TrojanDownloader:Win32/Adload.DA

Thomian · 03.06.2013, 23:00

Hallo ihr lieben Helfer,
ich bekomme seit einigen Tagen immer wieder eine Sicherheitsmeldung von Windows:

Entfernen des TrojanDownloader:Win32/Adload.DA-Virus
Windows hat TrojanDownloader:Win32/Adload.DA, einen bekannten Computervirus, auf Ihrem PC erkannt.
TrojanDownloader:Win32/Adload.DA hat bewirkt, dass Ihr PC 3 Mal nicht ordnungsgemäß funktioniert hat, zuketzt am/um 15.05.2013 03:16.

Ich habe mir den Anweisungen der Windows-Hilfe zufolge den Microsoft Safety Scanner runtergeladen. Es wurden keine Bedrohungen gefunden. Auch mein Virenscanner, die Microsoft Security Essentials, haben im vollständigen Scan nichts verdächtiges gefunden. Symptomatisch beobachte ich Systemabstürze (Rechner friert ein) ca. 2-3 mal pro Monat, die evtl. vom Trojaner herrühren könnten? Der Rechner ist gefühlsmäßig auch langsamer geworden, kann aber auch andere Gründe haben (Festplatte voll).

Jetzt bin ich mir unsicher, ob mein Rechner befallen ist, oder nicht. Kann mir jemand hier weiter helfen?

Die Logfiles von Defogger, OTL & gmer waren zu groß und sind gezippt im Anhang. Für den gmer-Scan habe ich den Rechner vom Netz genommen und die Firewall deaktiviert. Die Security Essentials ließen sich leider nicht beenden. Aber ich konnte in den Einstellungen den "Echtzeitschutz" deaktivieren, ich hoffe das reicht aus.

Liebe Grüße,
Thomian

P.S.:
Seitdem ich die Diagnosetools ausgeführt habe, funktioniert meine Bluetooth Maus nicht mehr. Außerdem konnte der Rechner nicht mehr ordnungsgemäß herunter fahren. Es kam dann nach einiger Zeit ein BlueScreen, dessen Inhalt ich mir nicht merken konnte. Ist das normal?

schrauber · 04.06.2013, 04:29

Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Thomian · 04.06.2013, 10:19

Hallo schrauber,

danke für die schnelle Antwort. Meine Bluetooth-Maus funktioniert wieder, nach zweimaligem Neustart. hier kommen die Logfiles...

FRST.txt:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-06-2013 02
Ran by Thomian (administrator) on 04-06-2013 10:00:51
Running from C:\Users\Thomian\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Illustrate\dBpoweramp\NMSAccessU.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [39936 2010-11-23] ()
HKCU\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [955280 2012-04-27] (Samsung)
HKCU\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-05-16] ()
MountPoints2: {66c8874c-451e-11e2-9455-0024beaf0d9c} - E:\setup.exe -a
MountPoints2: {785b2608-fba0-11de-a009-0024beaf0d9c} - "W:\WD SmartWare.exe" autoplay=true
MountPoints2: {b62559ad-183a-11e1-b8d9-9238fb54b57f} - E:\AutoRun.exe
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2010-01-07] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-04-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.uni-greifswald.de:8080
HKCU SearchScopes: DefaultScope {161CF25E-487B-4639-B109-63491DD4AB64} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta
SearchScopes: HKCU - {02FF0A38-28CF-4314-B223-D01333C038D7} URL = hxxp://services.zinio.com/search?s={selection}&rf=sonyslices
SearchScopes: HKCU - {161CF25E-487B-4639-B109-63491DD4AB64} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta
SearchScopes: HKCU - {35F5C2F0-22E0-42DA-B7C9-FFD88221E5A7} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: G Data CloudSecurity - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: G Data CloudSecurity - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - G Data CloudSecurity - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG)
Toolbar: HKLM-x32 - G Data CloudSecurity - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG)
PDF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
PDF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default
FF Homepage: hxxp://www.eclassical.com/pages/daily-deal.html?cache=purge
FF NetworkProxy: "backup.ftp", "94.247.25.163"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "94.247.25.163"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "94.247.25.163"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "5.135.81.16"
FF NetworkProxy: "ftp_port", 7808
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "5.135.81.16"
FF NetworkProxy: "socks_port", 7808
FF NetworkProxy: "ssl", "5.135.81.16"
FF NetworkProxy: "ssl_port", 7808
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @pandasecurity.com/activescan - C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\ich@maltegoetz.de
FF Extension: WOT - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Complete YouTube Saver - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
FF Extension: DownloadHelper - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Bitdefender QuickScan - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: admin - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: azid - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\azid@craue.de.xpi
FF Extension: No Name - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
FF Extension: No Name - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF Extension: No Name - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF Extension: No Name - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 NMSAccessU; C:\Program Files (x86)\Illustrate\dBpoweramp\NMSAccessU.exe [65536 2011-12-08] ()
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [312136 2010-09-27] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2011-07-23] (Arainia Solutions LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [46384 2011-06-24] (Oracle Corporation)
S3 ZOOM_R16MTR; C:\Windows\System32\Drivers\zmr16usbaudio.sys [96768 2012-04-12] (Zoom Corporation.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
R1 truecrypt; System32\drivers\truecrypt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-04 10:00 - 2013-06-04 10:00 - 00000000 ____D C:\FRST
2013-06-04 09:58 - 2013-06-04 09:59 - 01916714 ____A (Farbar) C:\Users\Thomian\Desktop\FRST64.exe
2013-06-04 00:38 - 2013-06-04 00:38 - 00518760 ____A C:\Windows\Minidump\060413-75442-01.dmp
2013-06-03 23:59 - 2013-06-03 23:59 - 00034336 ____A C:\Users\Thomian\Desktop\Logfiles.zip
2013-06-03 23:20 - 2013-06-03 23:20 - 00012082 ____A C:\Users\Thomian\Desktop\gmer_anonymisiert.log
2013-06-03 23:19 - 2013-06-03 23:19 - 00097800 ____A C:\Users\Thomian\Desktop\Extras_anonymisiert.txt
2013-06-03 23:18 - 2013-06-03 23:18 - 00119912 ____A C:\Users\Thomian\Desktop\OTL_anonymisiert.txt
2013-06-03 23:16 - 2013-06-03 23:16 - 00000478 ____A C:\Users\Thomian\Desktop\defogger_disable_anonymisiert.txt
2013-06-03 23:13 - 2013-06-03 23:13 - 00012081 ____A C:\Users\Thomian\Desktop\gmer.txt
2013-06-03 23:13 - 2013-06-03 23:13 - 00012081 ____A C:\Users\Thomian\Desktop\gmer.log
2013-06-03 22:05 - 2013-06-03 22:05 - 00097736 ____A C:\Users\Thomian\Desktop\Extras.Txt
2013-06-03 22:04 - 2013-06-03 22:04 - 00119740 ____A C:\Users\Thomian\Desktop\OTL.Txt
2013-06-03 21:55 - 2013-06-03 21:55 - 00000474 ____A C:\Users\Thomian\Desktop\defogger_disable.log
2013-06-03 21:55 - 2013-06-03 21:55 - 00000000 ____A C:\Users\Thomian\defogger_reenable
2013-06-03 12:30 - 2013-06-03 12:30 - 00036372 ____A C:\Users\Thomian\Desktop\CD_DVD-Emulatoren mit DeFogger deaktivieren - Trojaner-Board.htm
2013-06-03 12:30 - 2013-06-03 12:30 - 00000000 ____D C:\Users\Thomian\Desktop\CD_DVD-Emulatoren mit DeFogger deaktivieren - Trojaner-Board-Dateien
2013-06-03 12:29 - 2013-06-03 12:29 - 00070827 ____A C:\Users\Thomian\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2013-06-03 12:29 - 2013-06-03 12:29 - 00000000 ____D C:\Users\Thomian\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
2013-06-03 12:26 - 2013-06-03 12:04 - 00377856 ____A C:\Users\Thomian\Desktop\gmer_2.1.19163.exe
2013-06-03 12:26 - 2013-06-03 12:03 - 00050477 ____A C:\Users\Thomian\Desktop\Defogger.exe
2013-06-03 12:26 - 2013-06-03 12:02 - 00602112 ____A (OldTimer Tools) C:\Users\Thomian\Desktop\OTL.exe
2013-06-03 12:22 - 2013-06-03 12:23 - 00000000 ____D C:\Users\Thomian\Desktop\neue MP3
2013-06-03 11:16 - 2013-06-03 11:16 - 00000312 ____A C:\Users\Thomian\Desktop\TrojanDownloader.txt
2013-06-03 01:52 - 2013-06-03 01:52 - 00000000 ____D C:\Program Files (x86)\KORG
2013-06-03 01:27 - 2013-06-03 01:27 - 00000000 ____D C:\Users\Thomian\AppData\Roaming\Spotify
2013-06-02 02:05 - 2013-06-04 09:53 - 00000224 ____A C:\Windows\setupact.log
2013-06-02 02:05 - 2013-06-02 02:05 - 00000000 ____A C:\Windows\setuperr.log
2013-05-24 11:05 - 2013-05-24 11:06 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-22 13:24 - 2013-05-22 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 09:45 - 2013-05-20 09:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-20 09:45 - 2013-05-20 09:46 - 00000000 ____D C:\Program Files\iTunes
2013-05-20 09:45 - 2013-05-20 09:45 - 00000000 ____D C:\Program Files\iPod
2013-05-15 21:57 - 2013-05-17 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-15 03:24 - 2013-05-15 03:24 - 00000000 ____D C:\Program Files (x86)\avisplit
2013-05-15 03:17 - 2013-05-15 03:17 - 00000000 ____D C:\Program Files (x86)\BrizAVIJoin
2013-05-15 03:01 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 03:01 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 03:01 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 03:01 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 03:01 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 03:01 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 03:01 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 03:01 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 03:01 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 03:01 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 03:01 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 03:01 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 03:01 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 03:01 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 03:01 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 03:01 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 03:01 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 03:01 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 03:01 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 03:01 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 03:01 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 03:01 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 03:01 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 03:01 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 03:01 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 03:01 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 03:01 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 03:01 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 03:01 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 03:01 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 03:01 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 01:11 - 2013-05-15 01:11 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-14 23:41 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 23:41 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 23:41 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 23:40 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-14 23:40 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-14 23:40 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-14 23:40 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-14 23:40 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 23:40 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-14 23:40 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 23:40 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-14 23:39 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 23:39 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 23:39 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

