Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.11.2012, 15:06   #1
netnocheiner
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Hallo.
Vor ein paar Tagen wurde mein Bildschirm auf einmal schwarz. Nach kurzer Zeit kam wieder ein Bild, doch die Auflösung war sehr niedrig und es hat nichts wirklich funktioniert. Danach wurde es nochmal sehr kurz schwarz und mein normaler Desktop war zu sehen, in normaler Auflösung mit verrückten/verschwundenen(?) Icons.
Ich glaube es war gestern, oder vorgestern, als sich die Firewall meldete und ein spanisches Freeware-Programm(?) meldete. Hab natürlich keine Freigabe erteilt und den Prozesss(woher kam das Teil?!) beendet.
Hab dann mal Malwarebytes drüber laufen gelassen(1. Bericht) und alles gelöscht (jaja, sorry, aber ich glaub es waren nur false-positives. Eins davon war mit dem TDSS Killer quarantäniert worden *g*).

Dachte wäre soweit alles gut, bis gestern dann im MSN beim einmaligen Drücken vom ^Knopf sofort zwei(^^) kamen.(Ich weiß normalerweise einmal ^drücken und Leertaste damit es erscheint, so wie jetzt, aber es kamen sofort zwei Stück und NUR in msn).
Bin dann mal auf Start-Programme, und siehe da "3D Vision aktivieren". Neugierig draufgeklickt und stellte sich als NVIDIA Applikation heraus... trotz NVIDIA GraKa sehr mysteriös, denn ich habe sowas nie wissentlich runtergeladen.

Wegen dem ^-Problem habe ich mal Google bemüht und da kam auch der Verdacht, dass Viren/Spyware dafür verantwortlich sein könnte.

1. Bericht:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.18.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Max :: MAX-PC [Administrator]

18.11.2012 15:59:56
mbam-log-2012-11-18 (15-59-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 388732
Laufzeit: 55 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Max\LOCALS~1\Temp\msvkqkzoc.pif -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\TDSSKiller_Quarantine\11.08.2012_21.21.53\susp0000\svc0000\tsk0000.dta (Rootkit.Necurs.64) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
2. Bericht:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Max :: MAX-PC [Administrator]

19.11.2012 13:57:54
mbam-log-2012-11-19 (13-57-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 389024
Laufzeit: 53 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
EDIT:
Habe im Selbstversuch ein paar seltsame Prozesse beendet, die vielleicht für das ein oder andere Problem hätten verantwortlich sein können. Bei meinen Nachforschungen bin ich auch auf "winlogon.exe" gestoßen, welches sich nicht beenden ließ. Ob es jetzt ein Virus, ein normales Programm oder beides ist, weiß ich nicht zu sagen, aber bei Verweigerung werde ich immer stutzig.

Edit2:

Bei dem spanischen Programm gab die Firewall Folgendes an:
Name: Questo Programma è FreeWare
Herausgeber: Compagnia ? quale Compagnia?
Pfad: C:\users\max\appdata\roaming\owysne\voag.exe

Im Taskmanager - Prozess:
voag.exe

Taucht immer wieder auf und PC wird langsam...

Alt 20.11.2012, 18:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Code:
ATTFilter
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Max\LOCALS~1\Temp\msvkqkzoc.pif -> Löschen bei Neustart.
C:\TDSSKiller_Quarantine\11.08.2012_21.21.53\susp0000\svc0000\tsk0000.dta (Rootkit.Necurs.64) -> Erfolgreich gelöscht und in Quarantäne gestellt.
         
Das sind keine FalsePostitives oder hast du den Begriff "FalsePositive" falsch verstanden?
Das zweite ist zwar auch ein Schädlin, der aber nicht aktiviert ist und nur zu Backupzwecken noch in der Q vom TDSS-Killer liegt

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________

__________________

Alt 20.11.2012, 21:11   #3
netnocheiner
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Zitat:
Zitat von cosinus Beitrag anzeigen
Hallo und
Hi!
Kennen uns doch noch hiervon:
http://www.trojaner-board.de/121177-...tivierbar.html
Zitat:
Zitat von cosinus Beitrag anzeigen
Code:
ATTFilter
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Max\LOCALS~1\Temp\msvkqkzoc.pif -> Löschen bei Neustart.
C:\TDSSKiller_Quarantine\11.08.2012_21.21.53\susp0000\svc0000\tsk0000.dta (Rootkit.Necurs.64) -> Erfolgreich gelöscht und in Quarantäne gestellt.
         
Das sind keine FalsePostitives oder hast du den Begriff "FalsePositive" falsch verstanden?
Das zweite ist zwar auch ein Schädlin, der aber nicht aktiviert ist und nur zu Backupzwecken noch in der Q vom TDSS-Killer liegt
Naja, meinte lediglich damit, dass Malwarebytes zwar Malware anzeigt (ein positives Ergebnis), diese aber eben 'nur' Überbleibsel einer vorherigen Beseitigung sind. Vielleicht wäre 'false'postive angebrachter?

Zu den Logs:

aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-20 20:18:21
-----------------------------
20:18:21.678    OS Version: Windows x64 6.1.7601 Service Pack 1
20:18:21.678    Number of processors: 2 586 0x4302
20:18:21.678    ComputerName: MAX-PC  UserName: Max
20:18:23.491    Initialize success
20:49:08.915    AVAST engine defs: 12111901
20:49:50.978    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
20:49:50.994    Disk 0 Vendor: SAMSUNG_HD160JJ ZM100-37 Size: 152627MB BusType: 3
20:49:50.994    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-6
20:49:50.994    Disk 1 Vendor: ExcelStor_Technology_G280 ESACAL17 Size: 76293MB BusType: 3
20:49:51.025    Disk 0 MBR read successfully
20:49:51.025    Disk 0 MBR scan
20:49:51.041    Disk 0 Windows 7 default MBR code
20:49:51.041    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 63
20:49:51.087    Disk 0 scanning C:\Windows\system32\drivers
20:50:02.197    Service scanning
20:50:26.134    Modules scanning
20:50:26.134    Disk 0 trace - called modules:
20:50:26.150    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
20:50:26.150    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80023bc060]
20:50:26.150    3 CLASSPNP.SYS[fffff880019cf43f] -> nt!IofCallDriver -> [0xfffffa800228d520]
20:50:26.166    5 ACPI.sys[fffff88000f027a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8002292060]
20:50:26.728    AVAST engine scan C:\Windows
20:50:29.103    AVAST engine scan C:\Windows\system32
20:53:46.134    AVAST engine scan C:\Windows\system32\drivers
20:53:58.822    AVAST engine scan C:\Users\Max
20:58:13.900    AVAST engine scan C:\ProgramData
20:59:03.384    Scan finished successfully
20:59:35.275    Disk 0 MBR has been saved successfully to "C:\Users\Max\Desktop\MBR.dat"
20:59:35.291    The log file has been saved successfully to "C:\Users\Max\Desktop\aswMBR.txt"
         
