Kann Trojaner "win32.katusha.o " nicht entfernen!

Whooop · 15.12.2011, 18:00

Hallo Leute,

Bin ganz neu hier, denn ich hab ein Problem, und hoffe ihr könnt mir helfen. Hab Spybot-SD auf meinem Rechner, und als ich es das letzte mal durchlaufen ließ zeigte es mir diesen "win32.katsuha.o" -Trojaner an! Jedoch schlagten alle Versuche das Ding wegzubekommen fehl. Ich hoffe ihr könnt mir weiterhelfen!

PS: Was die Informatik angeht bin ich ein Leihe

Chris4You · 15.12.2011, 19:34

Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

chris

Whooop · 16.12.2011, 16:09

Hier de Malwarebyte Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6610

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

18.05.2011 16:12:24
mbam-log-2011-05-18 (16-12-24).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 137837
Laufzeit: 5 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\programdata\fjhjiqofibapkso.exe (Rogue.Installer.Gen) -> 2376 -> Unloaded process successfully.
c:\programdata\29679352.exe (Trojan.FakeAlert.Gen) -> 3108 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fJhJIqofiBapKso (Rogue.Installer.Gen) -> Value: fJhJIqofiBapKso -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\fjhjiqofibapkso.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\chrissi\AppData\Local\Temp\0.8041202345786642.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\programdata\29679352.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Whooop · 16.12.2011, 17:23

Edit: Doppelpost sorry.

Whooop · 16.12.2011, 17:26

OK und hier die OTL Logs:

OTL.Txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.12.2011 16:17:03 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\chrissi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 44,62% Memory free
6,73 Gb Paging File | 3,97 Gb Available in Paging File | 58,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,42 Gb Total Space | 132,54 Gb Free Space | 57,02% Space Free | Partition Type: NTFS
Drive E: | 231,87 Gb Total Space | 178,45 Gb Free Space | 76,96% Space Free | Partition Type: NTFS
Drive F: | 55,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRISSI-PC | User Name: chrissi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\LoL-Replay-Recorder\LOLReplay\LOLRecorder.exe (LOL Replay)
PRC - C:\Users\chrissi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Riot Games\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\League of Legends.exe ()
PRC - C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe ()
PRC - C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.0.114\deploy\LolClient.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\RocketDock\RocketDock.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - E:\LoL-Replay-Recorder\LOLReplay\LOLUtils.dll ()
MOD - C:\Riot Games\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\rads.dll ()
MOD - C:\Riot Games\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\League of Legends.exe ()
MOD - E:\LoL-Replay-Recorder\LOLReplay\Air.dll ()
MOD - E:\LoL-Replay-Recorder\LOLReplay\Launcher.dll ()
MOD - E:\LoL-Replay-Recorder\LOLReplay\Compression.dll ()
MOD - E:\LoL-Replay-Recorder\LOLReplay\Recorder.dll ()
MOD - C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\22e853d2fe1435baa459685dee7ce7b7\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\244632c797f8e7997b177a96806afa5c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\525882eedcc1764d44cff3da55c1b047\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Riot Games\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\util.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
MOD - C:\Programme\RocketDock\RocketDock.exe ()
MOD - C:\Programme\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) --  File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b427739.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (BlueSoleilCS) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsHelpCS) -- C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (LVUVC) Logitech Webcam 300(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (BTNetFilter) -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.0&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "de.search-results.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.1&q="
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.14 22:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2010.11.05 19:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrissi\AppData\Roaming\mozilla\Extensions
[2011.12.15 13:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions
[2011.02.04 20:48:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.07 18:00:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.07 18:00:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.24 15:14:47 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\DTToolbar@toolbarnet.com
[2011.05.24 15:14:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\engine@conduit.com
[2011.04.27 20:55:10 | 000,000,000 | ---D | M] (vShare) -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\vshare@toolbar
[2011.04.14 09:22:10 | 000,000,873 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\conduit.xml
[2011.05.23 19:34:06 | 000,002,342 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icq-search.xml
[2011.05.17 08:55:20 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-1.xml
[2011.08.16 19:53:06 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-10.xml
[2011.08.18 19:37:16 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-11.xml
[2011.09.02 15:47:50 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-12.xml
[2011.09.07 15:52:40 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-13.xml
[2011.09.22 14:09:35 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-14.xml
[2011.09.27 20:52:34 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-15.xml
[2011.10.04 23:35:34 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-16.xml
[2011.11.08 15:17:23 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-17.xml
[2011.11.14 22:41:26 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-18.xml
[2011.11.14 22:42:27 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-19.xml
[2011.02.21 14:28:02 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-2.xml
[2011.12.09 13:31:58 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-20.xml
[2011.03.03 13:23:30 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-3.xml
[2011.03.05 01:05:01 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-4.xml
[2011.03.23 19:29:11 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-5.xml
[2011.03.27 00:39:11 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-6.xml
[2011.05.29 13:48:36 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-7.xml
[2011.07.04 10:04:31 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-8.xml
[2011.07.15 22:40:50 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin.xml
[2011.04.27 20:55:28 | 000,001,583 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\web-search.xml
[2011.11.10 18:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.10 18:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.14 22:05:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKCU..\Run: [Overwolf] C:\Program Files\Overwolf\Overwolf.exe -silent File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAFB8B9-39F3-4C5A-8B14-914E1FA4321D}: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB4876E1-60D9-4374-A2FB-29351A59450E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\chrissi\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\chrissi\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.02.22 08:47:12 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{23290e40-e685-11df-aa0a-001c2583e192}\Shell - "" = AutoRun
O33 - MountPoints2\{23290e40-e685-11df-aa0a-001c2583e192}\Shell\AutoRun\command - "" = L:\pushinst.exe
O33 - MountPoints2\{ce9c7830-e67e-11df-a43c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ce9c7830-e67e-11df-a43c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\DWizard.exe -- [2011.03.08 10:02:08 | 001,046,912 | R--- | M] (D-Link Corp.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.16 16:13:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chrissi\Desktop\OTL.exe
[2011.12.15 03:02:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.15 03:02:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.15 03:02:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.15 03:02:32 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.15 03:02:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.15 03:02:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 07:29:47 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 07:29:47 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 07:29:44 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 07:29:42 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 07:29:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 07:29:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.03 13:56:19 | 000,000,000 | ---D | C] -- C:\Users\chrissi\AppData\Roaming\Google
[2011.12.03 13:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.12.03 13:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011.11.30 17:37:13 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.28 21:49:10 | 000,000,000 | ---D | C] -- C:\Users\chrissi\Documents\888poker