==================== One Month Modified Files and Folders =======

2013-06-04 10:01 - 2011-12-24 22:25 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-04 10:00 - 2013-06-04 10:00 - 00000000 ____D C:\FRST
2013-06-04 09:59 - 2013-06-04 09:58 - 01916714 ____A (Farbar) C:\Users\Thomian\Desktop\FRST64.exe
2013-06-04 09:57 - 2012-09-23 04:07 - 01832831 ____A C:\Windows\WindowsUpdate.log
2013-06-04 09:54 - 2011-12-24 22:25 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-04 09:53 - 2013-06-02 02:05 - 00000224 ____A C:\Windows\setupact.log
2013-06-04 09:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-04 01:09 - 2012-04-01 12:00 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-04 00:45 - 2009-07-14 06:45 - 00014160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-04 00:45 - 2009-07-14 06:45 - 00014160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-04 00:38 - 2013-06-04 00:38 - 00518760 ____A C:\Windows\Minidump\060413-75442-01.dmp
2013-06-04 00:38 - 2010-04-12 01:38 - 00000000 ____D C:\Windows\Minidump
2013-06-04 00:23 - 2013-04-24 00:13 - 00000000 ____D C:\Users\Thomian\AppData\Roaming\vlc
2013-06-03 23:59 - 2013-06-03 23:59 - 00034336 ____A C:\Users\Thomian\Desktop\Logfiles.zip
2013-06-03 23:20 - 2013-06-03 23:20 - 00012082 ____A C:\Users\Thomian\Desktop\gmer_anonymisiert.log
2013-06-03 23:19 - 2013-06-03 23:19 - 00097800 ____A C:\Users\Thomian\Desktop\Extras_anonymisiert.txt
2013-06-03 23:18 - 2013-06-03 23:18 - 00119912 ____A C:\Users\Thomian\Desktop\OTL_anonymisiert.txt
2013-06-03 23:16 - 2013-06-03 23:16 - 00000478 ____A C:\Users\Thomian\Desktop\defogger_disable_anonymisiert.txt
2013-06-03 23:13 - 2013-06-03 23:13 - 00012081 ____A C:\Users\Thomian\Desktop\gmer.txt
2013-06-03 23:13 - 2013-06-03 23:13 - 00012081 ____A C:\Users\Thomian\Desktop\gmer.log
2013-06-03 22:05 - 2013-06-03 22:05 - 00097736 ____A C:\Users\Thomian\Desktop\Extras.Txt
2013-06-03 22:04 - 2013-06-03 22:04 - 00119740 ____A C:\Users\Thomian\Desktop\OTL.Txt
2013-06-03 21:55 - 2013-06-03 21:55 - 00000474 ____A C:\Users\Thomian\Desktop\defogger_disable.log
2013-06-03 21:55 - 2013-06-03 21:55 - 00000000 ____A C:\Users\Thomian\defogger_reenable
2013-06-03 21:55 - 2010-01-07 14:09 - 00000000 ____D C:\users\Thomian
2013-06-03 12:30 - 2013-06-03 12:30 - 00036372 ____A C:\Users\Thomian\Desktop\CD_DVD-Emulatoren mit DeFogger deaktivieren - Trojaner-Board.htm
2013-06-03 12:30 - 2013-06-03 12:30 - 00000000 ____D C:\Users\Thomian\Desktop\CD_DVD-Emulatoren mit DeFogger deaktivieren - Trojaner-Board-Dateien
2013-06-03 12:29 - 2013-06-03 12:29 - 00070827 ____A C:\Users\Thomian\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2013-06-03 12:29 - 2013-06-03 12:29 - 00000000 ____D C:\Users\Thomian\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
2013-06-03 12:25 - 2013-02-22 17:28 - 00000000 ____D C:\Users\Thomian\Desktop\aktuelle Dateien
2013-06-03 12:23 - 2013-06-03 12:22 - 00000000 ____D C:\Users\Thomian\Desktop\neue MP3
2013-06-03 12:10 - 2012-01-08 21:08 - 00000000 ____D C:\DOSgames
2013-06-03 12:04 - 2013-06-03 12:26 - 00377856 ____A C:\Users\Thomian\Desktop\gmer_2.1.19163.exe
2013-06-03 12:03 - 2013-06-03 12:26 - 00050477 ____A C:\Users\Thomian\Desktop\Defogger.exe
2013-06-03 12:02 - 2013-06-03 12:26 - 00602112 ____A (OldTimer Tools) C:\Users\Thomian\Desktop\OTL.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00000312 ____A C:\Users\Thomian\Desktop\TrojanDownloader.txt
2013-06-03 01:54 - 2011-06-21 21:43 - 00000000 ____D C:\Users\Thomian\AppData\Roaming\AudioGate
2013-06-03 01:52 - 2013-06-03 01:52 - 00000000 ____D C:\Program Files (x86)\KORG
2013-06-03 01:49 - 2011-06-21 21:42 - 00000000 ____D C:\Windows\Downloaded Installations
2013-06-03 01:27 - 2013-06-03 01:27 - 00000000 ____D C:\Users\Thomian\AppData\Roaming\Spotify
2013-06-03 00:09 - 2010-01-08 05:47 - 00000000 ____D C:\Users\Thomian\AppData\Roaming\foobar2000
2013-06-02 23:57 - 2011-06-24 01:44 - 00000000 ____D C:\Users\Thomian\AppData\Roaming\Gestionnaire de Téléchargements Qobuz
2013-06-02 22:06 - 2009-07-14 19:58 - 00754966 ____A C:\Windows\System32\perfh007.dat
2013-06-02 22:06 - 2009-07-14 19:58 - 00172786 ____A C:\Windows\System32\perfc007.dat
2013-06-02 22:06 - 2009-07-14 07:13 - 01764508 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-02 20:53 - 2010-08-03 14:45 - 00000000 ____D C:\Users\Thomian\AppData\Roaming\Audacity
2013-06-02 02:05 - 2013-06-02 02:05 - 00000000 ____A C:\Windows\setuperr.log
2013-05-25 16:16 - 2010-08-31 23:14 - 00000000 ____D C:\Users\Thomian\dwhelper
2013-05-24 11:06 - 2013-05-24 11:05 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-23 10:25 - 2012-04-30 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 13:24 - 2013-05-22 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 09:46 - 2013-05-20 09:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-20 09:46 - 2013-05-20 09:45 - 00000000 ____D C:\Program Files\iTunes
2013-05-20 09:45 - 2013-05-20 09:45 - 00000000 ____D C:\Program Files\iPod
2013-05-17 16:16 - 2013-05-15 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-15 08:37 - 2009-08-19 04:17 - 00000000 ____D C:\Windows\Panther
2013-05-15 07:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-15 05:25 - 2009-07-14 06:45 - 00456560 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 03:24 - 2013-05-15 03:24 - 00000000 ____D C:\Program Files (x86)\avisplit
2013-05-15 03:17 - 2013-05-15 03:17 - 00000000 ____D C:\Program Files (x86)\BrizAVIJoin
2013-05-15 03:11 - 2010-01-07 13:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-15 03:06 - 2010-01-07 18:54 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 01:11 - 2013-05-15 01:11 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-15 01:11 - 2012-04-01 12:00 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 01:11 - 2011-05-25 02:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 17:22 - 2011-07-19 11:16 - 00000000 ____D C:\Users\Thomian\AppData\Roaming\MediaMonkey
2013-05-07 10:16 - 2010-01-08 00:51 - 00000000 ____D C:\Users\Thomian\AppData\Roaming\Skype
2013-05-06 16:57 - 2011-08-11 19:53 - 00000000 ___RD C:\taize