TDSSKiller:
Code:
ATTFilter
21:01:54.0520 3684  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:01:54.0536 3684  ============================================================
21:01:54.0536 3684  Current date / time: 2012/11/20 21:01:54.0536
21:01:54.0536 3684  SystemInfo:
21:01:54.0536 3684  
21:01:54.0536 3684  OS Version: 6.1.7601 ServicePack: 1.0
21:01:54.0536 3684  Product type: Workstation
21:01:54.0536 3684  ComputerName: MAX-PC
21:01:54.0536 3684  UserName: Max
21:01:54.0536 3684  Windows directory: C:\Windows
21:01:54.0536 3684  System windows directory: C:\Windows
21:01:54.0536 3684  Running under WOW64
21:01:54.0536 3684  Processor architecture: Intel x64
21:01:54.0536 3684  Number of processors: 2
21:01:54.0536 3684  Page size: 0x1000
21:01:54.0536 3684  Boot type: Normal boot
21:01:54.0536 3684  ============================================================
21:01:55.0864 3684  Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:01:55.0879 3684  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:01:55.0879 3684  ============================================================
21:01:55.0879 3684  \Device\Harddisk1\DR1:
21:01:55.0879 3684  MBR partitions:
21:01:55.0879 3684  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x9501800
21:01:55.0879 3684  \Device\Harddisk0\DR0:
21:01:55.0879 3684  MBR partitions:
21:01:55.0879 3684  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
21:01:55.0879 3684  ============================================================
21:01:55.0911 3684  C: <-> \Device\Harddisk0\DR0\Partition1
21:01:55.0958 3684  D: <-> \Device\Harddisk1\DR1\Partition1
21:01:55.0989 3684  ============================================================
21:01:55.0989 3684  Initialize success
21:01:55.0989 3684  ============================================================
21:02:06.0145 2608  ============================================================
21:02:06.0145 2608  Scan started
21:02:06.0145 2608  Mode: Manual; SigCheck; TDLFS; 
21:02:06.0145 2608  ============================================================
21:02:07.0489 2608  ================ Scan system memory ========================
21:02:07.0489 2608  System memory - ok
21:02:07.0489 2608  ================ Scan services =============================
21:02:07.0676 2608  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:02:07.0911 2608  1394ohci - ok
21:02:07.0973 2608  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:02:07.0989 2608  ACPI - ok
21:02:08.0051 2608  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:02:08.0145 2608  AcpiPmi - ok
21:02:08.0301 2608  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
21:02:08.0458 2608  acsock - ok
21:02:08.0598 2608  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:02:08.0614 2608  AdobeARMservice - ok
21:02:08.0754 2608  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:02:08.0770 2608  AdobeFlashPlayerUpdateSvc - ok
21:02:08.0817 2608  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:02:08.0833 2608  adp94xx - ok
21:02:08.0864 2608  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:02:08.0879 2608  adpahci - ok
21:02:08.0895 2608  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:02:08.0911 2608  adpu320 - ok
21:02:08.0958 2608  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:02:09.0098 2608  AeLookupSvc - ok
21:02:09.0176 2608  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:02:09.0270 2608  AFD - ok
21:02:09.0317 2608  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:02:09.0333 2608  agp440 - ok
21:02:09.0348 2608  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:02:09.0411 2608  ALG - ok
21:02:09.0426 2608  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:02:09.0442 2608  aliide - ok
21:02:09.0473 2608  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:02:09.0489 2608  amdide - ok
21:02:09.0536 2608  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:02:09.0598 2608  AmdK8 - ok
21:02:09.0598 2608  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:02:09.0661 2608  AmdPPM - ok
21:02:09.0692 2608  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:02:09.0708 2608  amdsata - ok
21:02:09.0739 2608  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:02:09.0754 2608  amdsbs - ok
21:02:09.0770 2608  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:02:09.0770 2608  amdxata - ok
21:02:09.0864 2608  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:02:09.0911 2608  AntiVirSchedulerService - ok
21:02:09.0973 2608  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:02:09.0989 2608  AntiVirService - ok
21:02:10.0020 2608  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:02:10.0176 2608  AppID - ok
21:02:10.0208 2608  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:02:10.0286 2608  AppIDSvc - ok
21:02:10.0317 2608  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:02:10.0379 2608  Appinfo - ok
21:02:10.0442 2608  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:02:10.0458 2608  arc - ok
21:02:10.0473 2608  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:02:10.0473 2608  arcsas - ok
21:02:10.0520 2608  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:02:10.0583 2608  AsyncMac - ok
21:02:10.0614 2608  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:02:10.0629 2608  atapi - ok
21:02:10.0692 2608  [ 64F07381335E37C142F6D176705FFCA6 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
21:02:10.0723 2608  atksgt - ok
21:02:10.0786 2608  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:02:10.0864 2608  AudioEndpointBuilder - ok
21:02:10.0879 2608  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:02:10.0911 2608  AudioSrv - ok
21:02:10.0942 2608  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:02:10.0958 2608  avgntflt - ok
21:02:11.0036 2608  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:02:11.0051 2608  avipbb - ok
21:02:11.0083 2608  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:02:11.0083 2608  avkmgr - ok
21:02:11.0129 2608  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:02:11.0223 2608  AxInstSV - ok
21:02:11.0254 2608  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:02:11.0317 2608  b06bdrv - ok
21:02:11.0364 2608  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:02:11.0458 2608  b57nd60a - ok
21:02:11.0504 2608  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:02:11.0567 2608  BDESVC - ok
21:02:11.0598 2608  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:02:11.0708 2608  Beep - ok
21:02:11.0770 2608  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:02:11.0817 2608  BFE - ok
21:02:11.0879 2608  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
21:02:11.0958 2608  BITS - ok
21:02:11.0989 2608  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:02:12.0036 2608  blbdrive - ok
21:02:12.0083 2608  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:02:12.0114 2608  bowser - ok
21:02:12.0129 2608  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:02:12.0208 2608  BrFiltLo - ok
21:02:12.0223 2608  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:02:12.0239 2608  BrFiltUp - ok
21:02:12.0286 2608  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:02:12.0333 2608  BridgeMP - ok
21:02:12.0364 2608  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:02:12.0395 2608  Browser - ok
21:02:12.0411 2608  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:02:12.0489 2608  Brserid - ok
21:02:12.0504 2608  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:02:12.0551 2608  BrSerWdm - ok
21:02:12.0551 2608  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:02:12.0614 2608  BrUsbMdm - ok
21:02:12.0614 2608  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:02:12.0645 2608  BrUsbSer - ok
21:02:12.0723 2608  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
21:02:13.0036 2608  BthEnum - ok
21:02:13.0067 2608  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:02:13.0098 2608  BTHMODEM - ok
21:02:13.0192 2608  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:02:13.0223 2608  BthPan - ok
21:02:13.0286 2608  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:02:13.0348 2608  BTHPORT - ok
21:02:13.0395 2608  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:02:13.0442 2608  bthserv - ok
21:02:13.0583 2608  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:02:13.0614 2608  BTHUSB - ok
21:02:13.0645 2608  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:02:13.0708 2608  cdfs - ok
21:02:13.0770 2608  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:02:13.0817 2608  cdrom - ok
21:02:13.0848 2608  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:02:13.0895 2608  CertPropSvc - ok
21:02:13.0942 2608  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:02:13.0958 2608  circlass - ok
21:02:13.0989 2608  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:02:14.0004 2608  CLFS - ok
21:02:14.0083 2608  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:02:14.0098 2608  clr_optimization_v2.0.50727_32 - ok
21:02:14.0161 2608  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:02:14.0176 2608  clr_optimization_v2.0.50727_64 - ok
21:02:14.0254 2608  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:02:14.0301 2608  clr_optimization_v4.0.30319_32 - ok
21:02:14.0333 2608  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:02:14.0348 2608  clr_optimization_v4.0.30319_64 - ok
21:02:14.0364 2608  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:02:14.0395 2608  CmBatt - ok
21:02:14.0426 2608  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:02:14.0442 2608  cmdide - ok
21:02:14.0504 2608  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:02:14.0598 2608  CNG - ok
21:02:14.0614 2608  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:02:14.0629 2608  Compbatt - ok
21:02:14.0676 2608  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:02:14.0708 2608  CompositeBus - ok
21:02:14.0708 2608  COMSysApp - ok
21:02:14.0739 2608  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:02:14.0754 2608  crcdisk - ok
21:02:14.0801 2608  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:02:14.0864 2608  CryptSvc - ok
21:02:14.0911 2608  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:02:14.0973 2608  DcomLaunch - ok
21:02:15.0020 2608  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:02:15.0083 2608  defragsvc - ok
21:02:15.0161 2608  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:02:15.0208 2608  DfsC - ok
21:02:15.0254 2608  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:02:15.0317 2608  Dhcp - ok
21:02:15.0348 2608  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:02:15.0395 2608  discache - ok
21:02:15.0426 2608  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:02:15.0442 2608  Disk - ok
21:02:15.0458 2608  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:02:15.0520 2608  Dnscache - ok
21:02:15.0567 2608  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:02:15.0629 2608  dot3svc - ok
21:02:15.0661 2608  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:02:15.0723 2608  DPS - ok
21:02:15.0754 2608  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:02:15.0801 2608  drmkaud - ok
21:02:15.0895 2608  [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:02:15.0911 2608  dtsoftbus01 - ok
21:02:15.0973 2608  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:02:16.0020 2608  DXGKrnl - ok
21:02:16.0051 2608  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:02:16.0098 2608  EapHost - ok
21:02:16.0223 2608  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:02:16.0364 2608  ebdrv - ok
21:02:16.0411 2608  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:02:16.0473 2608  EFS - ok
21:02:16.0654 2608  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:02:16.0857 2608  ehRecvr - ok
21:02:16.0880 2608  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:02:16.0904 2608  ehSched - ok
21:02:16.0943 2608  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:02:16.0966 2608  elxstor - ok
21:02:17.0013 2608  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:02:17.0060 2608  ErrDev - ok
21:02:17.0216 2608  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:02:17.0357 2608  EventSystem - ok
21:02:17.0388 2608  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:02:17.0451 2608  exfat - ok
21:02:17.0513 2608  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:02:17.0591 2608  fastfat - ok
21:02:17.0638 2608  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:02:17.0733 2608  Fax - ok
21:02:17.0749 2608  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:02:17.0772 2608  fdc - ok
21:02:17.0803 2608  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:02:17.0858 2608  fdPHost - ok
21:02:17.0881 2608  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:02:17.0936 2608  FDResPub - ok
21:02:17.0975 2608  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:02:17.0983 2608  FileInfo - ok
21:02:17.0991 2608  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:02:18.0053 2608  Filetrace - ok
21:02:18.0092 2608  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:02:18.0124 2608  flpydisk - ok
21:02:18.0163 2608  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:02:18.0186 2608  FltMgr - ok
21:02:18.0249 2608  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:02:18.0327 2608  FontCache - ok
21:02:18.0405 2608  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:02:18.0405 2608  FontCache3.0.0.0 - ok
21:02:18.0436 2608  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:02:18.0452 2608  FsDepends - ok
21:02:18.0499 2608  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:02:18.0545 2608  Fs_Rec - ok
21:02:18.0639 2608  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:02:18.0686 2608  fvevol - ok
21:02:18.0764 2608  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:02:18.0795 2608  gagp30kx - ok
21:02:18.0905 2608  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:02:19.0108 2608  gpsvc - ok
21:02:19.0202 2608  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:02:19.0311 2608  hcw85cir - ok
21:02:19.0483 2608  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:02:19.0545 2608  HdAudAddService - ok
21:02:19.0608 2608  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:02:19.0655 2608  HDAudBus - ok
21:02:19.0686 2608  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:02:19.0702 2608  HidBatt - ok
21:02:19.0733 2608  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:02:19.0749 2608  HidBth - ok
21:02:19.0764 2608  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:02:19.0795 2608  HidIr - ok
21:02:19.0827 2608  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
21:02:19.0936 2608  hidserv - ok
21:02:19.0983 2608  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:02:20.0077 2608  HidUsb - ok
21:02:20.0139 2608  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:02:20.0202 2608  hkmsvc - ok
21:02:20.0233 2608  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:02:20.0295 2608  HomeGroupListener - ok
21:02:20.0342 2608  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:02:20.0374 2608  HomeGroupProvider - ok
21:02:20.0420 2608  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:02:20.0420 2608  HpSAMD - ok
21:02:20.0499 2608  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:02:20.0561 2608  HTTP - ok
21:02:20.0592 2608  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:02:20.0592 2608  hwpolicy - ok
21:02:20.0639 2608  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:02:20.0655 2608  i8042prt - ok
21:02:20.0702 2608  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:02:20.0733 2608  iaStorV - ok
21:02:20.0780 2608  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:02:20.0811 2608  idsvc - ok
21:02:20.0827 2608  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:02:20.0842 2608  iirsp - ok
21:02:20.0874 2608  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:02:20.0936 2608  IKEEXT - ok
21:02:20.0967 2608  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:02:20.0983 2608  intelide - ok
21:02:20.0999 2608  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:02:21.0014 2608  intelppm - ok
21:02:21.0061 2608  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:02:21.0108 2608  IPBusEnum - ok
21:02:21.0155 2608  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:02:21.0202 2608  IpFilterDriver - ok
21:02:21.0249 2608  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:02:21.0311 2608  iphlpsvc - ok
21:02:21.0358 2608  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:02:21.0374 2608  IPMIDRV - ok
21:02:21.0389 2608  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:02:21.0420 2608  IPNAT - ok
21:02:21.0436 2608  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:02:21.0499 2608  IRENUM - ok
21:02:21.0514 2608  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:02:21.0530 2608  isapnp - ok
21:02:21.0577 2608  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:02:21.0592 2608  iScsiPrt - ok
21:02:21.0795 2608  [ 78D233D835A8876035AC559AFE02B940 ] jswpsapi        C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe
21:02:21.0842 2608  jswpsapi ( UnsignedFile.Multi.Generic ) - warning
21:02:21.0842 2608  jswpsapi - detected UnsignedFile.Multi.Generic (1)
21:02:21.0905 2608  [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF        C:\Windows\system32\DRIVERS\jswpslwfx.sys
21:02:21.0952 2608  JSWPSLWF - ok
21:02:21.0983 2608  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:02:21.0999 2608  kbdclass - ok
21:02:22.0030 2608  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:02:22.0077 2608  kbdhid - ok
21:02:22.0092 2608  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:02:22.0108 2608  KeyIso - ok
21:02:22.0155 2608  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:02:22.0155 2608  KSecDD - ok
21:02:22.0217 2608  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:02:22.0233 2608  KSecPkg - ok
21:02:22.0280 2608  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:02:22.0327 2608  ksthunk - ok
21:02:22.0374 2608  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:02:22.0436 2608  KtmRm - ok
21:02:22.0467 2608  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:02:22.0530 2608  LanmanServer - ok
21:02:22.0577 2608  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:02:22.0624 2608  LanmanWorkstation - ok
21:02:22.0655 2608  [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
21:02:22.0670 2608  lirsgt - ok
21:02:22.0686 2608  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:02:22.0749 2608  lltdio - ok
21:02:22.0795 2608  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:02:22.0842 2608  lltdsvc - ok
21:02:22.0858 2608  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:02:22.0889 2608  lmhosts - ok
21:02:22.0905 2608  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:02:22.0920 2608  LSI_FC - ok
21:02:22.0952 2608  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:02:22.0952 2608  LSI_SAS - ok
21:02:22.0967 2608  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:02:22.0983 2608  LSI_SAS2 - ok
21:02:22.0999 2608  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:02:23.0014 2608  LSI_SCSI - ok
21:02:23.0030 2608  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:02:23.0092 2608  luafv - ok
21:02:23.0124 2608  [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam         C:\Windows\system32\DRIVERS\ManyCam_x64.sys
21:02:23.0139 2608  ManyCam - ok
21:02:23.0202 2608  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:02:23.0249 2608  Mcx2Svc - ok
21:02:23.0264 2608  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:02:23.0280 2608  megasas - ok
21:02:23.0295 2608  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:02:23.0311 2608  MegaSR - ok
21:02:23.0342 2608  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:02:23.0405 2608  MMCSS - ok
21:02:23.0436 2608  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:02:23.0483 2608  Modem - ok
21:02:23.0514 2608  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:02:23.0545 2608  monitor - ok
21:02:23.0577 2608  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:02:23.0592 2608  mouclass - ok
21:02:23.0608 2608  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:02:23.0639 2608  mouhid - ok
21:02:23.0686 2608  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:02:23.0686 2608  mountmgr - ok
21:02:23.0764 2608  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:02:23.0780 2608  MozillaMaintenance - ok
21:02:23.0811 2608  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:02:23.0827 2608  mpio - ok
21:02:23.0842 2608  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:02:23.0905 2608  mpsdrv - ok
21:02:23.0952 2608  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:02:24.0030 2608  MpsSvc - ok
21:02:24.0061 2608  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:02:24.0108 2608  MRxDAV - ok
21:02:24.0139 2608  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:02:24.0186 2608  mrxsmb - ok
21:02:24.0311 2608  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:02:24.0452 2608  mrxsmb10 - ok
21:02:24.0530 2608  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:02:24.0545 2608  mrxsmb20 - ok
21:02:24.0561 2608  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:02:24.0577 2608  msahci - ok
21:02:24.0624 2608  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:02:24.0639 2608  msdsm - ok
21:02:24.0655 2608  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:02:24.0702 2608  MSDTC - ok
21:02:24.0749 2608  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:02:24.0780 2608  Msfs - ok
21:02:24.0795 2608  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:02:24.0842 2608  mshidkmdf - ok
21:02:24.0905 2608  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:02:24.0920 2608  msisadrv - ok
21:02:24.0952 2608  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:02:24.0999 2608  MSiSCSI - ok
21:02:25.0014 2608  msiserver - ok
21:02:25.0030 2608  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:02:25.0092 2608  MSKSSRV - ok
21:02:25.0124 2608  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:02:25.0170 2608  MSPCLOCK - ok
21:02:25.0202 2608  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:02:25.0264 2608  MSPQM - ok
21:02:25.0311 2608  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:02:25.0327 2608  MsRPC - ok
21:02:25.0358 2608  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:02:25.0374 2608  mssmbios - ok
21:02:25.0389 2608  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:02:25.0452 2608  MSTEE - ok
21:02:25.0467 2608  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:02:25.0499 2608  MTConfig - ok
21:02:25.0514 2608  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:02:25.0530 2608  Mup - ok
21:02:25.0592 2608  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:02:25.0655 2608  napagent - ok
21:02:25.0702 2608  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:02:25.0749 2608  NativeWifiP - ok
21:02:25.0795 2608  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:02:25.0842 2608  NDIS - ok
21:02:25.0858 2608  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:02:25.0905 2608  NdisCap - ok
21:02:25.0936 2608  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:02:25.0983 2608  NdisTapi - ok
21:02:26.0045 2608  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:02:26.0077 2608  Ndisuio - ok
21:02:26.0124 2608  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:02:26.0186 2608  NdisWan - ok
21:02:26.0249 2608  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:02:26.0311 2608  NDProxy - ok
21:02:26.0342 2608  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:02:26.0389 2608  NetBIOS - ok
