\@
c:\users\Tobi\AppData\Roaming\Omvoi
c:\users\Tobi\AppData\Roaming\Osfuu
c:\users\Tobi\AppData\Roaming\Osfuu\resym.zik
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-11 bis 2012-10-11  ))))))))))))))))))))))))))))))
.
.
2012-10-11 14:21 . 2012-10-11 14:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-10 20:05 . 2012-08-20 15:33	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 19:58 . 2012-08-30 07:27	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2798AC56-00DA-4F47-8AA3-A06454611F34}\mpengine.dll
2012-09-25 18:09 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-20 07:25 . 2012-09-20 07:25	--------	d-----w-	c:\users\Tobi\AppData\Local\Nik Software
2012-09-20 07:25 . 2012-09-20 07:25	--------	d-----w-	c:\programdata\Nik Software
2012-09-20 07:25 . 2012-09-20 07:25	--------	d-----w-	c:\program files\Nik Software
2012-09-13 22:40 . 2012-09-13 22:40	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-13 22:39 . 2012-09-13 22:39	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-13 22:38 . 2012-09-13 22:37	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-13 22:38 . 2012-09-13 22:37	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-13 22:38 . 2012-09-13 22:37	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-13 22:37 . 2012-09-13 22:37	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-13 22:37 . 2012-09-13 22:37	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-13 22:37 . 2012-09-13 22:37	188904	----a-w-	c:\windows\system32\java.exe
2012-09-13 22:37 . 2012-09-13 22:37	--------	d-----w-	c:\program files\Java
2012-09-11 19:38 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-11 19:38 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 19:38 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-11 19:38 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-11 19:38 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:38 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-11 19:38 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 01:01 . 2011-12-30 13:42	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-09-13 22:39 . 2012-08-15 21:02	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 22:39 . 2011-12-29 14:55	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-13 22:09 . 2012-04-11 09:09	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-13 22:09 . 2011-12-25 03:41	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 21:18 . 2012-07-09 16:31	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-08-20 17:38 . 2012-10-10 20:06	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-07-28 04:09 . 2012-07-28 04:09	5538984	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07	10278912	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43	70144	----a-w-	c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19	24935424	----a-w-	c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50	20546560	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2011-09-08 17:34	931328	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2011-09-08 17:32	1100288	----a-w-	c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10	534528	----a-w-	c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2011-12-06 03:06	6430208	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2011-09-08 17:16	7052288	----a-w-	c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41	4266496	----a-w-	c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34	16034304	----a-w-	c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32	4751872	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30	13605888	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25	6676480	----a-w-	c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15	540160	----a-w-	c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	368640	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14	368640	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-09-08 16:52	129536	----a-w-	c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2011-12-06 02:11	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13	103936	----a-w-	c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13	83456	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47	65024	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46	16464896	----a-w-	c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46	13013504	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-07-18 18:15 . 2012-08-15 10:26	3148800	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
.
c:\users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-1 1748992]
NETGEAR WNDA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1736704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-05-10 136616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 DNIMp50a64;DNIMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50a64.sys [x]
R3 DNISp50a64;DNISp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50a64.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
R3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 129024]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 250568]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-19 283200]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-05-10 57472]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 ALSysIO;ALSysIO;c:\users\Tobi\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2010-04-27 783360]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 82755613
*NewlyCreated* - ALSYSIO
*NewlyCreated* - ASWMBR
*Deregistered* - 82755613
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\twpqihzq.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: network.proxy.http - 50.17.81.254
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1672424288-703294569-2618543827-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0d,0c,f3,6c,29,6a,b0,fd,d8,cf,a8,82,ed,f7,46,33,1e,d2,51,29,5c,90,bb,
   75,83,67,04,c1,55,e3,3d,19,66,df,62,a3,ee,f5,ca,e2,55,f4,3a,ac,6c,b7,cf,23,\
"??"=hex:8a,11,f2,63,89,99,0f,2d,03,e1,58,2e,af,13,60,78
.
[HKEY_USERS\S-1-5-21-1672424288-703294569-2618543827-1000\Software\SecuROM\License information*]
"datasecu"=hex:4e,b4,7e,ce,a5,9a,40,84,6d,4e,2b,92,1c,39,64,72,48,8c,53,7e,fb,
   fa,90,f7,f2,21,72,27,e7,f1,39,7f,68,69,ee,04,92,6c,07,c6,89,23,b6,07,42,4f,\
"rkeysecu"=hex:ab,44,c7,05,e4,ae,8f,df,09,71,f6,df,a9,ef,a3,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-11  16:22:39
ComboFix-quarantined-files.txt  2012-10-11 14:22
ComboFix2.txt  2012-10-11 09:00
.
Vor Suchlauf: 14 Verzeichnis(se), 22.774.992.896 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 22.709.829.632 Bytes frei
.
- - End Of File - - 8753950032070A5B184CFF6E2764BFCD
         
Malewarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.11.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tobi :: TOBI-PC [Administrator]

11.10.2012 16:25:45
mbam-log-2012-10-11 (16-25-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203675
Laufzeit: 4 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Tobi\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Ich habe jetzt wie Malewarebytes empfolen hat einen Neustart gemacht.
Die Icons sind da wo sie vor dem Neustart auch waren.
so wie es sein soll! - suuuper!

Alt 12.10.2012, 06:24   #8
Psychotic
/// Malwareteam
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Zitat:
network.proxy.http - 50.17.81.254
Hast du diesen Proxy in Firefox selbst eingerichtet?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 12.10.2012, 08:51   #9
TT262
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Vielen Dank für deien Hilfe!

Nein,
ich benutze ab und an das Addon "anonymox" bzw "stealthy" - kann das damit etwas zutun haben?

Alt 12.10.2012, 09:12   #10
Psychotic
/// Malwareteam
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Ja, kann es!

Sieht ganz gut aus - kontrollieren wir alles nochmal!


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 14.10.2012, 17:55   #11
TT262
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Alles klar

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.12.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tobi :: TOBI-PC [Administrator]

12.10.2012 20:48:40
mbam-log-2012-10-12 (20-48-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 667188
Laufzeit: 2 Stunde(n), 49 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ich denke das sieht gut aus?!

ESET.txt:
Code:
ATTFilter
C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\twpqihzq.default\user.js	JS/SecurityDisabler.A.Gen application
E:\TOBI-PC\Backup Set 2012-02-07 194251\Backup Files 2012-02-07 194251\Backup files 12.zip	a variant of Win32/SweetIM.B application
F:\Software\NIK-SOFTWARE-SILVER-EFEX- PRO-V2.0.0.0\SilverEfexPro2-pl-ver2.000all.exe	NSIS/TrojanDownloader.Agent.NKF trojan
         

Alt 15.10.2012, 07:03   #12
Psychotic
/// Malwareteam
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Fix mit OTL


  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:files
C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\twpqihzq.default\user.js
E:\TOBI-PC\Backup Set 2012-02-07 194251\Backup Files 2012-02-07 194251\Backup files 12.zip
F:\Software\NIK-SOFTWARE-SILVER-EFEX- PRO-V2.0.0.0\SilverEfexPro2-pl-ver2.000all.exe	         
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Ansonsten sind wir durch!



Schritt 1: Mozilla Firefox update

Dein Firefox-Browser ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
  • Lade dir den aktuellen Firefox von hier herunter.
  • Starte das Setup und folge den Anweisungen auf dem Bildschirm.
  • Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
  • Entferne alle älteren Firefox-Versionen.
  • Melde dich umgehend, falls Schwierigkeiten auftreten.




Schritt 2: VLC-Player update


Dein VLC-Player ist veraltet. Um ihn zu aktualisieren, gehe bitte wie folgt vor:
  • Lade dir den aktuellen Player von hier herunter.
  • Starte das Setup und folge den Anweisungen auf dem Bildschrim. Setup wird die alte Version des Players erkennen und dich fragen, ob vor der Installation die alte Version entfernt werden soll. Bestätige dies mit Ja.
  • Nachdem die alte Version des Programms entfernt wurde, startet die Neuinstallation. Belasse alles bei den vorgegebenen Werten - es sei denn, du willst daran etwas ändern (z.B. die Dateizuordnung o.ä.).
  • Melde dich umgehend, falls Schwierigkeiten auftreten.




Schritt 3: Mozilla Thunderbird update


Dein Thunderbird-Mailclient ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
  • Lade dir den aktuellen Thunderbird von hier herunter.
  • Starte das Setup und folge den Anweisungen auf dem Bildschirm.
  • Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
  • Entferne alle älteren Thunderbird-Versionen.
  • Melde dich umgehend, falls Schwierigkeiten auftreten.