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-06-03 02:25

==================== End Of Log ============================

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-06-2013 02
Ran by Thomian at 2013-06-04 10:01:27 Run:
Running from C:\Users\Thomian\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
Adobe AIR (Version: 3.4.0.2710)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Photoshop Elements 7.0 (Version: 7.0.1)
Adobe Photoshop Elements 7.0 (Version: 7.0.1.3)
Adobe Premiere Elements 7.0 (Version: 7.0.1)
Adobe Premiere Elements 7.0 (Version: 7.0.1.3)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000)
Age of Empires III (Version: 1.00.0000)
Album Art Downloader XUI 0.46 (Version: 0.46)
Alesis CD24 ISO Image Builder v1.02
AllSync (Version: 3.5.12)
Alps Pointing-device for VAIO
AmazingMIDI
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.1.85)
ArcSoft WebCam Companion 3 (Version: 3.0.21.278)
Aria Maestosa 1.4.2
ATI Catalyst Install Manager (Version: 3.0.732.0)
Audacity 1.3.13 (Unicode)
AudioFormatConverter
AVI Joiner
AVI Splitter
Avidemux 2.5 (Version: 2.5.4.7200)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Full Existing (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Full New (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Light (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Previews Common (Version: 2009.0710.1127.18698)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0710.1127.18698)
Catalyst Control Center InstallProxy (Version: 2009.0710.1127.18698)
Catalyst Control Center Localization All (Version: 2009.0710.1127.18698)
CCC Help Chinese Standard (Version: 2009.0720.2144.37243)
CCC Help Chinese Traditional (Version: 2009.0720.2144.37243)
CCC Help Czech (Version: 2009.0720.2144.37243)
CCC Help Danish (Version: 2009.0720.2144.37243)
CCC Help Dutch (Version: 2009.0720.2144.37243)
CCC Help English (Version: 2009.0720.2144.37243)
CCC Help Finnish (Version: 2009.0720.2144.37243)
CCC Help French (Version: 2009.0720.2144.37243)
CCC Help German (Version: 2009.0720.2144.37243)
CCC Help Greek (Version: 2009.0720.2144.37243)
CCC Help Hungarian (Version: 2009.0720.2144.37243)
CCC Help Italian (Version: 2009.0720.2144.37243)
CCC Help Japanese (Version: 2009.0720.2144.37243)
CCC Help Korean (Version: 2009.0720.2144.37243)
CCC Help Norwegian (Version: 2009.0720.2144.37243)
CCC Help Polish (Version: 2009.0720.2144.37243)
CCC Help Portuguese (Version: 2009.0720.2144.37243)
CCC Help Russian (Version: 2009.0720.2144.37243)
CCC Help Spanish (Version: 2009.0720.2144.37243)
CCC Help Swedish (Version: 2009.0720.2144.37243)
CCC Help Thai (Version: 2009.0720.2144.37243)
CCC Help Turkish (Version: 2009.0720.2144.37243)
ccc-core-static (Version: 2009.0710.1127.18698)
ccc-utility64 (Version: 2009.0710.1127.18698)
CCleaner (Version: 3.24)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
Click to Disc (Version: 1.2.73.04270)
Click to Disc Editor (Version: 2.0.02)
Click to Disc Editor (Version: 2.0.03.04150)
ConvertHelper 2.2
Corel WinDVD (Version: 8.8.0.282)
Data Lifeguard Diagnostic for Windows 1.24
dBpoweramp [Multi Encoder] Codec (Version: Release 4)
dBpoweramp CD Writer (Version: Release 4)
dBpoweramp CD Writer Limited User Burning Service
dBpoweramp DSP Effects (Version: Release 7)
dBpoweramp m4a Codec (Version: Release 14)
dBpoweramp Music Converter (Version: Release 14.2)
dBpoweramp Windows Media Audio 10 Codec (Version: Release 7)
DirSync UNICODE  2.93
Dolby Control Center (Version: 1.2.0702)
Downloader Qobuz
dradio-Recorder Version 3.02.0
Dropbox (Version: 1.6.18)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
dvda-author (uninstall only)
easySYNC  1.0
eClassical Download Manager
Einstellungen für VAIO-Inhaltsüberwachung (Version: 2.6.0.11050)
Exact Audio Copy 1.0beta3 (Version: 1.0beta3)
foobar2000 v1.2.5 (Version: 1.2.5)
Free MP4 Video Converter version 5.0.21.1212 (Version: 5.0.21.1212)
FreeOCR v4.2
G Data CloudSecurity (Version: 2.00.2000)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
Hardlock Device Driver
HD-Audio Solo Ultra 4.2 (Version: 4.2)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi-Software (Version: 13.00.0000)
Intel® Matrix Storage Manager
iTSfv 5.61.2.1 (Version: 5.61.2.1)
iTunes (Version: 11.0.3.42)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 20 (64-bit) (Version: 6.0.200)
Java(TM) 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
KORG AudioGate (Version: 2.3.2)
Linn Download Manager (Version: 1.2.1)
MakeMKV v1.8.0 (Version: v1.8.0)
MediaMonkey 4.0 (Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 x64 English (Version: 3.5.5692.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoHelper MergeModules (Version: 1.2.0)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 17.0.6 (x86 de) (Version: 17.0.6)
Mp3tag v2.48 (Version: v2.48)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MuseScore 1.2 MuseScore score typesetter (Version: 1.2.0)
Music Transfer (Version: 1.3.01.13160)
My MP4Box GUI 0.5.5.4 (Version: 0.5.5.4)
MyFreeCodec
Oracle VM VirtualBox 4.2.6 (Version: 4.2.6)
Panda ActiveScan 2.0 (Version: 01.04.01.0014)
pdfsam (Version: 2.2.1)
Primo (Version: 1.00.0000)
QuickTime (Version: 7.74.80.86)
Real Alternative 2.0.1 (Version: 2.0.1)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.5897)
Realtek High Definition Audio Driver (Version: 6.0.1.5886)
Regi (Version: 1.00.0000)
Remote Keyboard (Version: 1.1.1.03020)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy Media Creator 10 LJ (Version: 10.3)
Roxio Easy Media Creator Home (Version: 10.3.121)
Runtime (Version: 1.00.0000)
Samsung Kies (Version: 2.3.1.12044_18)
Samsung ML-1630W Series
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.4.0)
ScummVM 1.5.0
SES Driver (Version: 1.0.0)
Setting Utility Series (Version: 5.0.0.07300)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040)
Setup_msm_VOFS_x64 (Version: 2.3.0.09270)
Setup_VEP_x64_Contain_SSDB_VCSW (Version: 3.9.0.09270)
Setup1 (Version: 1.0.0)
Skype™ 6.1 (Version: 6.1.129)
SOHLib Merge Module (Version: 2.2.0.11240)
Sony Home Network Library (Version: 2.0.0.07280)
Sony Home Network Library (Version: 2.2.0.11240)
Sony Picture Utility (Version: 4.2.12.16210)
SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013. (Version: +Recorder.2013.55)
SysSync
TrueCrypt (Version: 7.1a)
Unterstützung für VAIO-Präsentation (Version: 2.0.0.05270)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.5000.00)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VAIO - Remote-Tastatur  (Version: 1.0.1.03020)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.6.1.12010)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.9.20.08110)
VAIO Content Metadata Intelligent Network Service Manager (Version: 3.9.20.08110)
VAIO Content Metadata Manager Settings (Version: 3.9.20.08110)
VAIO Content Metadata XML Interface Library (Version: 3.9.20.08110)
VAIO Control Center (Version: 4.0.0.06120)
VAIO Data Restore Tool (Version: 1.1.01.06290)
VAIO DVD Menu Data Basic (Version: 1.0.00.08130)
VAIO Energie Verwaltung (Version: 4.0.0.07160)
VAIO Entertainment Platform (Version: 3.9.0.11160)
VAIO Event Service (Version: 5.0.0.07010)
VAIO FW screensaver (Version: 1.0.0.0)
VAIO Gate (Version: 2.4.1.09230)
VAIO Marketing Tools
VAIO Media plus (Version: 2.0.0.07280)
VAIO Media plus Opening Movie (Version: 1.2.0.09100)
VAIO Movie Story (Version: 1.5.00.06191)
VAIO Movie Story (Version: 1.5.01.05120)
VAIO Movie Story 1.5 Upgrade (Version: 1.5.01.05120)
VAIO Movie Story Template Data (Version: 1.5.01.05120)
VAIO Original Funktion Einstellungen (Version: 2.3.0.11240)
VAIO Premium Partners 1.00
VAIO Smart Network (Version: 3.3.1.08110)
VAIO Update (Version: 6.1.1.10250)
VAIO Wallpaper Contents (Version: 2.0.0.06010)
VAIO-Support für Übertragungen (Version: 1.1.2.06030)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
VLC media player 2.0.6 (Version: 2.0.6)
VOB2MPG v3 (Version: 3.2.2000)
VU5x64 (Version: 1.1.0)
VU5x86 (Version: 1.0.0)
VU5x86 (Version: 1.1.0)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Winamp (Version: 5.621 )
Winamp Erkennungs-Plug-in (Version: 1.0.0.1)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0) (Version: 03/06/2009 1.0.0008.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

==================== Restore Points  =========================

02-06-2013 23:51:37 Installed KORG AudioGate.

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2013 03:05:08 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/02/2013 08:58:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CD24IsoBuilder.exe, Version: 1.0.0.1, Zeitstempel: 0x3d2f5b69
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002d7ca
ID des fehlerhaften Prozesses: 0x1150
Startzeit der fehlerhaften Anwendung: 0xCD24IsoBuilder.exe0
Pfad der fehlerhaften Anwendung: CD24IsoBuilder.exe1
Pfad des fehlerhaften Moduls: CD24IsoBuilder.exe2
Berichtskennung: CD24IsoBuilder.exe3

Error: (06/02/2013 08:57:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CD24IsoBuilder.exe, Version: 1.0.0.1, Zeitstempel: 0x3d2f5b69
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002d7ca
ID des fehlerhaften Prozesses: 0x1368
Startzeit der fehlerhaften Anwendung: 0xCD24IsoBuilder.exe0
Pfad der fehlerhaften Anwendung: CD24IsoBuilder.exe1
Pfad des fehlerhaften Moduls: CD24IsoBuilder.exe2
Berichtskennung: CD24IsoBuilder.exe3

Error: (06/02/2013 08:56:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CD24IsoBuilder.exe, Version: 1.0.0.1, Zeitstempel: 0x3d2f5b69
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002d225
ID des fehlerhaften Prozesses: 0xf18
Startzeit der fehlerhaften Anwendung: 0xCD24IsoBuilder.exe0
Pfad der fehlerhaften Anwendung: CD24IsoBuilder.exe1
Pfad des fehlerhaften Moduls: CD24IsoBuilder.exe2
Berichtskennung: CD24IsoBuilder.exe3

Error: (06/02/2013 08:55:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CD24IsoBuilder.exe, Version: 1.0.0.1, Zeitstempel: 0x3d2f5b69
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002d225
ID des fehlerhaften Prozesses: 0x1ae0
Startzeit der fehlerhaften Anwendung: 0xCD24IsoBuilder.exe0
Pfad der fehlerhaften Anwendung: CD24IsoBuilder.exe1
Pfad des fehlerhaften Moduls: CD24IsoBuilder.exe2
Berichtskennung: CD24IsoBuilder.exe3

Error: (06/02/2013 04:15:37 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/02/2013 02:06:04 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/02/2013 02:06:04 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/02/2013 02:06:04 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/02/2013 02:06:04 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (06/04/2013 09:54:06 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.