21:02:26.0483 2608  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:02:26.0530 2608  NetBT - ok
21:02:26.0545 2608  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:02:26.0561 2608  Netlogon - ok
21:02:26.0592 2608  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:02:26.0655 2608  Netman - ok
21:02:26.0702 2608  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:02:26.0764 2608  netprofm - ok
21:02:26.0795 2608  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:02:26.0811 2608  NetTcpPortSharing - ok
21:02:26.0842 2608  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:02:26.0842 2608  nfrd960 - ok
21:02:26.0889 2608  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:02:26.0936 2608  NlaSvc - ok
21:02:26.0967 2608  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:02:26.0999 2608  Npfs - ok
21:02:27.0014 2608  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:02:27.0077 2608  nsi - ok
21:02:27.0108 2608  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:02:27.0170 2608  nsiproxy - ok
21:02:27.0249 2608  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:02:27.0295 2608  Ntfs - ok
21:02:27.0327 2608  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:02:27.0374 2608  Null - ok
21:02:27.0702 2608  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:02:28.0139 2608  nvlddmkm - ok
21:02:28.0186 2608  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:02:28.0202 2608  nvraid - ok
21:02:28.0249 2608  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:02:28.0264 2608  nvstor - ok
21:02:28.0342 2608  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:02:28.0389 2608  nvsvc - ok
21:02:28.0499 2608  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:02:28.0530 2608  nvUpdatusService - ok
21:02:28.0577 2608  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:02:28.0592 2608  nv_agp - ok
21:02:28.0639 2608  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:02:28.0670 2608  ohci1394 - ok
21:02:28.0717 2608  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:02:28.0780 2608  p2pimsvc - ok
21:02:28.0811 2608  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:02:28.0842 2608  p2psvc - ok
21:02:28.0874 2608  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:02:28.0874 2608  Parport - ok
21:02:28.0920 2608  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:02:28.0936 2608  partmgr - ok
21:02:28.0983 2608  [ 304E6AC43613A9C43896C4300009442B ] PCAMp50a64      C:\Windows\system32\Drivers\PCAMp50a64.sys
21:02:28.0983 2608  PCAMp50a64 - ok
21:02:29.0030 2608  [ 18B6869E23937175144E6F1D3CB85FC2 ] PCASp50a64      C:\Windows\system32\Drivers\PCASp50a64.sys
21:02:29.0045 2608  PCASp50a64 - ok
21:02:29.0077 2608  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:02:29.0124 2608  PcaSvc - ok
21:02:29.0139 2608  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:02:29.0155 2608  pci - ok
21:02:29.0170 2608  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:02:29.0186 2608  pciide - ok
21:02:29.0217 2608  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:02:29.0233 2608  pcmcia - ok
21:02:29.0249 2608  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:02:29.0264 2608  pcw - ok
21:02:29.0295 2608  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:02:29.0358 2608  PEAUTH - ok
21:02:29.0436 2608  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:02:29.0483 2608  PerfHost - ok
21:02:29.0624 2608  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:02:29.0764 2608  pla - ok
21:02:29.0811 2608  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:02:29.0842 2608  PlugPlay - ok
21:02:29.0874 2608  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:02:29.0874 2608  PNRPAutoReg - ok
21:02:29.0905 2608  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:02:29.0920 2608  PNRPsvc - ok
21:02:29.0967 2608  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:02:30.0030 2608  PolicyAgent - ok
21:02:30.0077 2608  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:02:30.0139 2608  Power - ok
21:02:30.0202 2608  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:02:30.0233 2608  PptpMiniport - ok
21:02:30.0264 2608  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:02:30.0295 2608  Processor - ok
21:02:30.0327 2608  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:02:30.0358 2608  ProfSvc - ok
21:02:30.0374 2608  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:02:30.0374 2608  ProtectedStorage - ok
21:02:30.0420 2608  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:02:30.0483 2608  Psched - ok
21:02:30.0545 2608  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
21:02:30.0545 2608  PSI - ok
21:02:30.0608 2608  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:02:30.0655 2608  ql2300 - ok
21:02:30.0686 2608  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:02:30.0686 2608  ql40xx - ok
21:02:30.0717 2608  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:02:30.0764 2608  QWAVE - ok
21:02:30.0795 2608  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:02:30.0827 2608  QWAVEdrv - ok
21:02:30.0858 2608  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:02:30.0920 2608  RasAcd - ok
21:02:30.0952 2608  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:02:30.0983 2608  RasAgileVpn - ok
21:02:30.0999 2608  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:02:31.0061 2608  RasAuto - ok
21:02:31.0139 2608  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:02:31.0186 2608  Rasl2tp - ok
21:02:31.0233 2608  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:02:31.0295 2608  RasMan - ok
21:02:31.0311 2608  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:02:31.0374 2608  RasPppoe - ok
21:02:31.0405 2608  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:02:31.0467 2608  RasSstp - ok
21:02:31.0530 2608  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:02:31.0592 2608  rdbss - ok
21:02:31.0624 2608  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:02:31.0639 2608  rdpbus - ok
21:02:31.0670 2608  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:02:31.0733 2608  RDPCDD - ok
21:02:31.0749 2608  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:02:31.0811 2608  RDPENCDD - ok
21:02:31.0842 2608  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:02:31.0874 2608  RDPREFMP - ok
21:02:31.0920 2608  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:02:31.0967 2608  RDPWD - ok
21:02:32.0030 2608  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:02:32.0045 2608  rdyboost - ok
21:02:32.0077 2608  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:02:32.0124 2608  RemoteAccess - ok
21:02:32.0170 2608  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:02:32.0233 2608  RemoteRegistry - ok
21:02:32.0311 2608  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:02:32.0342 2608  RFCOMM - ok
21:02:32.0358 2608  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:02:32.0420 2608  RpcEptMapper - ok
21:02:32.0436 2608  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:02:32.0467 2608  RpcLocator - ok
21:02:32.0530 2608  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:02:32.0561 2608  RpcSs - ok
21:02:32.0608 2608  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:02:32.0655 2608  rspndr - ok
21:02:32.0733 2608  [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:02:32.0749 2608  RTL8167 - ok
21:02:32.0764 2608  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:02:32.0780 2608  SamSs - ok
21:02:32.0827 2608  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:02:32.0842 2608  sbp2port - ok
21:02:32.0874 2608  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:02:32.0936 2608  SCardSvr - ok
21:02:32.0967 2608  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:02:33.0014 2608  scfilter - ok
21:02:33.0077 2608  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:02:33.0155 2608  Schedule - ok
21:02:33.0186 2608  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:02:33.0217 2608  SCPolicySvc - ok
21:02:33.0264 2608  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:02:33.0327 2608  SDRSVC - ok
21:02:33.0358 2608  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:02:33.0405 2608  secdrv - ok
21:02:33.0436 2608  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:02:33.0483 2608  seclogon - ok
21:02:33.0608 2608  [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:02:33.0639 2608  Secunia PSI Agent - ok
21:02:33.0655 2608  [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
21:02:33.0670 2608  Secunia Update Agent - ok
21:02:33.0702 2608  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
21:02:33.0764 2608  SENS - ok
21:02:33.0795 2608  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:02:33.0827 2608  SensrSvc - ok
21:02:33.0842 2608  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:02:33.0858 2608  Serenum - ok
21:02:33.0889 2608  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:02:33.0920 2608  Serial - ok
21:02:33.0967 2608  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:02:33.0983 2608  sermouse - ok
21:02:34.0045 2608  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:02:34.0092 2608  SessionEnv - ok
21:02:34.0124 2608  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:02:34.0186 2608  sffdisk - ok
21:02:34.0202 2608  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:02:34.0233 2608  sffp_mmc - ok
21:02:34.0264 2608  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:02:34.0295 2608  sffp_sd - ok
21:02:34.0327 2608  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:02:34.0342 2608  sfloppy - ok
21:02:34.0389 2608  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:02:34.0452 2608  SharedAccess - ok
21:02:34.0530 2608  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:02:34.0592 2608  ShellHWDetection - ok
21:02:34.0608 2608  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:02:34.0624 2608  SiSRaid2 - ok
21:02:34.0639 2608  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:02:34.0655 2608  SiSRaid4 - ok
21:02:34.0733 2608  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:02:34.0749 2608  SkypeUpdate - ok
21:02:34.0764 2608  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:02:34.0811 2608  Smb - ok
21:02:34.0905 2608  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:02:34.0936 2608  SNMPTRAP - ok
21:02:35.0233 2608  [ 37D91C6385BB1104D67925FC43800ED0 ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
21:02:35.0577 2608  SNPSTD3 - ok
21:02:35.0608 2608  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:02:35.0624 2608  spldr - ok
21:02:35.0686 2608  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:02:35.0733 2608  Spooler - ok
21:02:35.0858 2608  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:02:35.0983 2608  sppsvc - ok
21:02:36.0045 2608  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:02:36.0092 2608  sppuinotify - ok
21:02:36.0155 2608  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:02:36.0202 2608  srv - ok
21:02:36.0233 2608  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:02:36.0280 2608  srv2 - ok
21:02:36.0311 2608  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:02:36.0342 2608  srvnet - ok
21:02:36.0374 2608  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:02:36.0436 2608  SSDPSRV - ok
21:02:36.0483 2608  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:02:36.0514 2608  SstpSvc - ok
21:02:36.0545 2608  Steam Client Service - ok
21:02:36.0639 2608  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:02:36.0655 2608  Stereo Service - ok
21:02:36.0702 2608  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:02:36.0717 2608  stexstor - ok
21:02:36.0764 2608  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:02:36.0795 2608  stisvc - ok
21:02:36.0842 2608  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:02:36.0858 2608  swenum - ok
21:02:36.0874 2608  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:02:36.0936 2608  swprv - ok
21:02:37.0014 2608  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:02:37.0092 2608  SysMain - ok
21:02:37.0124 2608  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:02:37.0170 2608  TabletInputService - ok
21:02:37.0202 2608  [ 4EF44915E522F3ECD1A3FF540AA64126 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
21:02:37.0249 2608  tap0901 - ok
21:02:37.0295 2608  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:02:37.0358 2608  TapiSrv - ok
21:02:37.0405 2608  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:02:37.0452 2608  TBS - ok
21:02:37.0561 2608  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:02:37.0608 2608  Tcpip - ok
21:02:37.0655 2608  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:02:37.0686 2608  TCPIP6 - ok
21:02:37.0733 2608  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:02:37.0764 2608  tcpipreg - ok
21:02:37.0795 2608  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:02:37.0842 2608  TDPIPE - ok
21:02:37.0874 2608  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:02:37.0905 2608  TDTCP - ok
21:02:37.0967 2608  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:02:38.0030 2608  tdx - ok
21:02:38.0061 2608  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:02:38.0077 2608  TermDD - ok
21:02:38.0139 2608  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:02:38.0202 2608  TermService - ok
21:02:38.0233 2608  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:02:38.0280 2608  Themes - ok
21:02:38.0311 2608  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:02:38.0342 2608  THREADORDER - ok
21:02:38.0358 2608  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:02:38.0420 2608  TrkWks - ok
21:02:38.0499 2608  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:02:38.0545 2608  TrustedInstaller - ok
21:02:38.0577 2608  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:02:38.0624 2608  tssecsrv - ok
21:02:38.0670 2608  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:02:38.0733 2608  TsUsbFlt - ok
21:02:38.0780 2608  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:02:38.0842 2608  tunnel - ok
21:02:38.0874 2608  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:02:38.0889 2608  uagp35 - ok
21:02:38.0936 2608  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:02:38.0983 2608  udfs - ok
21:02:39.0014 2608  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:02:39.0045 2608  UI0Detect - ok
21:02:39.0077 2608  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:02:39.0077 2608  uliagpkx - ok
21:02:39.0124 2608  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:02:39.0155 2608  umbus - ok
21:02:39.0186 2608  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:02:39.0186 2608  UmPass - ok
21:02:39.0233 2608  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:02:39.0295 2608  upnphost - ok
21:02:39.0342 2608  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:02:39.0358 2608  usbaudio - ok
21:02:39.0405 2608  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:02:39.0467 2608  usbccgp - ok
21:02:39.0530 2608  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:02:39.0545 2608  usbcir - ok
21:02:39.0592 2608  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:02:39.0592 2608  usbehci - ok
21:02:39.0639 2608  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:02:39.0670 2608  usbhub - ok
21:02:39.0702 2608  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:02:39.0733 2608  usbohci - ok
21:02:39.0764 2608  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:02:39.0795 2608  usbprint - ok
21:02:39.0827 2608  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:02:39.0874 2608  USBSTOR - ok
21:02:39.0936 2608  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:02:40.0014 2608  usbuhci - ok
21:02:40.0077 2608  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:02:40.0139 2608  UxSms - ok
21:02:40.0249 2608  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:02:40.0264 2608  VaultSvc - ok
21:02:40.0295 2608  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:02:40.0311 2608  vdrvroot - ok
21:02:40.0358 2608  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:02:40.0405 2608  vds - ok
21:02:40.0420 2608  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:02:40.0452 2608  vga - ok
21:02:40.0483 2608  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:02:40.0545 2608  VgaSave - ok
21:02:40.0577 2608  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:02:40.0592 2608  vhdmp - ok
21:02:40.0639 2608  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:02:40.0655 2608  viaide - ok
21:02:40.0670 2608  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:02:40.0686 2608  volmgr - ok
21:02:40.0749 2608  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:02:40.0780 2608  volmgrx - ok
21:02:40.0795 2608  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:02:40.0811 2608  volsnap - ok
21:02:40.0905 2608  [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
21:02:40.0920 2608  vpnagent - ok
21:02:40.0983 2608  [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
21:02:40.0983 2608  vpnva - ok
21:02:41.0014 2608  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:02:41.0030 2608  vsmraid - ok
21:02:41.0108 2608  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:02:41.0186 2608  VSS - ok
21:02:41.0217 2608  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:02:41.0249 2608  vwifibus - ok
21:02:41.0295 2608  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:02:41.0311 2608  vwififlt - ok
21:02:41.0342 2608  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:02:41.0358 2608  vwifimp - ok
21:02:41.0389 2608  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:02:41.0436 2608  W32Time - ok
21:02:41.0452 2608  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:02:41.0483 2608  WacomPen - ok
21:02:41.0514 2608  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:02:41.0577 2608  WANARP - ok
21:02:41.0608 2608  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:02:41.0639 2608  Wanarpv6 - ok
21:02:41.0655 2608  wanatw - ok
21:02:41.0749 2608  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:02:41.0795 2608  wbengine - ok
21:02:41.0827 2608  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:02:41.0842 2608  WbioSrvc - ok
21:02:41.0889 2608  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:02:41.0920 2608  wcncsvc - ok
21:02:41.0936 2608  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:02:41.0952 2608  WcsPlugInService - ok
21:02:41.0967 2608  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:02:41.0967 2608  Wd - ok
21:02:42.0030 2608  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:02:42.0061 2608  Wdf01000 - ok
21:02:42.0077 2608  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:02:42.0170 2608  WdiServiceHost - ok
21:02:42.0186 2608  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:02:42.0202 2608  WdiSystemHost - ok
21:02:42.0264 2608  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:02:42.0295 2608  WebClient - ok
21:02:42.0327 2608  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:02:42.0389 2608  Wecsvc - ok
21:02:42.0405 2608  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:02:42.0467 2608  wercplsupport - ok
21:02:42.0514 2608  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:02:42.0561 2608  WerSvc - ok
21:02:42.0577 2608  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:02:42.0624 2608  WfpLwf - ok
21:02:42.0639 2608  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:02:42.0639 2608  WIMMount - ok
21:02:42.0655 2608  WinDefend - ok
21:02:42.0670 2608  WinHttpAutoProxySvc - ok
21:02:42.0717 2608  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:02:42.0780 2608  Winmgmt - ok
21:02:42.0874 2608  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:02:42.0936 2608  WinRM - ok
21:02:42.0999 2608  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:02:43.0045 2608  WinUsb - ok
21:02:43.0108 2608  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:02:43.0155 2608  Wlansvc - ok
21:02:43.0295 2608  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:02:43.0358 2608  wlidsvc - ok
21:02:43.0420 2608  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:02:43.0452 2608  WmiAcpi - ok
21:02:43.0483 2608  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:02:43.0530 2608  wmiApSrv - ok
21:02:43.0545 2608  WMPNetworkSvc - ok
21:02:43.0592 2608  [ B5A32905B0C2E676AB5432AE1028E847 ] WN111v2         C:\Windows\system32\DRIVERS\WN111v2x.sys
21:02:43.0686 2608  WN111v2 ( UnsignedFile.Multi.Generic ) - warning
21:02:43.0686 2608  WN111v2 - detected UnsignedFile.Multi.Generic (1)
21:02:43.0764 2608  [ B972C12DE88299E78F6656A31046DD99 ] WNDA3100        C:\Windows\system32\DRIVERS\WNDA31w7x.sys
21:02:43.0827 2608  WNDA3100 - ok
21:02:43.0858 2608  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:02:43.0874 2608  WPCSvc - ok
21:02:43.0920 2608  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:02:43.0936 2608  WPDBusEnum - ok
21:02:43.0967 2608  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:02:44.0030 2608  ws2ifsl - ok
21:02:44.0045 2608  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
21:02:44.0092 2608  wscsvc - ok
21:02:44.0092 2608  WSearch - ok
21:02:44.0202 2608  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:02:44.0264 2608  wuauserv - ok
21:02:44.0327 2608  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:02:44.0374 2608  WudfPf - ok
21:02:44.0389 2608  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:02:44.0405 2608  WUDFRd - ok
21:02:44.0452 2608  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:02:44.0483 2608  wudfsvc - ok
21:02:44.0530 2608  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:02:44.0592 2608  WwanSvc - ok
21:02:44.0686 2608  ================ Scan global ===============================
21:02:44.0733 2608  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:02:44.0780 2608  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:02:44.0795 2608  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:02:44.0827 2608  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:02:44.0858 2608  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:02:44.0874 2608  [Global] - ok
21:02:44.0874 2608  ================ Scan MBR ==================================
21:02:44.0874 2608  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:02:45.0139 2608  \Device\Harddisk1\DR1 - ok
21:02:45.0170 2608  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:02:46.0311 2608  \Device\Harddisk0\DR0 - ok
21:02:46.0311 2608  ================ Scan VBR ==================================
21:02:46.0327 2608  [ DD1BF1320ED4B47B365FB2BF0EDB415F ] \Device\Harddisk1\DR1\Partition1
21:02:46.0327 2608  \Device\Harddisk1\DR1\Partition1 - ok
21:02:46.0327 2608  [ 057F9DF218CCC1F695E514C78962A820 ] \Device\Harddisk0\DR0\Partition1
21:02:46.0327 2608  \Device\Harddisk0\DR0\Partition1 - ok
21:02:46.0327 2608  ============================================================
21:02:46.0327 2608  Scan finished
21:02:46.0327 2608  ============================================================
21:02:46.0342 0280  Detected object count: 2
21:02:46.0342 0280  Actual detected object count: 2
21:02:58.0561 0280  jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:58.0561 0280  jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:02:58.0561 0280  WN111v2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:58.0561 0280  WN111v2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 20.11.2012, 21:16   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Überbleibsel sind Überbleibsel
Mit False Positive wird gemeint, dass eine völlig harmlos/legitime Datei vom Virenscanner "erkannt" wird als Schädling. Wenn aber Schädling die noch in einer Q stecken erkannt werden ist das folgerichtig und nicht falsch


Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.11.2012, 22:14   #5
netnocheiner
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Zitat:
Zitat von cosinus Beitrag anzeigen
Überbleibsel sind Überbleibsel
Mit False Positive wird gemeint, dass eine völlig harmlos/legitime Datei vom Virenscanner "erkannt" wird als Schädling. Wenn aber Schädling die noch in einer Q stecken erkannt werden ist das folgerichtig und nicht falsch
Ansichtssache.:P Ich will einfach nur alles sehen was mir Angst machen könnte, und wenn ich was sehe, obwohl esmir keine Angst machen sollte, ist es ein 'false' postive für mich.

Hier der OTL-Bericht (hab vergessen Antivir zu beenden, aber es stand nichts davon in deinem Post; falls es Probleme gab,einfach sagen):

Code:
ATTFilter
OTL logfile created on: 20.11.2012 21:36:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Max\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,03% Memory free
4,00 Gb Paging File | 2,74 Gb Available in Paging File | 68,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 29,23 Gb Free Space | 19,61% Space Free | Partition Type: NTFS
Drive D: | 74,50 Gb Total Space | 71,53 Gb Free Space | 96,00% Space Free | Partition Type: NTFS
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.20 21:34:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
PRC - [2012.10.17 18:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.02.27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012.01.21 13:25:34 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.10.14 07:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2009.09.21 16:56:32 | 001,736,704 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe
PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.27 16:20:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.17 18:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.09 16:14:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.17 16:02:30 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.29 02:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe -- (jswpsapi)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.17 18:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.08.03 20:38:55 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.10 12:07:45 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.15 13:00:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.05.15 13:00:42 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.21 12:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.10.21 12:01:34 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WNDA31w7x.sys -- (WNDA3100)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.01.13 09:30:00 | 000,560,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111v2x.sys -- (WN111v2)
DRV:64bit: - [2008.10.01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008.03.13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007.03.27 17:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3)
DRV:64bit: - [2006.11.28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006.11.28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 5D CE 40 DC C5 CD 01  [binary data]
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 204.93.211.219:80
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..network.proxy.http: "81.27.79.181"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 16:20:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 16:20:18 | 000,000,000 | ---D | M]
 
[2011.05.15 10:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2012.10.23 20:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\e8jea1mp.default\extensions
[2012.09.25 00:10:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\e8jea1mp.default\extensions\ich@maltegoetz.de
[2012.03.29 21:35:13 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012.07.26 00:01:50 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.22 20:51:14 | 000,001,182 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\acronym-finder.xml
[2011.08.12 12:45:14 | 000,002,571 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\amazon-search-suggestions.xml
[2011.07.30 00:11:19 | 000,002,251 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\dc-database-en.xml
[2011.05.31 21:25:04 | 000,002,321 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\dictcc.xml
[2011.12.04 21:09:35 | 000,002,279 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\elder-scrolls-en.xml
[2011.08.14 17:36:23 | 000,001,660 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\leo-deu-eng.xml
[2011.07.30 00:11:09 | 000,002,262 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\marvel-database-en.xml
[2011.07.15 02:28:43 | 000,002,322 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\openthesaurus.xml
[2011.11.18 16:37:29 | 000,001,597 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\the-pirate-bay.xml
[2011.11.06 12:39:53 | 000,001,218 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\uespwiki-en.xml
[2011.05.31 21:24:58 | 000,002,006 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\urban-dictionary.xml
[2011.05.16 18:51:19 | 000,001,330 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\wikipedia-en.xml
[2012.03.18 22:11:17 | 000,001,997 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\wolframalpha.xml
[2011.12.10 02:02:33 | 000,002,057 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\youtube-videosuche.xml
[2012.10.27 16:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.27 16:20:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.27 16:20:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.21 12:50:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 20:04:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.21 12:50:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 12:50:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 12:50:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 12:50:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.08.11 23:34:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [Duyci] C:\Users\Max\AppData\Roaming\Wiyvvo\iqzy.exe (Compagnia ? quale Compagnia?)
O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [Feipsa] C:\Users\Max\AppData\Roaming\Osuhy\neve.exe (Compagnia ? quale Compagnia?)
O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [Fyagweo] C:\Users\Max\AppData\Roaming\Owysne\voag.exe (Compagnia ? quale Compagnia?)
O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0 File not found
O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
F3:64bit: - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000 WinNT: Load - (C:\Users\Max\LOCALS~1\Temp\mszxfa.cmd) - C:\Users\Max\LOCALS~1\Temp\mszxfa.cmd (Compagnia ? quale Compagnia?)
F3 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000 WinNT: Load - (C:\Users\Max\LOCALS~1\Temp\mszxfa.cmd) - C:\Users\Max\LOCALS~1\Temp\mszxfa.cmd (Compagnia ? quale Compagnia?)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O15 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1E5EB5F-F821-46DC-A7F2-FFC51F45EA77}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
MsConfig:64bit - StartUpReg: nMdQvhGrqSMKfoq.exe - hkey= - key= -  File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.20 21:34:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2012.11.20 20:16:35 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe
[2012.11.20 20:14:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe
[2012.11.20 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Uni
[2012.11.19 23:13:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Xoux
[2012.11.19 23:13:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Owysne
[2012.11.19 23:13:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Lioby
[2012.11.19 20:12:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Osuhy
[2012.11.19 20:12:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Fygee
[2012.11.19 20:12:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Ciowd
[2012.11.19 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{319151FB-D44F-4963-BBFE-F447B76F7028}
[2012.11.18 23:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Ricoh
[2012.11.18 19:38:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Wiyvvo
[2012.11.18 19:38:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Ibxyyr
[2012.11.18 19:38:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Asnya
[2012.11.18 15:49:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CF9C6E5A-6805-4E30-80C2-FBA789A66888}
[2012.11.18 03:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.11.18 02:36:16 | 000,000,000 | ---D | C] -- C:\Users\Max\Local Settings
[2012.11.17 16:30:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E30551CE-C126-4FE2-8EF4-B78B8E67D9C1}
[2012.11.17 02:38:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{39CC731D-E6F2-4043-A189-126C183D05F7}
[2012.11.16 14:38:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{393E2046-49FA-4435-B953-545C5CD9BC6E}
[2012.11.15 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{AAAB3978-2FB7-4010-B8FF-F96DF703CB67}
[2012.11.14 21:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.11.14 18:33:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\HorizonWimba
[2012.11.14 14:33:31 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{132CF4EB-668D-4CEC-AF72-9280A301C40B}
[2012.11.13 16:04:11 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CD7D94D8-7EDA-4102-B301-8A4CA81A7869}
[2012.11.13 02:38:53 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{ADF65CF9-C573-4918-B21C-C986B9FF50BE}
[2012.11.12 14:38:40 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5B05614E-C789-46F8-AB79-4E512626C558}
[2012.11.11 13:28:06 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{67E568EB-F635-4EA2-99BB-179A1D74E326}
[2012.11.10 14:41:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{170F3778-958A-4CE9-A661-7EBF167B838D}
[2012.11.09 16:18:06 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{19AFFE43-CCCB-4BF9-84D6-72D69242F8D4}
[2012.11.09 04:17:41 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3CE167C9-8B04-4CD0-BC22-F8FBBC69CB0A}
[2012.11.08 16:17:29 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{6AF193CC-2276-4233-9EB5-0556FC14DC41}
[2012.11.07 16:21:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{FC0AC3C4-50F1-4675-9D98-05F305973D86}
[2012.11.06 19:49:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5725FC92-6474-40FB-98FB-59695D715A82}
[2012.11.05 17:02:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{BC8DD572-3ED7-474A-8491-F059BB0B3AB0}
[2012.11.04 16:44:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{82F022E1-189B-4C17-8339-0E73EDF023A3}
[2012.11.04 03:08:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3156638E-AB14-4D47-A472-73543CDB1035}
[2012.11.03 15:08:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{6FEADE73-6CC7-48E4-B563-C8C04B3A12C2}
[2012.11.02 18:22:54 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9007DA8B-C8F5-4C8E-A654-7E025E5D5CD9}
[2012.11.01 20:20:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D80794D0-D0BF-46D6-B0EF-26B301045328}
[2012.10.31 16:31:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CB602A12-4D47-4D31-9C9C-27901E9C9F6C}
[2012.10.30 15:12:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DE07DC95-4A65-4733-A630-84E9BB061675}
[2012.10.29 17:20:38 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F4F82240-FDB0-4058-B07B-2DB65F7DFEAB}
[2012.10.28 14:57:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D46D8015-BBCA-46D7-BC43-0D7E47229EF1}
[2012.10.28 01:10:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{149BE589-BD71-47ED-AF1C-16EDAD357724}
[2012.10.27 16:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.27 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{7F26638A-FCCE-4958-942A-958B1E22CD82}
[2012.10.26 13:53:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B9A3AF11-591B-49CE-B89A-DBB18A79BEFA}
[2012.10.25 15:45:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{A8DF5CD7-B4EB-4871-B098-C2003D13E6EC}
[2012.10.24 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DEFA80BC-9DE2-4287-B264-8CBD8F27A968}
[2012.10.23 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5391A965-1368-44D7-BA15-57D455D6B735}
[2012.10.22 20:05:42 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9B7FCCA5-0E30-4A8F-8AF1-637538EA5E40}
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.20 21:34:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2012.11.20 21:14:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.20 20:59:35 | 000,000,512 | ---- | M] () -- C:\Users\Max\Desktop\MBR.dat
[2012.11.20 20:16:35 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe
[2012.11.20 20:15:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe
[2012.11.20 19:53:29 | 000,001,392 | ---- | M] () -- C:\Windows\SysNative\ricdb.ini
[2012.11.20 19:41:33 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 19:41:33 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 19:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.20 19:33:43 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.18 23:37:17 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.18 23:37:17 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.18 23:37:17 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.18 23:37:17 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.18 23:37:17 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.18 15:22:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.17 14:36:47 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.12 19:44:33 | 002,257,761 | ---- | M] () -- C:\Users\Max\Documents\max2.jpg
[2012.11.12 19:40:56 | 002,143,760 | ---- | M] () -- C:\Users\Max\Documents\20121112_174352.jpg
[2012.11.12 19:40:53 | 002,300,647 | ---- | M] () -- C:\Users\Max\Documents\crawlinginmyskiiin.jpg
[2012.11.12 19:40:47 | 002,245,507 | ---- | M] () -- C:\Users\Max\Documents\20121112_175006.jpg
[2012.11.12 19:40:44 | 002,319,717 | ---- | M] () -- C:\Users\Max\Documents\20121112_175908.jpg
[2012.11.12 19:40:42 | 002,313,252 | ---- | M] () -- C:\Users\Max\Documents\max1.jpg
[2012.11.12 19:40:38 | 002,324,608 | ---- | M] () -- C:\Users\Max\Documents\20121112_180255.jpg
[2012.11.12 19:40:37 | 002,311,649 | ---- | M] () -- C:\Users\Max\Documents\20121112_180339.jpg
[2012.11.12 19:40:35 | 002,328,168 | ---- | M] () -- C:\Users\Max\Documents\20121112_180349.jpg
[2012.11.12 19:40:33 | 002,290,808 | ---- | M] () -- C:\Users\Max\Documents\20121112_180357.jpg
[2012.11.12 19:40:31 | 002,263,260 | ---- | M] () -- C:\Users\Max\Documents\20121112_180429.jpg
[2012.11.12 19:40:28 | 002,190,795 | ---- | M] () -- C:\Users\Max\Documents\20121112_180451.jpg
[2012.11.12 19:40:25 | 002,272,992 | ---- | M] () -- C:\Users\Max\Documents\20121112_180520.jpg
[2012.11.07 17:59:09 | 000,001,366 | ---- | M] () -- C:\Users\Max\Desktop\hulk.rtf
[2012.10.22 23:08:27 | 003,764,050 | ---- | M] () -- C:\Users\Max\Documents\20121022_151547.jpg
[2012.10.22 23:07:32 | 003,375,268 | ---- | M] () -- C:\Users\Max\Documents\20121022_151537.jpg
[2012.10.22 23:06:42 | 003,307,656 | ---- | M] () -- C:\Users\Max\Documents\20121022_151523.jpg
[2012.10.22 23:05:50 | 002,728,989 | ---- | M] () -- C:\Users\Max\Documents\20121022_151618.jpg
[2012.10.22 23:05:08 | 003,267,684 | ---- | M] () -- C:\Users\Max\Documents\20121022_151634.jpg
[2012.10.22 23:04:09 | 003,799,515 | ---- | M] () -- C:\Users\Max\Documents\20121022_151702.jpg
 