Defogger re-enable

Starte bitte den Defogger und klicke den re-enable Button



ComboFix

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.



OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.



ComboFix

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.



Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.
Antviren-Software
  • Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
    Eine Auswahl kostenloser Antivirenprogramme:
Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.
Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.
Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 15.10.2012, 23:32   #13
TT262
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Hallo Marius,
vielen vielen Dank für deine Hilfe.
Der Rechner läuft wieder so wie er soll.

Jetzt habe ich deine ganze Liste abgearbeitet und dabei festgestellt das er beim "bereinigen" auch die txt-Datei von OTL gelöscht hat.
Hoffe das ist nicht dramatisch? -> Die damals gefunden Daten sind jedenfalls nicht mehr zu finden.

Alt 16.10.2012, 07:11   #14
Psychotic
/// Malwareteam
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Das ist alles okay so!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 17.10.2012, 07:51   #15
Psychotic
/// Malwareteam
 
Desktopsymbole lassen sich nicht mehr anordnen - Standard

Desktopsymbole lassen sich nicht mehr anordnen



Schön, dass wir helfen konnten!


Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Desktopsymbole lassen sich nicht mehr anordnen
adobe after effects, adobe flashplayer, antivir, autorun, avira, bho, converter, error, firefox, flash player, format, ftp, home, hängen, install.exe, internet, logfile, mozilla, msvcrt, netgear, officejet, plug-in, problem, realtek, registry, required, rundll, scan, security, software, svchost.exe, trojaner-board, usb 3.0, windows




Ähnliche Themen: Desktopsymbole lassen sich nicht mehr anordnen


  1. JPG lassen sich nicht mehr öffnen
    Plagegeister aller Art und deren Bekämpfung - 26.12.2015 (10)
  2. Programme lassen sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 17.04.2015 (11)
  3. Avira Antivir lässt sich nicht mehr installieren/ Programme lassen sich nicht öffnen
    Antiviren-, Firewall- und andere Schutzprogramme - 23.03.2015 (10)
  4. Virenprogramme lassen sich nicht mehr installieren
    Log-Analyse und Auswertung - 06.11.2012 (7)
  5. Virenprogramme lassen sich nicht mehr starten
    Antiviren-, Firewall- und andere Schutzprogramme - 18.09.2012 (3)
  6. Desktop Symbole lassen sich nicht mehr anordnen [WIN7 PRO 64bit]
    Alles rund um Windows - 12.07.2012 (5)
  7. RAR Datein lassen sich nicht mehr entpacken
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (1)
  8. exe Dateien lassen sich nicht mehr öffnen
    Log-Analyse und Auswertung - 20.01.2012 (0)
  9. Programme lassen sich nicht mehr öffnen -> löschen sich bei Öffnungsversuch
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (29)
  10. Ordner auf Externer WD HDMI Festplatte lassen sich nicht mehr öffnen, PC hängt sich auf
    Netzwerk und Hardware - 17.11.2011 (14)
  11. Fenster verkleinern/verstecken sich, lassen sich nicht mehr öffnen
    Plagegeister aller Art und deren Bekämpfung - 28.12.2010 (2)
  12. Antiverenprogramme lassen sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 30.12.2009 (7)
  13. Norton/Firewall schalten sich regelmässig ab und lassen sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 24.11.2009 (3)
  14. ie und firefox lassen sich nicht mehr öffnen
    Log-Analyse und Auswertung - 05.09.2009 (1)
  15. Einstellungen lassen sich nciht mehr ändern, div. webseiten lassen sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 23.02.2009 (82)
  16. Dateien lassen sich nicht mehr löschen
    Mülltonne - 30.11.2007 (1)
  17. Emails lassen sich nicht mehr abrufen / Google nicht erreichbar
    Plagegeister aller Art und deren Bekämpfung - 15.12.2004 (11)

Zum Thema Desktopsymbole lassen sich nicht mehr anordnen - Hallo Trojaner-Board, ich habe seit einigen Wochen das Problem, dass sich meine Desktopsymbole nach jedem Herunterfahren neu am Raster anordnen - das macht eine Ordnung auf dem Desktop unmöglich. Zudem - Desktopsymbole lassen sich nicht mehr anordnen...
Archiv
Du betrachtest: Desktopsymbole lassen sich nicht mehr anordnen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.