Error: (06/04/2013 09:54:04 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "hardlock" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/04/2013 09:54:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/04/2013 09:53:44 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/04/2013 09:53:44 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/04/2013 00:38:13 AM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8003ce7660, 0xfffff80004dc24d0)C:\Windows\MEMORY.DMP060413-75442-01

Error: (06/04/2013 00:38:06 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.

Error: (06/04/2013 00:38:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "hardlock" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/04/2013 00:38:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/04/2013 00:38:00 AM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-12-09 01:16:28.722
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-09 01:16:28.612
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-09 01:16:28.502
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-09 01:16:28.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-03 10:18:55.145
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-03 10:18:55.075
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-03 10:18:55.005
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-03 10:18:54.915
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-16 23:16:08.091
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-16 23:16:08.031
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 4063.02 MB
Available physical RAM: 2569.33 MB
Total Pagefile: 8124.23 MB
Available Pagefile: 6326.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:190.78 GB) (Free:13.22 GB) NTFS (Disk=0 Partition=3)
Drive d: (Daten) (Fixed) (Total:263.67 GB) (Free:1.82 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 15C9000C)
Partition 1: (Not Active) - (Size=11 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=191 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=264 GB) - (Type=OF Extended)

==================== End Of Log ============================

Danke fürs drüberschauen.
LG,
Thomian

schrauber · 04.06.2013, 10:40

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Thomian · 04.06.2013, 13:21

danke schrauber,
Voilà das Logfile vom Combofix.
Die Fehlermeldung kam erst, als ich das Logfile öffnen wollte. Neustart & das logfile ließ sich öffnen. Prima. Ich habe das Logfile dann vom Rootverzeichnis "C:\" auf den Desktop verschoben, damt ich es wieder finde. Ich hoffe das ist OK so, und ComboFix braucht es nicht mehr im Rootverzeichnis. Sonst kann ich es auch wieder zurück verschieben.

ComboFix:

Code:

ATTFilter

ComboFix 13-06-03.06 - Thomian 04.06.2013  13:33:35.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4063.2385 [GMT 2:00]
ausgeführt von:: c:\users\Thomian\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Thomian\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
c:\users\Thomian\AppData\Roaming\.#
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-04 bis 2013-06-04  ))))))))))))))))))))))))))))))
.
.
2013-06-04 08:00 . 2013-06-04 08:00	--------	d-----w-	C:\FRST
2013-06-03 22:15 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6334872-0EEE-46A5-AC87-04A248651F72}\mpengine.dll
2013-06-03 21:28 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-02 23:52 . 2013-06-02 23:52	--------	d-----w-	c:\program files (x86)\KORG
2013-06-02 23:27 . 2013-06-02 23:27	--------	d-----w-	c:\users\Thomian\AppData\Roaming\Spotify
2013-05-24 09:06 . 2013-05-24 09:06	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-24 09:06 . 2013-05-24 09:06	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-24 09:06 . 2013-05-24 09:06	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-24 09:06 . 2013-05-24 09:06	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-24 09:06 . 2013-05-24 09:06	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-24 09:05 . 2013-05-24 09:06	--------	d-----w-	c:\program files (x86)\QuickTime
2013-05-21 08:20 . 2013-05-21 08:16	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CB5A54A-02B7-4986-B26C-AE2AF52F7950}\gapaengine.dll
2013-05-20 07:45 . 2013-05-20 07:45	--------	d-----w-	c:\program files\iPod
2013-05-20 07:45 . 2013-05-20 07:46	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-20 07:45 . 2013-05-20 07:46	--------	d-----w-	c:\program files\iTunes
2013-05-15 19:57 . 2013-05-17 14:16	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-05-15 01:24 . 2013-05-15 01:24	--------	d-----w-	c:\program files (x86)\avisplit
2013-05-15 01:17 . 2013-05-15 01:17	--------	d-----w-	c:\program files (x86)\BrizAVIJoin
2013-05-14 23:11 . 2013-05-14 23:11	17613192	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-14 21:41 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-14 21:41 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-14 21:41 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-14 21:40 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-14 21:40 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-14 21:40 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-14 21:40 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-14 21:40 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-14 21:40 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-14 21:39 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-14 21:39 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-14 21:39 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 01:06 . 2010-01-07 16:54	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-14 23:11 . 2012-04-01 10:00	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 23:11 . 2011-05-25 00:20	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2010-03-26 12:13	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2013-04-24 12:37 . 2011-03-27 12:39	905296	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-24 00:38 . 2012-06-01 11:45	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-24 00:37 . 2012-06-01 11:45	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-13 05:49 . 2013-05-14 21:41	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 21:41	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 21:41	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 21:41	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 21:41	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 21:41	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 23:53	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-04 03:35 . 2013-04-26 10:21	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-23 04:33 . 2012-07-13 11:17	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-23 04:33 . 2010-04-22 09:53	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 03:31	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 03:31	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 03:31	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 03:31	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 03:31	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 03:31	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-15 10:50 . 2013-03-15 10:50	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-15 10:50 . 2013-03-15 10:50	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-15 10:50 . 2013-03-15 10:50	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-15 10:50 . 2013-03-15 10:50	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-15 10:50 . 2013-03-15 10:50	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-15 10:50 . 2013-03-15 10:50	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-15 10:50 . 2013-03-15 10:50	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-15 10:50 . 2013-03-15 10:50	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-15 10:50 . 2013-03-15 10:50	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-15 10:50 . 2013-03-15 10:50	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-15 10:50 . 2013-03-15 10:50	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-15 10:50 . 2013-03-15 10:50	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-15 10:50 . 2013-03-15 10:50	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-15 10:50 . 2013-03-15 10:50	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-15 10:50 . 2013-03-15 10:50	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-15 10:50 . 2013-03-15 10:50	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-15 10:50 . 2013-03-15 10:50	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-15 10:50 . 2013-03-15 10:50	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-15 10:50 . 2013-03-15 10:50	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-15 10:50 . 2013-03-15 10:50	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-15 10:50 . 2013-03-15 10:50	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-15 10:50 . 2013-03-15 10:50	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-15 10:50 . 2013-03-15 10:50	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-15 10:50 . 2013-03-15 10:50	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-15 10:50 . 2013-03-15 10:50	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-15 10:50 . 2013-03-15 10:50	441856	----a-w-	c:\windows\system32\html.iec
2013-03-15 10:50 . 2013-03-15 10:50	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-15 10:50 . 2013-03-15 10:50	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-15 10:50 . 2013-03-15 10:50	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-15 10:50 . 2013-03-15 10:50	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-15 10:50 . 2013-03-15 10:50	235008	----a-w-	c:\windows\system32\url.dll
2013-03-15 10:50 . 2013-03-15 10:50	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-15 10:50 . 2013-03-15 10:50	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-15 10:50 . 2013-03-15 10:50	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-15 10:50 . 2013-03-15 10:50	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-15 10:50 . 2013-03-15 10:50	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-15 10:50 . 2013-03-15 10:50	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-15 10:50 . 2013-03-15 10:50	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-15 10:50 . 2013-03-15 10:50	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-15 10:50 . 2013-03-15 10:50	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-15 10:50 . 2013-03-15 10:50	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-15 10:50 . 2013-03-15 10:50	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-15 10:50 . 2013-03-15 10:50	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-15 10:50 . 2013-03-15 10:50	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-15 10:50 . 2013-03-15 10:50	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-15 10:50 . 2013-03-15 10:50	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-15 10:50 . 2013-03-15 10:50	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-15 10:50 . 2013-03-15 10:50	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-15 10:50 . 2013-03-15 10:50	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2009-09-27 07:39	369152	--sh--w-	c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31	32256	--sh--w-	c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 08:11	719872	--sh--w-	c:\windows\SysWOW64\devil.dll
2006-05-03 09:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2004-01-24 22:00	70656	--sh--w-	c:\windows\SysWOW64\i420vfw.dll
2007-02-21 10:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 21:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
2012-10-05 17:54	188416	--sha-r-	c:\windows\SysWOW64\winDCE32.dll
2004-01-24 22:00	70656	--sh--w-	c:\windows\SysWOW64\yv12vfw.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	129272	----a-w-	c:\users\Thomian\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	129272	----a-w-	c:\users\Thomian\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	129272	----a-w-	c:\users\Thomian\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dradio-RecorderTimer"="c:\program files (x86)\dradio-Recorder\phonostarTimer.exe" [2010-11-23 39936]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-27 955280]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-15 21416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-01-07 26624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-27 3521424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 10:49	98304	------w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 VBTUSB;VBTUSB.Sys VAIO Bluetooth Driver over USB device;c:\windows\system32\Drivers\VBTUSB.sys;c:\windows\SYSNATIVE\Drivers\VBTUSB.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 ZOOM_R16MTR;ZOOM R16 Audio Interface;c:\windows\system32\Drivers\zmr16usbaudio.sys;c:\windows\SYSNATIVE\Drivers\zmr16usbaudio.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys;c:\windows\SYSNATIVE\drivers\pavboot64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 23:11]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 20:25]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 20:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	162552	----a-w-	c:\users\Thomian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	162552	----a-w-	c:\users\Thomian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	162552	----a-w-	c:\users\Thomian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	162552	----a-w-	c:\users\Thomian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.uni-greifswald.de:8080
uInternet Settings,ProxyOverride = *.uni-greifswald.de;141.53.*;127.0.0.1;<local>;*.local;192.168.*.*
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.eclassical.com/pages/daily-deal.html?cache=purge
FF - prefs.js: network.proxy.ftp - 5.135.81.16
FF - prefs.js: network.proxy.ftp_port - 7808
FF - prefs.js: network.proxy.socks - 5.135.81.16
FF - prefs.js: network.proxy.socks_port - 7808
FF - prefs.js: network.proxy.ssl - 5.135.81.16
FF - prefs.js: network.proxy.ssl_port - 7808
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-31 23:28; admin@proxy-listen.de; c:\users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\extensions\admin@proxy-listen.de.xpi
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp CD Writer Limited User Burning Service - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-Hardlock Device Driver - c:\windows\System32\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2996393114-1896572801-3381556187-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13A58962-EBBC-2B6F-26E8-A8B8F7E714E0}*]
"ianfinofkjncgnpdde"=hex:6a,61,6e,6b,6c,6d,69,6d,6c,61,67,6f,65,69,70,69,65,69,
   61,66,00,00
"hapfkcgkjafjplbd"=hex:6a,61,68,6c,66,6b,6b,6a,61,70,6c,6f,62,62,64,65,6a,6c,
   66,70,00,00
"ianhkpcehalmifpmho"=hex:67,61,63,68,64,63,6d,6e,66,70,6d,65,64,6c,00,00
"kahfoaldmgfejhiemekddf"=hex:62,62,66,6a,6c,62,6a,67,69,6e,70,67,64,6b,70,66,
   6d,6b,65,6f,67,6a,67,68,6b,64,6f,61,6f,69,64,6f,6e,6e,6a,65,00,91
.
[HKEY_USERS\S-1-5-21-2996393114-1896572801-3381556187-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E763C85C-F470-E1E8-3881-FF846B05D76A}*]
"haobgofdikknjpok"=hex:6a,61,6d,64,6e,70,6a,6c,67,68,6e,64,62,61,6b,67,69,6c,
   69,68,00,00
"iamcnimephikapaenh"=hex:67,61,64,62,67,6f,67,65,68,67,68,61,66,62,00,00
"iamemgajfiiblonbpe"=hex:6b,61,66,66,70,62,65,67,67,6a,6a,6d,6d,6e,68,6b,6f,63,
   6c,67,65,68,00,00
"kagbnnmfjdiagdndkbfkpa"=hex:62,62,65,61,63,6e,6a,70,69,61,6f,70,66,61,6f,68,
   62,68,68,6c,70,62,6e,6d,62,6d,70,6e,6e,6e,66,64,63,69,6d,6b,00,c5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Illustrate\dBpoweramp\NMSAccessU.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-04  13:47:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-04 11:47
.
Vor Suchlauf: 25 Verzeichnis(se), 14.268.284.928 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 13.879.115.776 Bytes frei
.
- - End Of File - - 03E911B2968B41D5765F014FD851ED16