========== Files Created - No Company Name ==========
 
[2012.11.20 20:59:35 | 000,000,512 | ---- | C] () -- C:\Users\Max\Desktop\MBR.dat
[2012.11.18 23:46:16 | 000,001,392 | ---- | C] () -- C:\Windows\SysNative\ricdb.ini
[2012.11.17 03:11:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 03:01:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.12 19:26:28 | 002,143,760 | ---- | C] () -- C:\Users\Max\Documents\20121112_174352.jpg
[2012.11.12 19:25:51 | 002,300,647 | ---- | C] () -- C:\Users\Max\Documents\crawlinginmyskiiin.jpg
[2012.11.12 19:25:15 | 002,245,507 | ---- | C] () -- C:\Users\Max\Documents\20121112_175006.jpg
[2012.11.12 19:24:38 | 002,319,717 | ---- | C] () -- C:\Users\Max\Documents\20121112_175908.jpg
[2012.11.12 19:24:01 | 002,313,252 | ---- | C] () -- C:\Users\Max\Documents\max1.jpg
[2012.11.12 19:23:26 | 002,257,761 | ---- | C] () -- C:\Users\Max\Documents\max2.jpg
[2012.11.12 19:22:46 | 002,324,608 | ---- | C] () -- C:\Users\Max\Documents\20121112_180255.jpg
[2012.11.12 19:22:07 | 002,311,649 | ---- | C] () -- C:\Users\Max\Documents\20121112_180339.jpg
[2012.11.12 19:21:28 | 002,328,168 | ---- | C] () -- C:\Users\Max\Documents\20121112_180349.jpg
[2012.11.12 19:20:49 | 002,290,808 | ---- | C] () -- C:\Users\Max\Documents\20121112_180357.jpg
[2012.11.12 19:20:07 | 002,263,260 | ---- | C] () -- C:\Users\Max\Documents\20121112_180429.jpg
[2012.11.12 19:19:25 | 002,190,795 | ---- | C] () -- C:\Users\Max\Documents\20121112_180451.jpg
[2012.11.12 19:18:44 | 002,272,992 | ---- | C] () -- C:\Users\Max\Documents\20121112_180520.jpg
[2012.11.07 17:59:09 | 000,001,366 | ---- | C] () -- C:\Users\Max\Desktop\hulk.rtf
[2012.10.22 23:07:33 | 003,764,050 | ---- | C] () -- C:\Users\Max\Documents\20121022_151547.jpg
[2012.10.22 23:06:44 | 003,375,268 | ---- | C] () -- C:\Users\Max\Documents\20121022_151537.jpg
[2012.10.22 23:05:52 | 003,307,656 | ---- | C] () -- C:\Users\Max\Documents\20121022_151523.jpg
[2012.10.22 23:05:10 | 002,728,989 | ---- | C] () -- C:\Users\Max\Documents\20121022_151618.jpg
[2012.10.22 23:04:11 | 003,267,684 | ---- | C] () -- C:\Users\Max\Documents\20121022_151634.jpg
[2012.10.22 23:03:06 | 003,799,515 | ---- | C] () -- C:\Users\Max\Documents\20121022_151702.jpg
[2011.11.10 19:45:57 | 001,420,616 | ---- | C] () -- C:\Users\Max\2011-11-10 19.25.22.jpg
[2011.11.10 19:45:38 | 001,638,144 | ---- | C] () -- C:\Users\Max\2011-11-10 19.26.16.jpg
[2011.11.10 19:45:22 | 001,443,464 | ---- | C] () -- C:\Users\Max\2011-11-10 19.26.30.jpg
[2011.11.10 19:45:03 | 001,601,281 | ---- | C] () -- C:\Users\Max\2011-11-10 19.35.52.jpg
[2011.11.10 19:44:42 | 001,647,716 | ---- | C] () -- C:\Users\Max\2011-11-10 19.37.26.jpg
[2011.11.10 19:44:25 | 001,505,606 | ---- | C] () -- C:\Users\Max\2011-11-10 19.40.03.jpg
[2011.11.10 19:44:09 | 001,392,730 | ---- | C] () -- C:\Users\Max\2011-11-10 19.37.00.jpg
[2011.11.10 19:43:52 | 001,430,322 | ---- | C] () -- C:\Users\Max\2011-11-10 19.38.21.jpg
[2011.11.10 19:43:32 | 001,545,600 | ---- | C] () -- C:\Users\Max\2011-11-10 19.39.40.jpg
[2011.11.10 19:43:15 | 001,503,448 | ---- | C] () -- C:\Users\Max\2011-11-10 19.40.32.jpg
[2011.10.23 20:24:27 | 001,390,133 | ---- | C] () -- C:\Users\Max\2011-10-23 19.54.31.jpg
[2011.07.01 20:56:42 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.05.15 19:02:15 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011.05.15 18:25:41 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.15 09:39:17 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2012.02.15 16:00:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\.minecraft
[2012.11.18 19:38:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Asnya
[2012.11.19 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ciowd
[2011.11.10 12:09:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2012.09.23 00:55:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DVDVideoSoft
[2012.11.19 20:12:59 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Fygee
[2012.11.18 19:38:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ibxyyr
[2011.11.12 19:09:41 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ivacy
[2012.11.19 23:14:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Lioby
[2011.11.13 00:47:34 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ManyCam
[2011.09.11 02:43:24 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\MOVAVI
[2012.11.19 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Osuhy
[2012.11.19 23:13:37 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Owysne
[2012.08.10 04:11:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\uTorrent
[2012.11.18 19:38:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Wiyvvo
[2012.11.19 23:13:37 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Xoux
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.08.12 02:16:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.09.08 21:05:00 | 000,000,000 | ---D | M] -- C:\ac51d54726d99835f64d333096
[2012.01.24 11:11:06 | 000,000,000 | ---D | M] -- C:\Boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.14 23:28:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.26 03:01:02 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2012.01.24 12:13:32 | 000,000,000 | ---D | M] -- C:\old
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.10 16:13:19 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.19 18:35:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.11.18 23:48:43 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.05.14 23:28:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.14 23:28:38 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.11.20 21:38:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.08.11 20:24:32 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2012.11.18 03:05:23 | 000,000,000 | ---D | M] -- C:\Temp
[2012.11.18 03:07:24 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.18 15:18:00 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.15 16:00:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\.minecraft
[2011.09.08 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Adobe
[2012.11.18 19:38:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Asnya
[2012.08.02 22:38:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Avira
[2012.11.19 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ciowd
[2011.11.10 12:09:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2012.01.02 02:30:54 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\dvdcss
[2012.09.23 00:55:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DVDVideoSoft
[2012.11.19 20:12:59 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Fygee
[2012.11.18 19:38:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ibxyyr
[2011.05.14 23:28:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Identities
[2011.11.12 19:09:41 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ivacy
[2012.11.19 23:14:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Lioby
[2011.09.08 21:03:06 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Macromedia
[2012.01.26 15:54:10 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Malwarebytes
[2011.11.13 00:47:34 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ManyCam
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Media Center Programs
[2012.09.23 00:54:18 | 000,000,000 | --SD | M] -- C:\Users\Max\AppData\Roaming\Microsoft
[2011.09.11 02:43:24 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\MOVAVI
[2011.09.08 21:03:22 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Mozilla
[2011.09.11 02:43:26 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\NVIDIA
[2012.11.19 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Osuhy
[2012.11.19 23:13:37 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Owysne
[2012.10.02 20:42:31 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Skype
[2012.08.13 21:10:00 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\SUPERAntiSpyware.com
[2012.08.10 04:11:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\uTorrent
[2011.09.08 21:05:59 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\vlc
[2011.05.26 23:34:12 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\WinRAR
[2012.11.18 19:38:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Wiyvvo
[2012.11.19 23:13:37 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Xoux
 
< %APPDATA%\*.exe /s >
[2011.08.12 16:34:17 | 000,332,800 | ---- | M] (Compagnia ? quale Compagnia?) -- C:\Users\Max\AppData\Roaming\Osuhy\neve.exe
[2011.07.05 21:50:37 | 000,332,800 | ---- | M] (Compagnia ? quale Compagnia?) -- C:\Users\Max\AppData\Roaming\Owysne\voag.exe
[2011.11.05 20:11:16 | 000,332,800 | ---- | M] (Compagnia ? quale Compagnia?) -- C:\Users\Max\AppData\Roaming\Wiyvvo\iqzy.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >

< End of report >
         
EDIT:

Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 20.11.2012 21:36:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Max\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,03% Memory free
4,00 Gb Paging File | 2,74 Gb Available in Paging File | 68,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 29,23 Gb Free Space | 19,61% Space Free | Partition Type: NTFS
Drive D: | 74,50 Gb Total Space | 71,53 Gb Free Space | 96,00% Space Free | Partition Type: NTFS
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0177D670-E4D9-4A7A-B870-EAC553575309}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{05DC2BF6-3723-40D4-9C4D-5DBD110F9B9D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0CE4F14A-BC99-4580-BACC-82318E301000}" = rport=137 | protocol=17 | dir=out | app=system | 
"{181034E0-4BE3-49BE-AA2F-3163D6B8A651}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1B095E7D-C682-4AFD-9067-E77F958CDC44}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{1C976136-78BF-4ECE-8259-8E1B7160AB8A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2D058946-38EF-4515-A028-8911F93E2F62}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{43467CDE-8F8F-480B-8EC6-22BAFEA4985B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5349EA37-9515-4348-9050-1C4C5337C911}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5F8745CF-D48D-4F35-971C-589B6907E0A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6491C8E1-B504-4735-B470-E80DFA928DA8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6E94BF30-7840-4AF3-8DEC-7FBC00C19C4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74B58830-9741-4B60-B40D-F0B3BF22FBF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8629DAD6-3E8C-4DB2-8C50-41C7730F4EEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A3173C1D-BA58-497D-940D-2BCAC49ABCCC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A4F42316-2B53-41F2-9597-4736A9BB8EF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A51B2A82-446B-4191-A5D4-C6C06E421371}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B4F7EBA3-3FF9-4E44-89BE-C651EE14D991}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B9D8AB71-69E9-4E18-A7BE-D1AB252A4BCC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C46867F0-BFDB-4987-B355-4BBB10501C02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E9A633DE-7ED5-413E-ADA0-030F75E8B2C7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EF09DFDA-D6A6-49BF-9F59-89BA8B91A160}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F219B2FC-46BB-445D-9EAB-587AE787D7C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F34D3336-FC92-42AE-ADB6-7D09CC11120E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073B7B8B-020E-4FD1-918B-D5725E40E05D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{07B7B033-AB77-4BE2-8525-EF0CB03198A2}" = protocol=6 | dir=in | app=c:\users\max\downloads\setup-msgplus-501.exe | 
"{0E910F8D-EACD-45D3-99CA-CB8DBBEC0E9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress classic\hl.exe | 
"{0EFD04A2-AB2D-4144-9E66-6CED9E24CEDE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1305480802\ee\aolsoftware.exe | 
"{187B97F5-8B57-43A9-BE97-A5F4C582FF25}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe | 
"{1DA0A801-8DE5-4977-868E-322B53367CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{2169D3B2-F6AB-4844-90D9-7CE8C1FC96B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{23130B23-D7F9-45B3-BB20-75BEAFD82109}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{24D31768-3DA7-47AB-B7AF-3D4E655E1882}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe | 
"{2A3B1587-1F97-4BD2-99B9-7811C28C8CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{2B1C0897-2201-4C96-998E-A80F8A7E1A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{2C89A31E-FFD9-4B00-9871-D436462B4189}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | 
"{2FC55DBD-4B33-476D-9017-87B1D1CBC000}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2FFB1E25-A2DC-4280-A702-A182706CA9D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{37B20030-47D9-460C-BA24-CCD0260D439E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | 
"{3E8025DD-4CEE-4544-8E08-5352101306D5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{3F6A6C6A-A5F9-4896-953B-90837065C1DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4457FCCE-A4D9-4407-8D57-A06B0DADFDBD}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe | 
"{47BB0751-055F-40E7-A42A-F4A0EF06ECD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5CB4A015-3FA8-41CE-B808-AA72860DA7AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5F4E49D7-0FE9-434C-97B9-6A476451D3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe | 
"{601C4F1B-5FB4-48B0-B24D-DF36863484D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | 
"{6523FAEB-7A50-4BF9-9227-51612F175677}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"{68AA2909-0A75-4531-BB0C-2CBFC3955336}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1305480802\ee\aolsoftware.exe | 
"{6AD00153-E7A8-467D-AF1C-66E2F9845F86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{6BD401E7-ED98-4C9B-B588-ABB880E86446}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress classic\hl.exe | 
"{90AF58B7-2DBD-48CE-ABE7-5DBC9F8B48E4}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe | 
"{979F8844-E07D-4568-AAF3-9C8E1B735C32}" = protocol=17 | dir=in | app=c:\users\max\downloads\setup-msgplus-501.exe | 
"{9BD64D6E-E536-4446-8202-4CBA2A7A4CCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | 
"{9E590996-1D6C-40AC-81BD-EBF823C66C92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{A1280294-1BB8-4BBB-A918-BCE650E23E93}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B1DA823C-6298-43DD-BCF0-53061D8D12BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\day of defeat\hl.exe | 
"{B361C90F-963C-4472-8D71-7741CAE3D38C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{B3B4A880-4DFF-499E-9A25-F25DFBB6BFCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe | 
"{B4C3E8AF-04AF-4933-8015-819DDD59C0FD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B7D978F5-71DC-43D4-BE45-9143E3A53F1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | 
"{BC207B56-91C4-479E-A94B-B43F440C3663}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{C26F3EF6-CAB1-4556-B224-65451CD0AFFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\day of defeat\hl.exe | 
"{C368BE99-E412-4ADC-8A3D-F43D41A03CD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | 
"{C4C4F6E2-615F-498F-B955-A2B025FC7836}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C6ECB584-1149-4CF1-AA5C-87160E545F1C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{C7F625FF-8556-4474-BCD5-FEE40F4E260C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{CA1C27B7-1962-4F2B-8EB3-DC55EC3CA898}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CC9B3F42-576D-438F-B63D-159EE92E4FAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{CD9DE40F-95C0-4E5F-B49D-27557C9E1AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{DB4DFADD-9CE2-4301-BF8B-1DC5A62DBE47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | 
"{E0DA42C7-F41F-4C14-9617-E37A251A2CD7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{E511BE4A-A801-4B33-BE94-F00E83662127}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{EDCBD489-961A-4412-8C19-FEBD81ABB813}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | 
"{F256AE38-4CC6-45DE-BCE0-0F4C4B16D0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"{FCEED16B-87FF-4CCB-A1CA-F1AFACC7828F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{FDDBD0A5-F48C-4BB9-90B4-8A6309AC3B64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{181E4DDE-C6B7-40F3-8E9E-6875F8A2CC5F}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{1848F742-8B70-4F05-8667-6A569046646C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{218E7C6A-A342-414C-9B43-175B600E8F4A}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | 
"TCP Query User{22B563AA-B372-40DC-8659-7FA95DB8ECF5}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | 
"TCP Query User{593462F0-1DFA-440C-B55A-C8319ABCBF23}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{7616EBA7-F3C1-48EB-A215-8220203F2A8B}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{7F4D0631-4843-4C15-8476-213F3EBBDD5C}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | 
"TCP Query User{8A3C2A82-0BA6-4451-9268-2D10FF798286}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | 
"TCP Query User{9A404F08-2CEE-445C-A378-678C2F763257}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{9F6F20A4-2E7B-4174-838B-BC79BF040C12}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | 
"TCP Query User{A4219D3D-EACA-4490-BE3C-2C5F47879F16}C:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe | 
"TCP Query User{D9C7370E-7FB3-4458-96ED-2C80576D40C5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{0862FF82-6D83-4B5D-8156-C953446DC14B}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | 
"UDP Query User{0B535A95-436C-412F-B9DA-04A0208C2420}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{2C990DF5-049A-4C94-B1F1-3AC365B512B1}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | 
"UDP Query User{4DCF87B2-5615-4B1C-95B9-8318B39155C8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{5AE2CDE6-372C-4F0E-BD0D-F9AF29E6AD7C}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | 
"UDP Query User{67869E89-9642-444D-ABF0-766E6A46F9A5}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{6D45A719-6E60-4FC8-9BDB-78F072D5B464}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | 
"UDP Query User{762B0221-788D-4BAF-B4C9-C2DA181BC296}C:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe | 
"UDP Query User{81F5D7C9-6A18-4562-A7BF-FD7D24220EAB}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{A0AF255C-EC18-4332-B847-1667055720FA}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | 
"UDP Query User{AFA3C7EE-6F00-4DCB-9CB5-421C39EB8751}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{F26FF8F3-40AF-47E0-A3A3-3387EE1ADCB4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Speccy" = Speccy
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = WNDA3100
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2948988-2C6C-4070-BC8B-A1D77FE97D09}_is1" = Running with rifles Demo version 0.4
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDisplay_is1" = CDisplay 1.8
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deus Ex" = Deus Ex
"InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
"InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"IrfanView" = IrfanView (remove only)
"JFK Reloaded" = JFK Reloaded 1.1
"KainUninstallKey" = Legacy of Kain
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"ManyCam" = ManyCam 2.6.55 (remove only)
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Octodad" = Octodad
"OpenAL" = OpenAL
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Steam App 10" = Counter-Strike
"Steam App 130" = Half-Life: Blue Shift
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 50" = Half-Life: Opposing Force
"Steam App 70" = Half-Life
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.09.2012 11:56:14 | Computer Name = Max-PC | Source = acvpndownloader | ID = 67108866
Description = 
 
Error - 28.09.2012 11:56:14 | Computer Name = Max-PC | Source = acvpndownloader | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 18.11.2012 14:54:29 | Computer Name = Max-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e58    Startzeit: 
01cdc5a9061ccef1    Endzeit: 235    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
   
 
Error - 20.11.2012 09:50:24 | Computer Name = Max-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Max\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 20.11.2012 16:02:16 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 9309 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 20.11.2012 16:02:16 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeCategoryHandler File: .\MainThread.cpp
Line:
 6588 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -28835824
 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 20.11.2012 16:02:16 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 6201
Invoked
 Function: CMainThread::genericNoticeCategoryHandler Return Code: -28835824 (0xFE480010)
Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 20.11.2012 16:02:16 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 6151
Invoked
 Function: CMainThread::processNotice Return Code: -28835824 (0xFE480010) Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 20.11.2012 16:02:16 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnEventSignaled File: .\MainThread.cpp Line: 
5923 Invoked Function: CMainThread::noticeHandler Return Code: -28835824 (0xFE480010)
Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 20.11.2012 16:02:21 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 9309 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 20.11.2012 16:02:21 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeCategoryHandler File: .\MainThread.cpp
Line:
 6588 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -28835824
 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 20.11.2012 16:02:21 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 6201
Invoked
 Function: CMainThread::genericNoticeCategoryHandler Return Code: -28835824 (0xFE480010)
Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 20.11.2012 16:02:21 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 6151
Invoked
 Function: CMainThread::processNotice Return Code: -28835824 (0xFE480010) Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 20.11.2012 16:02:21 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnEventSignaled File: .\MainThread.cpp Line: 
5923 Invoked Function: CMainThread::noticeHandler Return Code: -28835824 (0xFE480010)
Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
[ Media Center Events ]
Error - 06.09.2011 15:38:40 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 06.09.2011 15:39:00 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 06.09.2011 15:39:13 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
[ System Events ]
Error - 15.09.2012 16:55:48 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?09.?2012 um 22:53:44 unerwartet heruntergefahren.
 