LG,
Thomian

schrauber · 04.06.2013, 14:34

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches OTL log bitte.

Thomian · 04.06.2013, 17:03

Hi schrauber,
du bist echt schnell im antworten. Danke. Hier kommen die gewünschten Logfiles...
Gibts denn schon irgendwelche Anzeichen für den Trojaner in den Logfiles der bisherigen Diagnosetools?
OTL habe ich erneut im "QuickScan" laufen lassen (ohne irgendwas zu verstellen). Ich frage mich, warum in den Voreinstellungen "Alle Benutzer" abgehakt ist...

AdwCleaner[S1].txt :

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 04/06/2013 um 17:19:18 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Thomian - THOMIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Thomian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\foxydeal.sqlite
Ordner Gelöscht : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Thomian\AppData\Roaming\Mozilla\Firefox\Profiles\uawh0jg6.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1851 octets] - [04/06/2013 17:19:18]

########## EOF - C:\AdwCleaner[S1].txt - [1911 octets] ##########

JRT.txt :

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Thomian on 04.06.2013 at 17:25:36,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\invalidprefs.js
Emptied folder: C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\minidumps [218 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.06.2013 at 17:30:32,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL :

Code:

ATTFilter

OTL logfile created on: 04.06.2013 17:37:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomian\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 66,13% Memory free
7,93 Gb Paging File | 6,25 Gb Available in Paging File | 78,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 190,78 Gb Total Space | 12,97 Gb Free Space | 6,80% Space Free | Partition Type: NTFS
Drive D: | 263,67 Gb Total Space | 1,82 Gb Free Space | 0,69% Space Free | Partition Type: NTFS
 
Computer Name: THOMIAN-PC | User Name: Thomian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.03 12:02:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomian\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.16 01:22:27 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.04.27 02:13:06 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.12.08 18:24:07 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Illustrate\dBpoweramp\NMSAccessU.exe
PRC - [2010.11.23 19:26:00 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
PRC - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010.05.07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.01.07 13:29:30 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
PRC - [2009.07.01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.07.01 12:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.05.26 10:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.04 13:53:36 | 000,115,137 | ---- | M] () -- C:\Users\Thomian\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
MOD - [2013.05.15 05:30:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.15 05:29:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.15 03:06:23 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013.05.15 03:06:05 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013.05.15 03:05:59 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013.05.15 03:05:49 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013.05.15 03:05:47 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013.05.15 03:05:44 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013.02.17 02:04:24 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.01.13 15:23:42 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013.01.13 15:21:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013.01.13 15:20:57 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.11 18:10:19 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.11 18:09:57 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.11 18:09:52 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.11 18:09:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.11 16:00:54 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.11 16:00:26 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.11 16:00:22 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.11 16:00:20 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.11 16:00:13 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.05.16 01:22:27 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.23 19:26:00 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.10.01 13:06:52 | 002,278,912 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\QtCore4.dll
MOD - [2010.09.10 15:07:26 | 000,416,256 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\plugins\sqldrivers\qsqlite4.dll
MOD - [2010.09.10 12:20:48 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\QtGui4.dll
MOD - [2010.09.10 12:06:58 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\QtSql4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.27 22:22:02 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.22 13:24:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 01:11:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2011.12.08 18:24:07 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Illustrate\dBpoweramp\NMSAccessU.exe -- (NMSAccessU)
SRV - [2011.05.19 20:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.10.25 18:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.10.25 18:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.10.12 16:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.09.27 16:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010.09.27 16:13:22 | 000,312,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2010.09.27 16:13:22 | 000,303,872 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2010.09.27 16:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.09.10 09:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.09.10 09:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010.05.07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.07 13:18:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.07.24 06:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2009.07.16 10:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.26 12:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.06.26 12:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.21 14:42:35 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.04.12 10:49:42 | 000,096,768 | ---- | M] (Zoom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zmr16usbaudio.sys -- (ZOOM_R16MTR)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.07.23 01:29:40 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2011.06.02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.06.02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.25 01:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.05.09 19:48:58 | 000,014,848 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBTUSB.sys -- (VBTUSB)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.09.15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.03 22:14:11 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.08.03 22:14:10 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.08.03 22:14:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.08.03 22:13:42 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.08.03 22:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.07.31 22:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009.07.31 22:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009.07.31 22:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.27 22:22:05 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 07:12:53 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.11 22:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 22:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.02.13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.11.30 02:46:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007.04.16 21:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{02FF0A38-28CF-4314-B223-D01333C038D7}: "URL" = hxxp://services.zinio.com/search?s={selection}&rf=sonyslices
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{161CF25E-487B-4639-B109-63491DD4AB64}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta
IE - HKCU\..\SearchScopes\{35F5C2F0-22E0-42DA-B7C9-FFD88221E5A7}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.uni-greifswald.de;141.53.*;127.0.0.1;<local>;*.local;192.168.*.*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uni-greifswald.de:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.eclassical.com/pages/daily-deal.html?cache=purge"
FF - prefs.js..extensions.enabledAddons: %7Bd04b0b40-3dab-4f0b-97a6-04ec3eddbfb0%7D:2.0.6
FF - prefs.js..extensions.enabledAddons: azid%40craue.de:0.9.3
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7BAF445D67-154C-4c69-A17B-7F392BCC36A3%7D:4.2.6
FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.13
FF - prefs.js..extensions.enabledAddons: %7B5F590AA2-1221-4113-A6F4-A4BB62414FAC%7D:0.45.8.20130519.3
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: admin%40proxy-listen.de:1.0.4.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: "94.247.25.163"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "94.247.25.163"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "94.247.25.163"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "5.135.81.16"
FF - prefs.js..network.proxy.ftp_port: 7808
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "5.135.81.16"
FF - prefs.js..network.proxy.socks_port: 7808
FF - prefs.js..network.proxy.ssl: "5.135.81.16"
FF - prefs.js..network.proxy.ssl_port: 7808
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 11:06:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.24 11:06:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.24 11:06:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 11:06:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.24 11:06:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.24 11:06:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.01.08 06:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\Extensions
[2010.01.08 06:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.31 23:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions
[2013.05.16 09:52:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.05.21 10:38:40 | 000,000,000 | ---D | M] (Complete YouTube Saver) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
[2013.05.28 22:08:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.30 15:05:45 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013.04.05 00:11:46 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions\ich@maltegoetz.de
[2013.05.31 23:28:08 | 000,013,955 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\admin@proxy-listen.de.xpi
[2013.02.25 02:40:44 | 000,026,709 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\azid@craue.de.xpi
[2012.08.26 20:03:43 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2013.05.25 11:04:43 | 000,043,024 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
[2013.05.25 11:04:43 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.22 11:58:21 | 000,014,314 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013.03.23 19:39:53 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2011.05.17 01:25:09 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2013.05.13 22:59:33 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.05 00:11:45 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2011.04.26 17:01:37 | 000,005,212 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\ecosia.xml
[2012.02.27 19:12:53 | 000,001,919 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\leo-deu-fra.xml
[2011.02.27 18:04:38 | 000,001,906 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\lyricwiki-en.xml
[2013.05.29 11:18:59 | 000,006,438 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\metro-lyrics.xml
[2011.07.01 17:53:56 | 000,004,854 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\qobuz.xml
[2013.04.23 22:58:44 | 000,002,057 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\youtube-videosuche.xml
[2010.08.01 12:26:44 | 000,004,140 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\youtube.xml
[2013.05.22 13:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.05.22 13:24:02 | 000,000,000 | ---D | M] (G Data CloudSecurity) -- C:\Program Files (x86)\Mozilla Firefox\extensions\cloudsecurity@gdata.de
[2013.05.22 13:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.05.22 13:24:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2013.06.04 13:41:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18BEBA22-2117-4AAB-AD9F-91D73468B1FB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.04 17:35:17 | 000,000,000 | ---D | C] -- C:\Users\Thomian\Desktop\trojaner-board logfiles
[2013.06.04 17:25:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.04 17:25:15 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.04 17:16:12 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Thomian\Desktop\JRT.exe
[2013.06.04 13:47:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.04 13:41:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.06.04 13:32:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.04 13:32:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.04 13:32:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.04 13:32:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.04 13:32:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.04 13:27:13 | 005,077,441 | R--- | C] (Swearware) -- C:\Users\Thomian\Desktop\ComboFix.exe
[2013.06.04 10:00:42 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.04 09:58:58 | 001,916,714 | ---- | C] (Farbar) -- C:\Users\Thomian\Desktop\FRST64.exe
[2013.06.03 12:30:52 | 000,000,000 | ---D | C] -- C:\Users\Thomian\Desktop\CD_DVD-Emulatoren mit DeFogger deaktivieren - Trojaner-Board-Dateien
[2013.06.03 12:29:23 | 000,000,000 | ---D | C] -- C:\Users\Thomian\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
[2013.06.03 12:26:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thomian\Desktop\OTL.exe
[2013.06.03 12:22:52 | 000,000,000 | ---D | C] -- C:\Users\Thomian\Desktop\neue MP3
[2013.06.03 01:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KORG
[2013.06.03 01:27:04 | 000,000,000 | ---D | C] -- C:\Users\Thomian\AppData\Roaming\Spotify
[2013.05.24 11:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.24 11:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.05.22 13:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.20 09:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.20 09:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.20 09:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.20 09:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.05.15 21:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.15 03:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avisplit
[2013.05.15 03:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrizAVIJoin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.04 17:29:10 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 17:29:10 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 17:21:24 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.04 17:21:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.04 17:20:57 | 3195,289,600 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.04 17:16:25 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Thomian\Desktop\JRT.exe
[2013.06.04 17:14:52 | 000,632,031 | ---- | M] () -- C:\Users\Thomian\Desktop\adwcleaner.exe
[2013.06.04 17:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.04 17:01:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.04 13:41:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.04 13:29:33 | 005,077,441 | R--- | M] (Swearware) -- C:\Users\Thomian\Desktop\ComboFix.exe
[2013.06.04 09:59:27 | 001,916,714 | ---- | M] (Farbar) -- C:\Users\Thomian\Desktop\FRST64.exe
[2013.06.03 21:55:16 | 000,000,000 | ---- | M] () -- C:\Users\Thomian\defogger_reenable
[2013.06.03 12:50:47 | 002,731,913 | ---- | M] () -- C:\Users\Thomian\Desktop\KISS2-2012i.pdf
[2013.06.03 12:30:53 | 000,036,372 | ---- | M] () -- C:\Users\Thomian\Desktop\CD_DVD-Emulatoren mit DeFogger deaktivieren - Trojaner-Board.htm
[2013.06.03 12:29:24 | 000,070,827 | ---- | M] () -- C:\Users\Thomian\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
[2013.06.03 12:04:22 | 000,377,856 | ---- | M] () -- C:\Users\Thomian\Desktop\gmer_2.1.19163.exe
[2013.06.03 12:03:09 | 000,050,477 | ---- | M] () -- C:\Users\Thomian\Desktop\Defogger.exe
[2013.06.03 12:02:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomian\Desktop\OTL.exe
[2013.06.02 22:06:58 | 001,764,508 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.02 22:06:58 | 000,754,966 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.02 22:06:58 | 000,699,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.02 22:06:58 | 000,172,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.02 22:06:58 | 000,139,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 05:25:57 | 000,456,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.04 17:14:35 | 000,632,031 | ---- | C] () -- C:\Users\Thomian\Desktop\adwcleaner.exe
[2013.06.04 13:32:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.04 13:32:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.04 13:32:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.04 13:32:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.04 13:32:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.03 21:55:16 | 000,000,000 | ---- | C] () -- C:\Users\Thomian\defogger_reenable
[2013.06.03 12:50:47 | 002,731,913 | ---- | C] () -- C:\Users\Thomian\Desktop\KISS2-2012i.pdf
[2013.06.03 12:30:52 | 000,036,372 | ---- | C] () -- C:\Users\Thomian\Desktop\CD_DVD-Emulatoren mit DeFogger deaktivieren - Trojaner-Board.htm
[2013.06.03 12:29:22 | 000,070,827 | ---- | C] () -- C:\Users\Thomian\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
[2013.06.03 12:26:26 | 000,377,856 | ---- | C] () -- C:\Users\Thomian\Desktop\gmer_2.1.19163.exe
[2013.06.03 12:26:26 | 000,050,477 | ---- | C] () -- C:\Users\Thomian\Desktop\Defogger.exe
[2013.04.12 14:57:14 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.04.12 14:48:33 | 000,188,416 | RHS- | C] () -- C:\Windows\SysWow64\winDCE32.dll
[2013.04.12 14:48:32 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.09.29 00:19:12 | 000,000,258 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.09.29 00:19:12 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.09.29 00:18:32 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.08.20 11:33:33 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.20 11:33:33 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9840cd.dat
[2012.08.20 11:33:33 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.12.13 02:27:59 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011.12.13 02:27:59 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2011.12.13 02:27:59 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2011.12.08 18:24:07 | 000,000,548 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer Limited User Burning Service.dat
[2011.11.17 14:27:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011.10.11 13:19:26 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2011.06.23 13:42:06 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.05.08 01:55:01 | 000,039,936 | ---- | C] () -- C:\Users\Thomian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.08 00:52:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.07 17:01:55 | 000,012,841 | ---- | C] () -- C:\Users\Thomian\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.19 16:51:25 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\.minecraft
[2010.08.01 13:49:52 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Amazon
[2012.07.24 00:57:02 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\AriaMaestosa
[2013.06.02 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Audacity
[2013.06.03 01:54:18 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\AudioGate
[2011.07.22 13:01:28 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\avidemux
[2011.07.28 16:49:02 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Canon
[2012.09.25 13:51:16 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\com.linnrecords.DownloadManager
[2012.07.02 15:44:21 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\CUE Tools
[2011.12.07 22:00:28 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\CUERipper
[2011.12.08 18:23:08 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\dBpoweramp
[2010.06.08 16:36:37 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\DownloadFileAIR.6903B6C272B33607D14416197B3950F158CA468A.1
[2013.05.03 10:34:26 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Dropbox
[2013.01.23 08:42:10 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\DVDVideoSoft
[2011.05.25 21:18:17 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\EAC
[2011.08.27 09:53:18 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\eClassical
[2010.12.15 01:12:40 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\FLV Extract
[2013.06.04 17:17:53 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\foobar2000
[2013.06.02 23:57:56 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Gestionnaire de Téléchargements Qobuz
[2010.08.31 17:31:15 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\GrabPro
[2010.01.10 02:43:12 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\InterVideo
[2011.12.09 02:56:37 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\iTSfv
[2013.05.14 17:22:52 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\MediaMonkey
[2012.06.29 14:05:16 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\mp3DirectCut
[2010.04.11 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Mp3tag
[2012.07.24 00:54:27 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\MusE
[2012.08.12 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\MusicBrainz
[2010.08.31 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Orbit
[2010.05.30 02:22:30 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\phonostar GmbH
[2010.08.31 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\ProgSense
[2012.07.30 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\QuickScan
[2012.05.16 01:16:38 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Samsung
[2013.01.13 02:54:40 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\ScummVM
[2013.06.03 01:27:15 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Spotify
[2010.09.27 00:05:47 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\SteelBytes
[2012.07.04 00:45:46 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Thunderbird
[2012.05.21 14:47:28 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\TrueCrypt
 
========== Purity Check ==========
 
 

< End of report >

gruß,
Thomian

schrauber · 04.06.2013, 17:18

Wir haben schon einiges an malware entfernt, jetzt noch nen Onlinescan um Überreste zu entdecken, dann sollten wir durch sein.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und zum Schluss ein frisches OTL log. Noch Probleme mit dem Rechner`?