Error - 15.09.2012 16:56:04 | Computer Name = MAX-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 02.10.2012 15:59:41 | Computer Name = Max-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.0.107  registriert werden. Der Computer mit IP-Adresse 192.168.0.100
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 10.10.2012 17:02:00 | Computer Name = Max-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 10.10.2012 17:24:52 | Computer Name = Max-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 19.10.2012 08:41:44 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.139.124.0)
 
Error - 28.10.2012 09:51:14 | Computer Name = Max-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.0.101  registriert werden. Der Computer mit IP-Adresse 192.168.0.100
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 12.11.2012 09:00:03 | Computer Name = Max-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.126  registriert werden. Der Computer mit IP-Adresse 192.168.1.124
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 12.11.2012 14:17:34 | Computer Name = Max-PC | Source = BTHUSB | ID = 327696
Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter
 und einem Gerät mit Bluetooth-Adapteradresse (18:e2:c2:3f:ac:2f) ist fehlgeschlagen.
 
Error - 16.11.2012 22:33:20 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%6704
 
 
< End of report >
         


Alt 21.11.2012, 11:05   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Zitat:
Ansichtssache.:P
Ein FalsePositive ist keine Ansichtssache
Wenn durchein Fehler in den Signaturen beispielweise eine völlig legitime und essentielle Systemdatei angemeckert wird, gibt es da keine zwei Meinungen, die könnte auch nicht in irgendeiner Weise schädlich sein nur weil ein Virenscanner durch seinen Fehlalarm das behauptet

Edit: Bitte ein Log mit CF machen:


ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)

Alt 21.11.2012, 15:34   #7
netnocheiner
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Bevor ich weitermache ein kurzer Einschub:

Grad eben kam von Antivir ne Warnung, dass ich Malware hätte (irgendwo unter AppData/Roaming/...)

Hab es dann mal "prüfen" lassen und das kam dabei raus:
objekt fund aktion
neve.exe TR/Injector.332800.2 In Quarantäne verschieben
iqzy.exe TR/Injector.332800.2 In Quarantäne verschieben

Hab aus ausführen geklickt und die Dinger wurden in Quarantäne verschoben.
Werde gleich mal den Post editieren und den CF Log reinpasten- denke ein einfacher Log, wird nichts verschlimmbessern..?

EDIT: Sehe gerade, dass du online bist und warte bis ich das O.K. kriege.

Alt 21.11.2012, 16:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Ja einfach mit CF weitermachen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.11.2012, 17:15   #9
netnocheiner
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Einmal ganz kurz und nur minimalst die Maus bewegt um den Standby Modus zu beenden.

Code:
ATTFilter
ComboFix 12-11-21.01 - Max 21.11.2012  16:52:43.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2047.1204 [GMT 1:00]
ausgeführt von:: c:\users\Max\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Max\AppData\Roaming\Ciowd
c:\users\Max\AppData\Roaming\Ciowd\ubeh.ohy
c:\users\Max\AppData\Roaming\Owysne
c:\users\Max\AppData\Roaming\Owysne\voag.exe
c:\users\Max\AppData\Roaming\Xoux
c:\users\Max\AppData\Roaming\Xoux\atfoo.qua
.
c:\windows\SysWow64\Drivers\atapi.sys . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-21 bis 2012-11-21  ))))))))))))))))))))))))))))))
.
.
2012-11-21 16:10 . 2012-11-21 16:10	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED1A3FCD-9FCC-48BE-8E0C-C479229010B9}\offreg.dll
2012-11-20 13:46 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED1A3FCD-9FCC-48BE-8E0C-C479229010B9}\mpengine.dll
2012-11-19 22:13 . 2012-11-19 22:14	--------	d-----w-	c:\users\Max\AppData\Roaming\Lioby
2012-11-19 19:12 . 2012-11-21 14:29	--------	d-----w-	c:\users\Max\AppData\Roaming\Fygee
2012-11-19 19:12 . 2012-11-21 14:28	--------	d-----w-	c:\users\Max\AppData\Roaming\Osuhy
2012-11-18 22:48 . 2012-11-18 22:48	--------	d-----w-	c:\programdata\Ricoh
2012-11-18 22:48 . 2012-02-13 11:08	58368	----a-w-	c:\windows\system32\Spool\prtprocs\x64\EUDMPP64.DLL
2012-11-18 18:38 . 2012-11-21 14:29	--------	d-----w-	c:\users\Max\AppData\Roaming\Wiyvvo
2012-11-18 18:38 . 2012-11-18 18:38	--------	d-----w-	c:\users\Max\AppData\Roaming\Asnya
2012-11-18 18:38 . 2012-11-18 18:38	--------	d-----w-	c:\users\Max\AppData\Roaming\Ibxyyr
2012-11-18 02:07 . 2012-11-18 02:07	--------	d-----w-	c:\users\UpdatusUser
2012-11-18 02:07 . 2012-11-18 02:07	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-11-18 02:06 . 2012-10-02 19:50	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-11-17 02:11 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-17 02:11 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 02:11 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 02:11 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-17 02:01 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-17 02:01 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-17 02:01 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 02:01 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 02:01 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-17 02:01 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-17 02:01 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 16:32 . 2012-09-25 22:47	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-11-16 16:32 . 2012-09-25 22:46	95744	----a-w-	c:\windows\system32\synceng.dll
2012-11-14 17:33 . 2012-11-14 17:33	--------	d-----w-	c:\users\Max\AppData\Local\HorizonWimba
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 02:02 . 2011-05-17 19:53	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-10-17 17:30 . 2012-10-17 17:30	10744	----a-w-	c:\windows\SysWow64\vpncategories.dll
2012-10-17 17:30 . 2012-10-17 17:30	33784	----a-w-	c:\windows\SysWow64\vpnevents.dll
2012-10-17 17:11 . 2012-10-17 17:11	107432	----a-r-	c:\windows\system32\drivers\acsock64.sys
2012-10-10 20:23 . 2012-10-10 20:23	1867112	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23	18252136	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23	1482600	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23	6127464	----a-w-	c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23	2574696	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23	25256296	----a-w-	c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23	7414632	----a-w-	c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2010-07-10 03:38	2731880	----a-w-	c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2009-07-13 21:59	14922600	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23	9146728	----a-w-	c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	7697768	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	2218344	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2010-07-10 03:38	12501352	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22	2428776	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22	26331496	----a-w-	c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-10-10 20:22	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-10-10 20:22	15309160	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22	2747240	----a-w-	c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22	19906920	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22	13443944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22	17559912	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-10-09 15:14 . 2012-06-04 10:28	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 15:14 . 2011-05-15 10:18	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-02 19:51 . 2010-07-09 14:27	3293544	----a-w-	c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2010-07-09 14:27	6200680	----a-w-	c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2010-07-09 14:27	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2010-07-09 14:27	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2010-07-09 14:27	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15	430952	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-09-29 18:54 . 2012-01-26 14:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 17:53	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 17:53	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-03 22:30 . 2012-09-03 22:30	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 22:30 . 2012-05-09 01:11	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-03 22:30 . 2011-05-26 22:06	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19 . 2012-10-10 17:53	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 17:53	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 17:53	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 17:53	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 17:53	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 18:05 . 2012-09-22 11:56	1188864	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-22 11:56	1494528	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-22 11:56	134144	----a-w-	c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-22 11:56	9056256	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 18:03 . 2012-09-22 11:56	97792	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 18:03 . 2012-09-22 11:56	735744	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 18:03 . 2012-09-22 11:56	64512	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 18:02 . 2012-09-22 11:56	247808	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 18:02 . 2012-09-22 11:56	12295680	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 18:02 . 2012-09-22 11:56	2453504	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 16:57 . 2012-10-10 17:53	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-24 16:57 . 2012-09-22 11:56	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 15:59 . 2012-09-22 11:56	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 15:20 . 2012-09-22 11:56	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-01-21 220744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-10-17 684024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNDA3100\WNDA3100.exe [2009-9-21 1736704]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys [2009-01-13 560128]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-10 270912]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31w7x.sys [2009-10-21 767488]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 15:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 204.93.211.219:80
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\e8jea1mp.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.http - 81.27.79.181
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-25 01:10; ich@maltegoetz.de; c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\e8jea1mp.default\extensions\ich@maltegoetz.de
FF - ExtSQL: 2012-10-10 00:11; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Fyagweo - c:\users\Max\AppData\Roaming\Owysne\voag.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WNDA3100\Parameters]
@DACL=(02 0000)
.
Zeit der Fertigstellung: 2012-11-21  17:12:49
ComboFix-quarantined-files.txt  2012-11-21 16:12
.
Vor Suchlauf: 14 Verzeichnis(se), 32.251.875.328 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 33.754.419.200 Bytes frei
.
- - End Of File - - 36251CF25189741C99EACDF48EBF13FB
         

Alt 21.11.2012, 17:26   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Folder::
c:\users\Max\AppData\Roaming\Lioby
c:\users\Max\AppData\Roaming\Fygee
c:\users\Max\AppData\Roaming\Osuhy
c:\users\Max\AppData\Roaming\Wiyvvo
c:\users\Max\AppData\Roaming\Asnya
c:\users\Max\AppData\Roaming\Ibxyyr
c:\users\Max\AppData\Roaming\Owysne

Filelook::
c:\windows\SysWow64\Drivers\atapi.sys
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.11.2012, 17:51   #11
netnocheiner
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Code:
ATTFilter
ComboFix 12-11-21.01 - Max 21.11.2012  17:35:48.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2047.983 [GMT 1:00]
ausgeführt von:: c:\users\Max\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Max\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Max\AppData\Roaming\Asnya
c:\users\Max\AppData\Roaming\Fygee
c:\users\Max\AppData\Roaming\Fygee\yzgag.ecy
c:\users\Max\AppData\Roaming\Fygee\yzgag.tmp
c:\users\Max\AppData\Roaming\Ibxyyr
c:\users\Max\AppData\Roaming\Ibxyyr\ofeq.cov
c:\users\Max\AppData\Roaming\Lioby
c:\users\Max\AppData\Roaming\Lioby\ugkuo.tmp
c:\users\Max\AppData\Roaming\Osuhy
c:\users\Max\AppData\Roaming\Wiyvvo
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-21 bis 2012-11-21  ))))))))))))))))))))))))))))))
.
.
2012-11-21 16:40 . 2012-11-21 16:40	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-11-21 16:40 . 2012-11-21 16:40	--------	d-----w-	c:\users\Mcx1-MAX-PC\AppData\Local\temp
2012-11-21 16:40 . 2012-11-21 16:40	--------	d-----w-	c:\users\Mcx1-MAX-PC.Max-PC\AppData\Local\temp
2012-11-21 16:40 . 2012-11-21 16:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-21 16:10 . 2012-11-21 16:10	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED1A3FCD-9FCC-48BE-8E0C-C479229010B9}\offreg.dll
2012-11-20 13:46 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED1A3FCD-9FCC-48BE-8E0C-C479229010B9}\mpengine.dll
2012-11-18 22:48 . 2012-11-18 22:48	--------	d-----w-	c:\programdata\Ricoh
2012-11-18 22:48 . 2012-02-13 11:08	58368	----a-w-	c:\windows\system32\Spool\prtprocs\x64\EUDMPP64.DLL
2012-11-18 02:07 . 2012-11-18 02:07	--------	d-----w-	c:\users\UpdatusUser
2012-11-18 02:07 . 2012-11-18 02:07	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-11-18 02:06 . 2012-10-02 19:50	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-11-17 02:11 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-17 02:11 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 02:11 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 02:11 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-17 02:01 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-17 02:01 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-17 02:01 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 02:01 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 02:01 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-17 02:01 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-17 02:01 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 16:32 . 2012-09-25 22:47	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-11-16 16:32 . 2012-09-25 22:46	95744	----a-w-	c:\windows\system32\synceng.dll
2012-11-14 17:33 . 2012-11-14 17:33	--------	d-----w-	c:\users\Max\AppData\Local\HorizonWimba
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 02:02 . 2011-05-17 19:53	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-10-17 17:30 . 2012-10-17 17:30	10744	----a-w-	c:\windows\SysWow64\vpncategories.dll
2012-10-17 17:30 . 2012-10-17 17:30	33784	----a-w-	c:\windows\SysWow64\vpnevents.dll
2012-10-17 17:11 . 2012-10-17 17:11	107432	----a-r-	c:\windows\system32\drivers\acsock64.sys
2012-10-10 20:23 . 2012-10-10 20:23	1867112	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23	18252136	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23	1482600	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23	6127464	----a-w-	c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23	2574696	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23	25256296	----a-w-	c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23	7414632	----a-w-	c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2010-07-10 03:38	2731880	----a-w-	c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2009-07-13 21:59	14922600	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23	9146728	----a-w-	c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	7697768	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	2218344	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2010-07-10 03:38	12501352	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22	2428776	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22	26331496	----a-w-	c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-10-10 20:22	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-10-10 20:22	15309160	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22	2747240	----a-w-	c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22	19906920	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22	13443944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22	17559912	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-10-09 15:14 . 2012-06-04 10:28	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 15:14 . 2011-05-15 10:18	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-02 19:51 . 2010-07-09 14:27	3293544	----a-w-	c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2010-07-09 14:27	6200680	----a-w-	c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2010-07-09 14:27	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2010-07-09 14:27	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2010-07-09 14:27	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15	430952	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-09-29 18:54 . 2012-01-26 14:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 17:53	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 17:53	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-03 22:30 . 2012-09-03 22:30	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 22:30 . 2012-05-09 01:11	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-03 22:30 . 2011-05-26 22:06	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19 . 2012-10-10 17:53	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 17:53	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 17:53	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 17:53	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 17:53	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 18:05 . 2012-09-22 11:56	1188864	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-22 11:56	1494528	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-22 11:56	134144	----a-w-	c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-22 11:56	9056256	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 18:03 . 2012-09-22 11:56	97792	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 18:03 . 2012-09-22 11:56	735744	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 18:03 . 2012-09-22 11:56	64512	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 18:02 . 2012-09-22 11:56	247808	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 18:02 . 2012-09-22 11:56	12295680	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 18:02 . 2012-09-22 11:56	2453504	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 16:57 . 2012-10-10 17:53	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-24 16:57 . 2012-09-22 11:56	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 15:59 . 2012-09-22 11:56	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 15:20 . 2012-09-22 11:56	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-01-21 220744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-10-17 684024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNDA3100\WNDA3100.exe [2009-9-21 1736704]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys [2009-01-13 560128]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-10 270912]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31w7x.sys [2009-10-21 767488]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 15:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 204.93.211.219:80
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\e8jea1mp.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.http - 81.27.79.181
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-25 01:10; ich@maltegoetz.de; c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\e8jea1mp.default\extensions\ich@maltegoetz.de
FF - ExtSQL: 2012-10-10 00:11; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WNDA3100\Parameters]
@DACL=(02 0000)
.
Zeit der Fertigstellung: 2012-11-21  17:42:45
ComboFix-quarantined-files.txt  2012-11-21 16:42
ComboFix2.txt  2012-11-21 16:12
.
Vor Suchlauf: 14 Verzeichnis(se), 33.818.374.144 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 33.750.908.928 Bytes frei
.
- - End Of File - - E04C39CF3131869A2F6D7B3CFE642C5F
         