Thomian · 04.06.2013, 23:10

Hi schrauber,
soll ich wirklich AV & Firewall deaktivieren, während der Rechner am Netz ist? Ist mir irgendwie unheimlich. Ich habe fünf externe Festplatten, aber nur drei Anschlüsse. Soll ich den Eset dann mehrmals laufen lassen? Und der Rechner bleibt die ganze Zeit ungeschützt am Netz? Bin mir da echt unsicher. Kannst du mir noch mal versichern, dass ich das richtig verstanden habe?
Gruß,
Thomian

P.S.
ich komme wahrscheinlich erst morgen (Mittwoch) abend dazu die Scans zu machen.

schrauber · 05.06.2013, 08:15

FW kannst anlassen, aber AV muss aus, da die sich stören. Sonst nix machen am System in der Zeit.

Wenn Du weisst das die anderen Platten sauber sind passt das auch so

Thomian · 06.06.2013, 17:05

Hi schrauber,
wissen tu ichs natürlich nicht...

So... das hat ne Weile gedauert mit den zwei ESET Scans. Aber jetzt bin ich durch. Das Ergebnis des zweiten Scans wurde an das erste logfile angehängt, deshalb poste ich nur das letzte.
Die Datei "BestVideoDownloaderSetup.exe", die beim ersten Scan Alarm geschlagen hat, ist ein Installationsfile für ein Firefox-Plugin, das ich sowieso nicht brauche, und das ich mal testweise runter geladen hatte. Ich habe die Datei gleich gelöscht, weshalb der zweite Scan dann unauffällig war.

ESET logfile:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7c8c112fc5ab3144824510aae88a723d
# engine=14009
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-06 12:12:38
# local_time=2013-06-06 02:12:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 8607972 20545905 0 0
# scanned=353377
# found=1
# cleaned=0
# scan_time=11686
sh=069B8B1B583787A48B70E67A0D21786C7D1531AA ft=1 fh=6122e54101a10d76 vn="multiple threats" ac=I fn="D:\Downloads\BestVideoDownloaderSetup.exe"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7c8c112fc5ab3144824510aae88a723d
# engine=14011
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-06 02:50:31
# local_time=2013-06-06 04:50:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 8617445 20555378 0 0
# scanned=240833
# found=0
# cleaned=0
# scan_time=8467

Dann kommt der SecurityCheck...
checkup.txt:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java(TM) 6 Update 31  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (21.0) 
 Mozilla Thunderbird (17.0.6) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Und zuletzt ein frisches OTL:

Code:

ATTFilter

OTL logfile created on: 06.06.2013 17:42:36 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomian\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,48% Memory free
7,93 Gb Paging File | 6,31 Gb Available in Paging File | 79,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 190,78 Gb Total Space | 13,03 Gb Free Space | 6,83% Space Free | Partition Type: NTFS
Drive D: | 263,67 Gb Total Space | 1,82 Gb Free Space | 0,69% Space Free | Partition Type: NTFS
 
Computer Name: THOMIAN-PC | User Name: Thomian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.03 12:02:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomian\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012.05.16 01:22:27 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.04.27 02:13:06 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.12.08 18:24:07 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Illustrate\dBpoweramp\NMSAccessU.exe
PRC - [2010.11.23 19:26:00 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
PRC - [2010.05.07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.01.07 13:29:30 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
PRC - [2009.07.01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.07.01 12:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.05.26 10:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.04 13:53:36 | 000,115,137 | ---- | M] () -- C:\Users\Thomian\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
MOD - [2013.05.15 05:30:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.15 05:29:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.15 03:06:23 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013.05.15 03:06:05 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013.05.15 03:05:59 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013.05.15 03:05:49 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013.05.15 03:05:47 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013.05.15 03:05:44 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013.02.17 02:04:24 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.01.13 15:23:42 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013.01.13 15:21:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013.01.13 15:20:57 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.11 18:10:19 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.11 18:09:57 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.11 18:09:52 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.11 18:09:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.11 16:00:54 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.11 16:00:26 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.11 16:00:22 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.11 16:00:20 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.11 16:00:13 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.05.16 01:22:27 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.23 19:26:00 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.10.01 13:06:52 | 002,278,912 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\QtCore4.dll
MOD - [2010.09.10 15:07:26 | 000,416,256 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\plugins\sqldrivers\qsqlite4.dll
MOD - [2010.09.10 12:20:48 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\QtGui4.dll
MOD - [2010.09.10 12:06:58 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\QtSql4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.27 22:22:02 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.22 13:24:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 01:11:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2011.12.08 18:24:07 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Illustrate\dBpoweramp\NMSAccessU.exe -- (NMSAccessU)
SRV - [2011.05.19 20:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.10.25 18:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.10.25 18:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.10.12 16:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.09.27 16:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010.09.27 16:13:22 | 000,312,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2010.09.27 16:13:22 | 000,303,872 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2010.09.27 16:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.09.10 09:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.09.10 09:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010.05.07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.07 13:18:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.07.24 06:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2009.07.16 10:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.26 12:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.06.26 12:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.21 14:42:35 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.04.12 10:49:42 | 000,096,768 | ---- | M] (Zoom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zmr16usbaudio.sys -- (ZOOM_R16MTR)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.07.23 01:29:40 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2011.06.02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.06.02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.25 01:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.05.09 19:48:58 | 000,014,848 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBTUSB.sys -- (VBTUSB)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.09.15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.03 22:14:11 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.08.03 22:14:10 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.08.03 22:14:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.08.03 22:13:42 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.08.03 22:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.07.31 22:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009.07.31 22:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009.07.31 22:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.27 22:22:05 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 07:12:53 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.11 22:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 22:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.02.13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.11.30 02:46:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007.04.16 21:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{02FF0A38-28CF-4314-B223-D01333C038D7}: "URL" = hxxp://services.zinio.com/search?s={selection}&rf=sonyslices
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{161CF25E-487B-4639-B109-63491DD4AB64}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta
IE - HKCU\..\SearchScopes\{35F5C2F0-22E0-42DA-B7C9-FFD88221E5A7}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.uni-greifswald.de;141.53.*;127.0.0.1;<local>;*.local;192.168.*.*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uni-greifswald.de:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.eclassical.com/pages/daily-deal.html?cache=purge"
FF - prefs.js..extensions.enabledAddons: %7Bd04b0b40-3dab-4f0b-97a6-04ec3eddbfb0%7D:2.0.6
FF - prefs.js..extensions.enabledAddons: azid%40craue.de:0.9.3
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7BAF445D67-154C-4c69-A17B-7F392BCC36A3%7D:4.2.6
FF - prefs.js..extensions.enabledAddons: %7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.5.13
FF - prefs.js..extensions.enabledAddons: %7B5F590AA2-1221-4113-A6F4-A4BB62414FAC%7D:0.45.8.20130519.3
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: admin%40proxy-listen.de:1.0.4.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: "94.247.25.163"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "94.247.25.163"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "94.247.25.163"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "5.135.81.16"
FF - prefs.js..network.proxy.ftp_port: 7808
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "5.135.81.16"
FF - prefs.js..network.proxy.socks_port: 7808
FF - prefs.js..network.proxy.ssl: "5.135.81.16"
FF - prefs.js..network.proxy.ssl_port: 7808
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 11:06:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.24 11:06:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.24 11:06:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 11:06:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.24 11:06:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.24 11:06:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.01.08 06:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\Extensions
[2010.01.08 06:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.31 23:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions
[2013.05.16 09:52:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.05.21 10:38:40 | 000,000,000 | ---D | M] (Complete YouTube Saver) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
[2013.05.28 22:08:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.30 15:05:45 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013.04.05 00:11:46 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Thomian\AppData\Roaming\mozilla\Firefox\Profiles\uawh0jg6.default\extensions\ich@maltegoetz.de
[2013.05.31 23:28:08 | 000,013,955 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\admin@proxy-listen.de.xpi
[2013.02.25 02:40:44 | 000,026,709 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\azid@craue.de.xpi
[2012.08.26 20:03:43 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2013.05.25 11:04:43 | 000,043,024 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
[2013.05.25 11:04:43 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.22 11:58:21 | 000,014,314 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013.03.23 19:39:53 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2011.05.17 01:25:09 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2013.05.13 22:59:33 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.05 00:11:45 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2011.04.26 17:01:37 | 000,005,212 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\ecosia.xml
[2012.02.27 19:12:53 | 000,001,919 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\leo-deu-fra.xml
[2011.02.27 18:04:38 | 000,001,906 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\lyricwiki-en.xml
[2013.05.29 11:18:59 | 000,006,438 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\metro-lyrics.xml
[2011.07.01 17:53:56 | 000,004,854 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\qobuz.xml
[2013.04.23 22:58:44 | 000,002,057 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\youtube-videosuche.xml
[2010.08.01 12:26:44 | 000,004,140 | ---- | M] () -- C:\Users\Thomian\AppData\Roaming\mozilla\firefox\profiles\uawh0jg6.default\searchplugins\youtube.xml
[2013.05.22 13:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.05.22 13:24:02 | 000,000,000 | ---D | M] (G Data CloudSecurity) -- C:\Program Files (x86)\Mozilla Firefox\extensions\cloudsecurity@gdata.de
[2013.05.22 13:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.05.22 13:24:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2013.06.04 13:41:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18BEBA22-2117-4AAB-AD9F-91D73468B1FB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.04 23:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.06.04 22:47:19 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Thomian\Desktop\esetsmartinstaller_enu.exe
[2013.06.04 17:35:17 | 000,000,000 | ---D | C] -- C:\Users\Thomian\Desktop\trojaner-board logfiles
[2013.06.04 17:25:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.04 17:25:15 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.04 17:16:12 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Thomian\Desktop\JRT.exe
[2013.06.04 13:47:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.04 13:41:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.06.04 13:32:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.04 13:32:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.04 13:32:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.04 13:32:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.04 13:32:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.04 13:27:13 | 005,077,441 | R--- | C] (Swearware) -- C:\Users\Thomian\Desktop\ComboFix.exe
[2013.06.04 10:00:42 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.04 09:58:58 | 001,916,714 | ---- | C] (Farbar) -- C:\Users\Thomian\Desktop\FRST64.exe
[2013.06.03 12:30:52 | 000,000,000 | ---D | C] -- C:\Users\Thomian\Desktop\CD_DVD-Emulatoren mit DeFogger deaktivieren - Trojaner-Board-Dateien
[2013.06.03 12:29:23 | 000,000,000 | ---D | C] -- C:\Users\Thomian\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
[2013.06.03 12:26:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thomian\Desktop\OTL.exe
[2013.06.03 12:22:52 | 000,000,000 | ---D | C] -- C:\Users\Thomian\Desktop\neue MP3
[2013.06.03 01:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KORG
[2013.06.03 01:27:04 | 000,000,000 | ---D | C] -- C:\Users\Thomian\AppData\Roaming\Spotify
[2013.05.24 11:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.24 11:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.05.22 13:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.20 09:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.20 09:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.20 09:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.20 09:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.05.15 21:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.15 03:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avisplit
[2013.05.15 03:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrizAVIJoin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.06 17:41:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.06 17:40:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.06 17:40:34 | 3195,289,600 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.06 17:36:53 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 17:36:53 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 17:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.06 17:01:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.06 14:25:58 | 001,764,508 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.06 14:25:58 | 000,754,966 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.06 14:25:58 | 000,699,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.06 14:25:58 | 000,172,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.06 14:25:58 | 000,139,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.06 10:39:37 | 000,890,839 | ---- | M] () -- C:\Users\Thomian\Desktop\SecurityCheck.exe
[2013.06.06 10:39:06 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Thomian\Desktop\esetsmartinstaller_enu.exe
[2013.06.04 17:16:25 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Thomian\Desktop\JRT.exe
[2013.06.04 17:14:52 | 000,632,031 | ---- | M] () -- C:\Users\Thomian\Desktop\adwcleaner.exe
[2013.06.04 13:41:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.04 13:29:33 | 005,077,441 | R--- | M] (Swearware) -- C:\Users\Thomian\Desktop\ComboFix.exe
[2013.06.04 09:59:27 | 001,916,714 | ---- | M] (Farbar) -- C:\Users\Thomian\Desktop\FRST64.exe
[2013.06.03 21:55:16 | 000,000,000 | ---- | M] () -- C:\Users\Thomian\defogger_reenable
[2013.06.03 12:50:47 | 002,731,913 | ---- | M] () -- C:\Users\Thomian\Desktop\KISS2-2012i.pdf
[2013.06.03 12:30:53 | 000,036,372 | ---- | M] () -- C:\Users\Thomian\Desktop\CD_DVD-Emulatoren mit DeFogger deaktivieren - Trojaner-Board.htm
[2013.06.03 12:29:24 | 000,070,827 | ---- | M] () -- C:\Users\Thomian\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
[2013.06.03 12:04:22 | 000,377,856 | ---- | M] () -- C:\Users\Thomian\Desktop\gmer_2.1.19163.exe
[2013.06.03 12:03:09 | 000,050,477 | ---- | M] () -- C:\Users\Thomian\Desktop\Defogger.exe
[2013.06.03 12:02:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomian\Desktop\OTL.exe
[2013.05.15 05:25:57 | 000,456,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.04 22:48:51 | 000,890,839 | ---- | C] () -- C:\Users\Thomian\Desktop\SecurityCheck.exe
[2013.06.04 17:14:35 | 000,632,031 | ---- | C] () -- C:\Users\Thomian\Desktop\adwcleaner.exe
[2013.06.04 13:32:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.04 13:32:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.04 13:32:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.04 13:32:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.04 13:32:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.03 21:55:16 | 000,000,000 | ---- | C] () -- C:\Users\Thomian\defogger_reenable
[2013.06.03 12:50:47 | 002,731,913 | ---- | C] () -- C:\Users\Thomian\Desktop\KISS2-2012i.pdf
[2013.06.03 12:30:52 | 000,036,372 | ---- | C] () -- C:\Users\Thomian\Desktop\CD_DVD-Emulatoren mit DeFogger deaktivieren - Trojaner-Board.htm
[2013.06.03 12:29:22 | 000,070,827 | ---- | C] () -- C:\Users\Thomian\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
[2013.06.03 12:26:26 | 000,377,856 | ---- | C] () -- C:\Users\Thomian\Desktop\gmer_2.1.19163.exe
[2013.06.03 12:26:26 | 000,050,477 | ---- | C] () -- C:\Users\Thomian\Desktop\Defogger.exe
[2013.04.12 14:57:14 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.04.12 14:48:33 | 000,188,416 | RHS- | C] () -- C:\Windows\SysWow64\winDCE32.dll
[2013.04.12 14:48:32 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.09.29 00:19:12 | 000,000,258 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.09.29 00:19:12 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.09.29 00:18:32 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.08.20 11:33:33 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.20 11:33:33 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9840cd.dat
[2012.08.20 11:33:33 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.12.13 02:27:59 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011.12.13 02:27:59 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2011.12.13 02:27:59 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2011.12.08 18:24:07 | 000,000,548 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer Limited User Burning Service.dat
[2011.11.17 14:27:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011.10.11 13:19:26 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2011.06.23 13:42:06 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.05.08 01:55:01 | 000,039,936 | ---- | C] () -- C:\Users\Thomian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.08 00:52:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.07 17:01:55 | 000,012,841 | ---- | C] () -- C:\Users\Thomian\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.19 16:51:25 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\.minecraft
[2010.08.01 13:49:52 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Amazon
[2012.07.24 00:57:02 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\AriaMaestosa
[2013.06.02 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Audacity
[2013.06.03 01:54:18 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\AudioGate
[2011.07.22 13:01:28 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\avidemux
[2011.07.28 16:49:02 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Canon
[2012.09.25 13:51:16 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\com.linnrecords.DownloadManager
[2012.07.02 15:44:21 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\CUE Tools
[2011.12.07 22:00:28 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\CUERipper
[2011.12.08 18:23:08 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\dBpoweramp
[2010.06.08 16:36:37 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\DownloadFileAIR.6903B6C272B33607D14416197B3950F158CA468A.1
[2013.05.03 10:34:26 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Dropbox
[2013.01.23 08:42:10 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\DVDVideoSoft
[2011.05.25 21:18:17 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\EAC
[2011.08.27 09:53:18 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\eClassical
[2010.12.15 01:12:40 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\FLV Extract
[2013.06.04 17:17:53 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\foobar2000
[2013.06.02 23:57:56 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Gestionnaire de Téléchargements Qobuz
[2010.08.31 17:31:15 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\GrabPro
[2010.01.10 02:43:12 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\InterVideo
[2011.12.09 02:56:37 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\iTSfv
[2013.05.14 17:22:52 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\MediaMonkey
[2012.06.29 14:05:16 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\mp3DirectCut
[2010.04.11 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Mp3tag
[2012.07.24 00:54:27 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\MusE
[2012.08.12 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\MusicBrainz
[2010.08.31 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Orbit
[2010.05.30 02:22:30 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\phonostar GmbH
[2010.08.31 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\ProgSense
[2012.07.30 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\QuickScan
[2012.05.16 01:16:38 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Samsung
[2013.01.13 02:54:40 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\ScummVM
[2013.06.03 01:27:15 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Spotify
[2010.09.27 00:05:47 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\SteelBytes
[2012.07.04 00:45:46 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\Thunderbird
[2012.05.21 14:47:28 | 000,000,000 | ---D | M] -- C:\Users\Thomian\AppData\Roaming\TrueCrypt
 
========== Purity Check ==========
 
 

< End of report >

LG,
Thomian

schrauber · 06.06.2013, 18:23

Adobe Reader bitte updaten. Noch Probleme?

Thomian · 07.06.2013, 12:45

Danke schrauber...

bisher gabs keine Virusmeldung mehr... Der Rechner scheint stabil zu laufen, auch wieder ein wenig schneller als zuvor, v.a. das Hochfahren geht wieder schneller. Kann aber auch daran liegen, dass ich zwei VAIO Programme für die Analysen abgeschaltet habe, die zuvor im Autostart mitgeladen wurden. :-)

Adobe habe ich geupdated.
Hier das letzte Sicherheitscheckup:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java(TM) 6 Update 31  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader XI  
 Mozilla Firefox (21.0) 
 Mozilla Thunderbird (17.0.6) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

War denn gefährliche Malware dabei? Ist der Rechner jetzt sauber?

LG, Thomian

P.S. Jetzt überlege ich, ob ich mir nicht noch den Rechner meiner Freundin vornehmen soll. Wir tauschen auch immer wieder Daten aus. Und ihr AV Programm scheint immer mal wieder abzustürzen.

schrauber · 07.06.2013, 14:52

Bissl Adware-Kram und so

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Thomian · 13.06.2013, 15:50

Lieber schrauber,
danke für die vielen Tipps. Ich hab mir die Programme mal runtergeladen und ausprobiert. Die MalwareBytes, den SpywareBlaster und den TFC werde ich auf alle Fälle behalten.
danke dir für deine Begleitung. Bisher gabs keine Probleme mehr mit dem Rechner.
du kannst den Thread aus deinen Abos löschen.
Gruß
Thomian

06.06.2013, 18:23	#12
schrauber /// the machine /// TB-Ausbilder	TrojanDownloader:Win32/Adload.DA Adobe Reader bitte updaten. Noch Probleme? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

TrojanDownloader:Win32/Adload.DA

Log-Analyse und Auswertung: TrojanDownloader:Win32/Adload.DA