Alt 21.11.2012, 17:55   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.11.2012, 18:29   #13
netnocheiner
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 21/11/2012 um 18:28:48 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Max - MAX-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Max\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\e8jea1mp.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3400 octets] - [06/08/2012 17:53:58]
AdwCleaner[R2].txt - [798 octets] - [21/11/2012 18:28:48]
AdwCleaner[S1].txt - [2699 octets] - [07/08/2012 14:23:14]

########## EOF - C:\AdwCleaner[R2].txt - [917 octets] ##########
         

Alt 21.11.2012, 19:26   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.11.2012, 19:49   #15
netnocheiner
 
Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Standard

Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)



OTL.txt
Code:
ATTFilter
OTL logfile created on: 21.11.2012 19:34:30 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Max\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,78% Memory free
4,00 Gb Paging File | 2,76 Gb Available in Paging File | 69,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 30,65 Gb Free Space | 20,56% Space Free | Partition Type: NTFS
Drive D: | 74,50 Gb Total Space | 71,46 Gb Free Space | 95,92% Space Free | Partition Type: NTFS
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Max\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (jswpsapi) -- C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe (Atheros Communications, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (WNDA3100) -- C:\Windows\SysNative\drivers\WNDA31w7x.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WN111v2) -- C:\Windows\SysNative\drivers\WN111v2x.sys (Atheros Communications, Inc.)
DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\@3\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 5D CE 40 DC C5 CD 01  [binary data]
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 204.93.211.219:80
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..network.proxy.http: "81.27.79.181"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 16:20:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 16:20:18 | 000,000,000 | ---D | M]
 
[2011.05.15 10:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2012.10.23 20:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\e8jea1mp.default\extensions
[2012.09.25 00:10:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\e8jea1mp.default\extensions\ich@maltegoetz.de
[2012.03.29 21:35:13 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012.07.26 00:01:50 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.22 20:51:14 | 000,001,182 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\acronym-finder.xml
[2011.08.12 12:45:14 | 000,002,571 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\amazon-search-suggestions.xml
[2011.07.30 00:11:19 | 000,002,251 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\dc-database-en.xml
[2011.05.31 21:25:04 | 000,002,321 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\dictcc.xml
[2011.12.04 21:09:35 | 000,002,279 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\elder-scrolls-en.xml
[2011.08.14 17:36:23 | 000,001,660 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\leo-deu-eng.xml
[2011.07.30 00:11:09 | 000,002,262 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\marvel-database-en.xml
[2011.07.15 02:28:43 | 000,002,322 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\openthesaurus.xml
[2011.11.18 16:37:29 | 000,001,597 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\the-pirate-bay.xml
[2011.11.06 12:39:53 | 000,001,218 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\uespwiki-en.xml
[2011.05.31 21:24:58 | 000,002,006 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\urban-dictionary.xml
[2011.05.16 18:51:19 | 000,001,330 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\wikipedia-en.xml
[2012.03.18 22:11:17 | 000,001,997 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\wolframalpha.xml
[2011.12.10 02:02:33 | 000,002,057 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\youtube-videosuche.xml
[2012.10.27 16:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.27 16:20:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.27 16:20:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.21 12:50:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 20:04:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.21 12:50:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 12:50:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 12:50:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 12:50:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.21 17:40:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\@1..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0 File not found
O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\@1..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\@1\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\@3\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O15 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1E5EB5F-F821-46DC-A7F2-FFC51F45EA77}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.21 18:24:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.21 17:42:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.21 16:50:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.21 16:50:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.21 16:50:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.21 16:50:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.20 22:24:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F116E69E-387E-4B75-9D62-609AA9B37FCA}
[2012.11.20 21:34:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2012.11.20 20:16:35 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe
[2012.11.20 20:14:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe
[2012.11.20 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Uni
[2012.11.19 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{319151FB-D44F-4963-BBFE-F447B76F7028}
[2012.11.18 23:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Ricoh
[2012.11.18 15:49:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CF9C6E5A-6805-4E30-80C2-FBA789A66888}
[2012.11.18 03:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.11.18 03:06:02 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.11.18 02:36:16 | 000,000,000 | ---D | C] -- C:\Users\Max\Local Settings
[2012.11.17 16:30:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E30551CE-C126-4FE2-8EF4-B78B8E67D9C1}
[2012.11.17 03:11:11 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.17 03:11:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.17 03:01:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.17 03:01:58 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.17 03:01:58 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.17 03:01:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.17 02:38:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{39CC731D-E6F2-4043-A189-126C183D05F7}
[2012.11.16 17:33:15 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.16 17:33:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.16 17:33:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.16 17:33:06 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.16 17:33:06 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.16 17:33:06 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.16 17:33:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.16 17:33:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.16 17:33:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.16 17:32:50 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 17:32:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.16 14:38:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{393E2046-49FA-4435-B953-545C5CD9BC6E}
[2012.11.15 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{AAAB3978-2FB7-4010-B8FF-F96DF703CB67}
[2012.11.14 21:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.11.14 18:33:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\HorizonWimba
[2012.11.14 14:33:31 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{132CF4EB-668D-4CEC-AF72-9280A301C40B}
[2012.11.13 16:04:11 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CD7D94D8-7EDA-4102-B301-8A4CA81A7869}
[2012.11.13 02:38:53 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{ADF65CF9-C573-4918-B21C-C986B9FF50BE}
[2012.11.12 14:38:40 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5B05614E-C789-46F8-AB79-4E512626C558}
[2012.11.11 13:28:06 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{67E568EB-F635-4EA2-99BB-179A1D74E326}
[2012.11.10 14:41:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{170F3778-958A-4CE9-A661-7EBF167B838D}
[2012.11.09 16:18:06 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{19AFFE43-CCCB-4BF9-84D6-72D69242F8D4}
[2012.11.09 04:17:41 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3CE167C9-8B04-4CD0-BC22-F8FBBC69CB0A}
[2012.11.08 16:17:29 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{6AF193CC-2276-4233-9EB5-0556FC14DC41}
[2012.11.07 16:21:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{FC0AC3C4-50F1-4675-9D98-05F305973D86}
[2012.11.06 19:49:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5725FC92-6474-40FB-98FB-59695D715A82}
[2012.11.05 17:02:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{BC8DD572-3ED7-474A-8491-F059BB0B3AB0}
[2012.11.04 16:44:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{82F022E1-189B-4C17-8339-0E73EDF023A3}
[2012.11.04 03:08:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3156638E-AB14-4D47-A472-73543CDB1035}
[2012.11.03 15:08:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{6FEADE73-6CC7-48E4-B563-C8C04B3A12C2}
[2012.11.02 18:22:54 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9007DA8B-C8F5-4C8E-A654-7E025E5D5CD9}
[2012.11.01 20:20:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D80794D0-D0BF-46D6-B0EF-26B301045328}
[2012.10.31 16:31:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CB602A12-4D47-4D31-9C9C-27901E9C9F6C}
[2012.10.30 15:12:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DE07DC95-4A65-4733-A630-84E9BB061675}
[2012.10.29 17:20:38 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F4F82240-FDB0-4058-B07B-2DB65F7DFEAB}
[2012.10.28 14:57:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D46D8015-BBCA-46D7-BC43-0D7E47229EF1}
[2012.10.28 01:10:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{149BE589-BD71-47ED-AF1C-16EDAD357724}
[2012.10.27 16:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.27 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{7F26638A-FCCE-4958-942A-958B1E22CD82}
[2012.10.26 13:53:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B9A3AF11-591B-49CE-B89A-DBB18A79BEFA}
[2012.10.25 15:45:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{A8DF5CD7-B4EB-4871-B098-C2003D13E6EC}
[2012.10.24 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DEFA80BC-9DE2-4287-B264-8CBD8F27A968}
[2012.10.23 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5391A965-1368-44D7-BA15-57D455D6B735}
[2012.10.22 20:05:42 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9B7FCCA5-0E30-4A8F-8AF1-637538EA5E40}
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.21 19:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.21 18:27:03 | 000,543,531 | ---- | M] () -- C:\Users\Max\Desktop\adwcleaner.exe
[2012.11.21 17:40:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.21 16:46:52 | 000,001,098 | ---- | M] () -- C:\Users\Max\Desktop\ComboFix - Verknüpfung.lnk
[2012.11.21 15:31:59 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 15:31:59 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 15:23:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.21 15:23:03 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.21 03:07:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 03:07:24 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 03:07:24 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 03:07:24 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 03:07:24 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.20 21:34:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2012.11.20 20:59:35 | 000,000,512 | ---- | M] () -- C:\Users\Max\Desktop\MBR.dat
[2012.11.20 20:16:35 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe
[2012.11.20 20:15:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe
[2012.11.20 19:53:29 | 000,001,392 | ---- | M] () -- C:\Windows\SysNative\ricdb.ini
[2012.11.18 15:22:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.17 14:36:47 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.12 19:44:33 | 002,257,761 | ---- | M] () -- C:\Users\Max\Documents\max2.jpg
[2012.11.12 19:40:56 | 002,143,760 | ---- | M] () -- C:\Users\Max\Documents\20121112_174352.jpg
[2012.11.12 19:40:53 | 002,300,647 | ---- | M] () -- C:\Users\Max\Documents\crawlinginmyskiiin.jpg
[2012.11.12 19:40:47 | 002,245,507 | ---- | M] () -- C:\Users\Max\Documents\20121112_175006.jpg
[2012.11.12 19:40:44 | 002,319,717 | ---- | M] () -- C:\Users\Max\Documents\20121112_175908.jpg
[2012.11.12 19:40:42 | 002,313,252 | ---- | M] () -- C:\Users\Max\Documents\max1.jpg
[2012.11.12 19:40:38 | 002,324,608 | ---- | M] () -- C:\Users\Max\Documents\20121112_180255.jpg
[2012.11.12 19:40:37 | 002,311,649 | ---- | M] () -- C:\Users\Max\Documents\20121112_180339.jpg
[2012.11.12 19:40:35 | 002,328,168 | ---- | M] () -- C:\Users\Max\Documents\20121112_180349.jpg
[2012.11.12 19:40:33 | 002,290,808 | ---- | M] () -- C:\Users\Max\Documents\20121112_180357.jpg
[2012.11.12 19:40:31 | 002,263,260 | ---- | M] () -- C:\Users\Max\Documents\20121112_180429.jpg
[2012.11.12 19:40:28 | 002,190,795 | ---- | M] () -- C:\Users\Max\Documents\20121112_180451.jpg
[2012.11.12 19:40:25 | 002,272,992 | ---- | M] () -- C:\Users\Max\Documents\20121112_180520.jpg
[2012.11.07 17:59:09 | 000,001,366 | ---- | M] () -- C:\Users\Max\Desktop\hulk.rtf
[2012.10.22 23:08:27 | 003,764,050 | ---- | M] () -- C:\Users\Max\Documents\20121022_151547.jpg
[2012.10.22 23:07:32 | 003,375,268 | ---- | M] () -- C:\Users\Max\Documents\20121022_151537.jpg
[2012.10.22 23:06:42 | 003,307,656 | ---- | M] () -- C:\Users\Max\Documents\20121022_151523.jpg
[2012.10.22 23:05:50 | 002,728,989 | ---- | M] () -- C:\Users\Max\Documents\20121022_151618.jpg
[2012.10.22 23:05:08 | 003,267,684 | ---- | M] () -- C:\Users\Max\Documents\20121022_151634.jpg
[2012.10.22 23:04:09 | 003,799,515 | ---- | M] () -- C:\Users\Max\Documents\20121022_151702.jpg
 
========== Files Created - No Company Name ==========
 
[2012.11.21 16:50:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.21 16:50:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.21 16:50:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.21 16:50:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.21 16:50:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.21 16:46:52 | 000,001,098 | ---- | C] () -- C:\Users\Max\Desktop\ComboFix - Verknüpfung.lnk
[2012.11.20 20:59:35 | 000,000,512 | ---- | C] () -- C:\Users\Max\Desktop\MBR.dat
[2012.11.18 23:46:16 | 000,001,392 | ---- | C] () -- C:\Windows\SysNative\ricdb.ini
[2012.11.17 03:11:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 03:01:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.12 19:26:28 | 002,143,760 | ---- | C] () -- C:\Users\Max\Documents\20121112_174352.jpg
[2012.11.12 19:25:51 | 002,300,647 | ---- | C] () -- C:\Users\Max\Documents\crawlinginmyskiiin.jpg
[2012.11.12 19:25:15 | 002,245,507 | ---- | C] () -- C:\Users\Max\Documents\20121112_175006.jpg
[2012.11.12 19:24:38 | 002,319,717 | ---- | C] () -- C:\Users\Max\Documents\20121112_175908.jpg
[2012.11.12 19:24:01 | 002,313,252 | ---- | C] () -- C:\Users\Max\Documents\max1.jpg
[2012.11.12 19:23:26 | 002,257,761 | ---- | C] () -- C:\Users\Max\Documents\max2.jpg
[2012.11.12 19:22:46 | 002,324,608 | ---- | C] () -- C:\Users\Max\Documents\20121112_180255.jpg
[2012.11.12 19:22:07 | 002,311,649 | ---- | C] () -- C:\Users\Max\Documents\20121112_180339.jpg
[2012.11.12 19:21:28 | 002,328,168 | ---- | C] () -- C:\Users\Max\Documents\20121112_180349.jpg
[2012.11.12 19:20:49 | 002,290,808 | ---- | C] () -- C:\Users\Max\Documents\20121112_180357.jpg
[2012.11.12 19:20:07 | 002,263,260 | ---- | C] () -- C:\Users\Max\Documents\20121112_180429.jpg
[2012.11.12 19:19:25 | 002,190,795 | ---- | C] () -- C:\Users\Max\Documents\20121112_180451.jpg
[2012.11.12 19:18:44 | 002,272,992 | ---- | C] () -- C:\Users\Max\Documents\20121112_180520.jpg
[2012.11.07 17:59:09 | 000,001,366 | ---- | C] () -- C:\Users\Max\Desktop\hulk.rtf
[2012.10.22 23:07:33 | 003,764,050 | ---- | C] () -- C:\Users\Max\Documents\20121022_151547.jpg
[2012.10.22 23:06:44 | 003,375,268 | ---- | C] () -- C:\Users\Max\Documents\20121022_151537.jpg
[2012.10.22 23:05:52 | 003,307,656 | ---- | C] () -- C:\Users\Max\Documents\20121022_151523.jpg
[2012.10.22 23:05:10 | 002,728,989 | ---- | C] () -- C:\Users\Max\Documents\20121022_151618.jpg
[2012.10.22 23:04:11 | 003,267,684 | ---- | C] () -- C:\Users\Max\Documents\20121022_151634.jpg
[2012.10.22 23:03:06 | 003,799,515 | ---- | C] () -- C:\Users\Max\Documents\20121022_151702.jpg
[2011.11.10 19:45:57 | 001,420,616 | ---- | C] () -- C:\Users\Max\2011-11-10 19.25.22.jpg
[2011.11.10 19:45:38 | 001,638,144 | ---- | C] () -- C:\Users\Max\2011-11-10 19.26.16.jpg
[2011.11.10 19:45:22 | 001,443,464 | ---- | C] () -- C:\Users\Max\2011-11-10 19.26.30.jpg
[2011.11.10 19:45:03 | 001,601,281 | ---- | C] () -- C:\Users\Max\2011-11-10 19.35.52.jpg
[2011.11.10 19:44:42 | 001,647,716 | ---- | C] () -- C:\Users\Max\2011-11-10 19.37.26.jpg
[2011.11.10 19:44:25 | 001,505,606 | ---- | C] () -- C:\Users\Max\2011-11-10 19.40.03.jpg
[2011.11.10 19:44:09 | 001,392,730 | ---- | C] () -- C:\Users\Max\2011-11-10 19.37.00.jpg
[2011.11.10 19:43:52 | 001,430,322 | ---- | C] () -- C:\Users\Max\2011-11-10 19.38.21.jpg
[2011.11.10 19:43:32 | 001,545,600 | ---- | C] () -- C:\Users\Max\2011-11-10 19.39.40.jpg
[2011.11.10 19:43:15 | 001,503,448 | ---- | C] () -- C:\Users\Max\2011-11-10 19.40.32.jpg
[2011.10.23 20:24:27 | 001,390,133 | ---- | C] () -- C:\Users\Max\2011-10-23 19.54.31.jpg
[2011.07.01 20:56:42 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.05.15 19:02:15 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011.05.15 18:25:41 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.15 09:39:17 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 21.11.2012 19:34:30 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Max\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,78% Memory free
4,00 Gb Paging File | 2,76 Gb Available in Paging File | 69,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 30,65 Gb Free Space | 20,56% Space Free | Partition Type: NTFS
Drive D: | 74,50 Gb Total Space | 71,46 Gb Free Space | 95,92% Space Free | Partition Type: NTFS
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0177D670-E4D9-4A7A-B870-EAC553575309}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{05DC2BF6-3723-40D4-9C4D-5DBD110F9B9D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0CE4F14A-BC99-4580-BACC-82318E301000}" = rport=137 | protocol=17 | dir=out | app=system | 
"{181034E0-4BE3-49BE-AA2F-3163D6B8A651}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1B095E7D-C682-4AFD-9067-E77F958CDC44}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{1C976136-78BF-4ECE-8259-8E1B7160AB8A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2D058946-38EF-4515-A028-8911F93E2F62}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{43467CDE-8F8F-480B-8EC6-22BAFEA4985B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5349EA37-9515-4348-9050-1C4C5337C911}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5F8745CF-D48D-4F35-971C-589B6907E0A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6491C8E1-B504-4735-B470-E80DFA928DA8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6E94BF30-7840-4AF3-8DEC-7FBC00C19C4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74B58830-9741-4B60-B40D-F0B3BF22FBF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8629DAD6-3E8C-4DB2-8C50-41C7730F4EEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A3173C1D-BA58-497D-940D-2BCAC49ABCCC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A4F42316-2B53-41F2-9597-4736A9BB8EF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A51B2A82-446B-4191-A5D4-C6C06E421371}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B4F7EBA3-3FF9-4E44-89BE-C651EE14D991}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B9D8AB71-69E9-4E18-A7BE-D1AB252A4BCC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C46867F0-BFDB-4987-B355-4BBB10501C02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E9A633DE-7ED5-413E-ADA0-030F75E8B2C7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EF09DFDA-D6A6-49BF-9F59-89BA8B91A160}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F219B2FC-46BB-445D-9EAB-587AE787D7C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F34D3336-FC92-42AE-ADB6-7D09CC11120E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073B7B8B-020E-4FD1-918B-D5725E40E05D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{07B7B033-AB77-4BE2-8525-EF0CB03198A2}" = protocol=6 | dir=in | app=c:\users\max\downloads\setup-msgplus-501.exe | 
"{0E910F8D-EACD-45D3-99CA-CB8DBBEC0E9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress classic\hl.exe | 
"{0EFD04A2-AB2D-4144-9E66-6CED9E24CEDE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1305480802\ee\aolsoftware.exe | 
"{187B97F5-8B57-43A9-BE97-A5F4C582FF25}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe | 
"{1DA0A801-8DE5-4977-868E-322B53367CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{2169D3B2-F6AB-4844-90D9-7CE8C1FC96B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{23130B23-D7F9-45B3-BB20-75BEAFD82109}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{24D31768-3DA7-47AB-B7AF-3D4E655E1882}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe | 
"{2A3B1587-1F97-4BD2-99B9-7811C28C8CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{2B1C0897-2201-4C96-998E-A80F8A7E1A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{2C89A31E-FFD9-4B00-9871-D436462B4189}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | 
"{2FC55DBD-4B33-476D-9017-87B1D1CBC000}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2FFB1E25-A2DC-4280-A702-A182706CA9D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{37B20030-47D9-460C-BA24-CCD0260D439E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | 
"{3E8025DD-4CEE-4544-8E08-5352101306D5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{3F6A6C6A-A5F9-4896-953B-90837065C1DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4457FCCE-A4D9-4407-8D57-A06B0DADFDBD}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe | 
"{47BB0751-055F-40E7-A42A-F4A0EF06ECD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5CB4A015-3FA8-41CE-B808-AA72860DA7AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5F4E49D7-0FE9-434C-97B9-6A476451D3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe | 
"{601C4F1B-5FB4-48B0-B24D-DF36863484D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | 
"{6523FAEB-7A50-4BF9-9227-51612F175677}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"{68AA2909-0A75-4531-BB0C-2CBFC3955336}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1305480802\ee\aolsoftware.exe | 
"{6AD00153-E7A8-467D-AF1C-66E2F9845F86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{6BD401E7-ED98-4C9B-B588-ABB880E86446}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress classic\hl.exe | 
"{90AF58B7-2DBD-48CE-ABE7-5DBC9F8B48E4}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe | 
"{979F8844-E07D-4568-AAF3-9C8E1B735C32}" = protocol=17 | dir=in | app=c:\users\max\downloads\setup-msgplus-501.exe | 
"{9BD64D6E-E536-4446-8202-4CBA2A7A4CCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | 
"{9E590996-1D6C-40AC-81BD-EBF823C66C92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{A1280294-1BB8-4BBB-A918-BCE650E23E93}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B1DA823C-6298-43DD-BCF0-53061D8D12BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\day of defeat\hl.exe | 
"{B361C90F-963C-4472-8D71-7741CAE3D38C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{B3B4A880-4DFF-499E-9A25-F25DFBB6BFCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe | 
"{B4C3E8AF-04AF-4933-8015-819DDD59C0FD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B7D978F5-71DC-43D4-BE45-9143E3A53F1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | 
"{BC207B56-91C4-479E-A94B-B43F440C3663}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{C26F3EF6-CAB1-4556-B224-65451CD0AFFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\day of defeat\hl.exe | 
"{C368BE99-E412-4ADC-8A3D-F43D41A03CD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | 
"{C4C4F6E2-615F-498F-B955-A2B025FC7836}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C6ECB584-1149-4CF1-AA5C-87160E545F1C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{C7F625FF-8556-4474-BCD5-FEE40F4E260C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{CA1C27B7-1962-4F2B-8EB3-DC55EC3CA898}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CC9B3F42-576D-438F-B63D-159EE92E4FAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{CD9DE40F-95C0-4E5F-B49D-27557C9E1AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{DB4DFADD-9CE2-4301-BF8B-1DC5A62DBE47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | 
"{E0DA42C7-F41F-4C14-9617-E37A251A2CD7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{E511BE4A-A801-4B33-BE94-F00E83662127}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{EDCBD489-961A-4412-8C19-FEBD81ABB813}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | 
"{F256AE38-4CC6-45DE-BCE0-0F4C4B16D0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"{FCEED16B-87FF-4CCB-A1CA-F1AFACC7828F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{FDDBD0A5-F48C-4BB9-90B4-8A6309AC3B64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{181E4DDE-C6B7-40F3-8E9E-6875F8A2CC5F}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{1848F742-8B70-4F05-8667-6A569046646C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{218E7C6A-A342-414C-9B43-175B600E8F4A}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | 
"TCP Query User{22B563AA-B372-40DC-8659-7FA95DB8ECF5}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | 
"TCP Query User{593462F0-1DFA-440C-B55A-C8319ABCBF23}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{7616EBA7-F3C1-48EB-A215-8220203F2A8B}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{7F4D0631-4843-4C15-8476-213F3EBBDD5C}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | 
"TCP Query User{8A3C2A82-0BA6-4451-9268-2D10FF798286}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | 
"TCP Query User{9A404F08-2CEE-445C-A378-678C2F763257}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{9F6F20A4-2E7B-4174-838B-BC79BF040C12}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | 
"TCP Query User{A4219D3D-EACA-4490-BE3C-2C5F47879F16}C:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe | 
"TCP Query User{B8190FB6-CA31-405F-90D5-AB941C0A0028}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | 
"TCP Query User{D9C7370E-7FB3-4458-96ED-2C80576D40C5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{0862FF82-6D83-4B5D-8156-C953446DC14B}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | 
"UDP Query User{0B535A95-436C-412F-B9DA-04A0208C2420}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{1D4E725B-3E10-4E01-AE26-6EB166728BB7}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | 
"UDP Query User{2C990DF5-049A-4C94-B1F1-3AC365B512B1}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | 
"UDP Query User{4DCF87B2-5615-4B1C-95B9-8318B39155C8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{5AE2CDE6-372C-4F0E-BD0D-F9AF29E6AD7C}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | 
"UDP Query User{67869E89-9642-444D-ABF0-766E6A46F9A5}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{6D45A719-6E60-4FC8-9BDB-78F072D5B464}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | 
"UDP Query User{762B0221-788D-4BAF-B4C9-C2DA181BC296}C:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe | 
"UDP Query User{81F5D7C9-6A18-4562-A7BF-FD7D24220EAB}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{A0AF255C-EC18-4332-B847-1667055720FA}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | 
"UDP Query User{AFA3C7EE-6F00-4DCB-9CB5-421C39EB8751}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{F26FF8F3-40AF-47E0-A3A3-3387EE1ADCB4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Speccy" = Speccy
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = WNDA3100
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2948988-2C6C-4070-BC8B-A1D77FE97D09}_is1" = Running with rifles Demo version 0.4
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDisplay_is1" = CDisplay 1.8
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deus Ex" = Deus Ex
"InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
"InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"IrfanView" = IrfanView (remove only)
"JFK Reloaded" = JFK Reloaded 1.1
"KainUninstallKey" = Legacy of Kain
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"ManyCam" = ManyCam 2.6.55 (remove only)
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Octodad" = Octodad
"OpenAL" = OpenAL
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Steam App 10" = Counter-Strike
"Steam App 130" = Half-Life: Blue Shift
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 50" = Half-Life: Opposing Force
"Steam App 70" = Half-Life
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.09.2012 11:56:14 | Computer Name = Max-PC | Source = acvpndownloader | ID = 67108866
Description = 
 
Error - 28.09.2012 11:56:14 | Computer Name = Max-PC | Source = acvpndownloader | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 18.11.2012 14:54:29 | Computer Name = Max-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e58    Startzeit: 
01cdc5a9061ccef1    Endzeit: 235    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
   
 
Error - 20.11.2012 09:50:24 | Computer Name = Max-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Max\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 5090
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -28835824 (0xFE480010)
Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 704 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 225 Invoked Function: CNetEnvironment::testNetwork Return Code: -28835824 (0xFE480010)
Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 9309 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeCategoryHandler File: .\MainThread.cpp
Line:
 6588 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -28835824
 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 6201
Invoked
 Function: CMainThread::genericNoticeCategoryHandler Return Code: -28835824 (0xFE480010)
Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 6151
Invoked
 Function: CMainThread::processNotice Return Code: -28835824 (0xFE480010) Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnEventSignaled File: .\MainThread.cpp Line: 
5923 Invoked Function: CMainThread::noticeHandler Return Code: -28835824 (0xFE480010)
Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.11.2012 11:48:10 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 704 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 21.11.2012 11:48:10 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 225 Invoked Function: CNetEnvironment::testNetwork Return Code: -28835824 (0xFE480010)
Description:
 HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
[ Media Center Events ]
Error - 06.09.2011 15:38:40 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 06.09.2011 15:39:00 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 06.09.2011 15:39:13 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
[ System Events ]
Error - 12.11.2012 09:00:03 | Computer Name = Max-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.126  registriert werden. Der Computer mit IP-Adresse 192.168.1.124
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 12.11.2012 14:17:34 | Computer Name = Max-PC | Source = BTHUSB | ID = 327696
Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter
 und einem Gerät mit Bluetooth-Adapteradresse (18:e2:c2:3f:ac:2f) ist fehlgeschlagen.
 
Error - 16.11.2012 22:33:20 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%6704
 
Error - 21.11.2012 11:55:57 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 21.11.2012 12:09:36 | Computer Name = Max-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 21.11.2012 12:10:19 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 21.11.2012 12:38:31 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 21.11.2012 12:40:19 | Computer Name = Max-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 21.11.2012 12:40:20 | Computer Name = Max-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 21.11.2012 12:40:50 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >
         

Antwort

Themen zu Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)
administrator, anti-malware, applikation, autostart, befall, bericht, bildschirm, code, dateien, desktop, explorer, firewall, gelöscht, google, löschen, malwarebytes, microsoft, nvidia, nvidia graka, rootkit.necurs.64, software, speicher, tdss, temp, tippen, treiber entfernen, verdacht




Ähnliche Themen: Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)


  1. Wieder einmal rvzr-a.akamaihd.net - Befall
    Plagegeister aller Art und deren Bekämpfung - 16.01.2014 (9)
  2. Spyware und Malware-Befall - Computer startet selbständig neu und meldet Systemfehler
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (1)
  3. Gleich zwei Trojaner auf einmal?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (31)
  4. Abofallen Pop-Ups während dem Tippen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2012 (2)
  5. verursacht Trojaner auf meinem Rechner kryptische Zeichen auf Server?
    Log-Analyse und Auswertung - 09.01.2012 (0)
  6. 2 Mal selbes pogramm auf Pc (einmal 64 bit einmal normal)
    Alles rund um Windows - 21.02.2011 (2)
  7. Systemstart rundll-Meldung und hartnäckiger Trojaner/Spyware Befall
    Log-Analyse und Auswertung - 27.01.2009 (4)
  8. Maleware/Spyware Befall - Manipulierter Browser, Windows Updates deaktiviert ...
    Plagegeister aller Art und deren Bekämpfung - 24.11.2008 (1)
  9. Spyware Befall
    Plagegeister aller Art und deren Bekämpfung - 20.09.2008 (43)
  10. Hilfe! Malware, Spyware, Trojaner etc. alles auf einmal!
    Log-Analyse und Auswertung - 15.09.2008 (5)
  11. Virus/Spyware befall, was soll ich tun? (HiJack Log)
    Mülltonne - 11.08.2008 (0)
  12. Hilfe! Spyware befall...
    Log-Analyse und Auswertung - 25.06.2007 (5)
  13. Spyware Befall?
    Plagegeister aller Art und deren Bekämpfung - 19.11.2006 (2)
  14. Trojaner dm[3 zufällige Zeichen].exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2005 (2)
  15. Spyware suxx ^^ bitte einmal anschauen
    Log-Analyse und Auswertung - 18.07.2005 (2)
  16. Massiver Befall von unterschiedlicher Spyware!
    Plagegeister aller Art und deren Bekämpfung - 06.03.2005 (9)
  17. ein wurm und zwei trojaner...
    Plagegeister aller Art und deren Bekämpfung - 11.12.2004 (1)

Zum Thema Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) - Hallo. Vor ein paar Tagen wurde mein Bildschirm auf einmal schwarz. Nach kurzer Zeit kam wieder ein Bild, doch die Auflösung war sehr niedrig und es hat nichts wirklich funktioniert. - Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)...
Archiv
Du betrachtest: Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.