[2011.11.28 21:49:09 | 000,000,000 | ---D | C] -- C:\Users\chrissi\Start Menu
[2011.11.28 21:49:09 | 000,000,000 | ---D | C] -- C:\Users\chrissi\Application Data
[2011.11.28 21:49:09 | 000,000,000 | ---D | C] -- C:\Users\chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
[2011.11.28 21:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
[2011.11.28 21:48:23 | 000,000,000 | ---D | C] -- C:\Users\chrissi\AppData\Roaming\PacificPoker
[2011.11.28 21:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\PacificPoker
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.16 17:01:15 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.16 16:15:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chrissi\Desktop\OTL.exe
[2011.12.16 15:44:36 | 000,005,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 15:44:36 | 000,005,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 15:25:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.16 14:01:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.16 13:54:01 | 000,000,961 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2011.12.16 13:51:02 | 000,000,520 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2011.12.16 13:50:48 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.16 13:50:48 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.16 13:50:48 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.16 13:50:48 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.16 13:47:23 | 000,005,100 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
[2011.12.16 13:47:23 | 000,000,102 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
[2011.12.16 13:44:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.12.16 13:44:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.16 13:44:26 | 3487,039,488 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.16 13:44:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.12.15 03:24:05 | 000,279,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.09 19:23:57 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.03 12:00:49 | 000,000,680 | ---- | M] () -- C:\Users\chrissi\AppData\Local\d3d9caps.dat
[2011.11.28 21:49:09 | 000,001,835 | ---- | M] () -- C:\Users\chrissi\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.11.18 21:40:54 | 000,003,763 | ---- | M] () -- C:\Windows\System32\SHORTCUT.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.28 21:49:09 | 000,001,835 | ---- | C] () -- C:\Users\chrissi\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2011.11.22 21:37:16 | 000,000,680 | ---- | C] () -- C:\Users\chrissi\AppData\Local\d3d9caps.dat
[2011.11.17 21:27:02 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.07.20 13:14:39 | 000,003,763 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2011.07.20 13:14:29 | 000,000,520 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2011.07.20 13:14:26 | 000,005,100 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2011.07.20 13:14:24 | 000,000,102 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2011.07.20 13:09:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2011.06.06 20:31:22 | 000,029,696 | ---- | C] () -- C:\Windows\System32\SynCtrld.dll
[2011.05.18 16:18:32 | 002,771,968 | ---- | C] () -- C:\Windows\System32\wxmsw28u_core_vc_custom.dll
[2011.05.18 16:18:32 | 001,163,776 | ---- | C] () -- C:\Windows\System32\wxbase28u_vc_custom.dll
[2011.05.18 16:18:32 | 000,681,472 | ---- | C] () -- C:\Windows\System32\wxmsw28u_adv_vc_custom.dll
[2011.05.18 16:18:32 | 000,492,032 | ---- | C] () -- C:\Windows\System32\wxmsw28u_xrc_vc_custom.dll
[2011.05.18 16:18:32 | 000,470,528 | ---- | C] () -- C:\Windows\System32\wxmsw28u_html_vc_custom.dll
[2011.05.18 16:18:32 | 000,119,808 | ---- | C] () -- C:\Windows\System32\wxbase28u_net_vc_custom.dll
[2011.05.18 16:18:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\wxbase28u_xml_vc_custom.dll
[2011.05.18 10:51:11 | 000,000,136 | ---- | C] () -- C:\ProgramData\~29679352r
[2011.05.18 10:51:11 | 000,000,112 | ---- | C] () -- C:\ProgramData\~29679352
[2011.05.18 10:51:06 | 000,000,392 | ---- | C] () -- C:\ProgramData\29679352
[2011.04.24 14:58:29 | 000,029,239 | ---- | C] () -- C:\Users\chrissi\AppData\Roaming\UserTile.png
[2011.04.20 17:30:06 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.04.13 21:01:36 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.04.01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.04.01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 03:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.24 21:02:41 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.03.24 21:02:40 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.01.23 01:44:44 | 000,000,016 | ---- | C] () -- C:\Users\chrissi\AppData\Local\mxfilerelatedcache.mxc2
[2011.01.12 16:53:54 | 000,027,136 | ---- | C] () -- C:\Users\chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.25 20:43:54 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2010.11.27 20:48:31 | 000,000,016 | ---- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2010.11.15 14:08:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.11.14 20:45:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.11.14 20:45:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.11.07 16:28:31 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.07 15:55:14 | 000,000,016 | ---- | C] () -- C:\Users\chrissi\AppData\Roaming\mxfilerelatedcache.mxc2
[2010.11.05 19:19:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.29 02:13:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.05.07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.09.07 14:42:42 | 000,000,961 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2009.09.02 08:39:46 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2009.06.17 13:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2007.09.14 09:27:05 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.09.14 09:12:14 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.09.14 08:44:13 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007.09.14 08:44:13 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007.09.14 08:40:24 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.09.14 07:25:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.14 07:24:00 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2006.12.05 12:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,279,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

--- --- ---

Und hier Extras.Txt:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 16.12.2011 16:17:03 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\chrissi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 44,62% Memory free
6,73 Gb Paging File | 3,97 Gb Available in Paging File | 58,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,42 Gb Total Space | 132,54 Gb Free Space | 57,02% Space Free | Partition Type: NTFS
Drive E: | 231,87 Gb Total Space | 178,45 Gb Free Space | 76,96% Space Free | Partition Type: NTFS
Drive F: | 55,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRISSI-PC | User Name: chrissi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064D277C-2B5E-495B-8BDF-4003ECAD095F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{084462B1-16AC-4FDC-9041-93B3B8D73DE6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{13031F3E-A711-49A5-9AE6-D05CA0D9E66F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{13C13A6A-AAA2-47D3-8BD8-D21BA77E1062}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{248ACD20-6446-4D68-8712-F8B2E0B75DEF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{29C0FB97-D42A-4C6E-A7A7-2C3B62CF5A66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{35CA62E4-07A4-4687-8B5C-7D1D7055AD78}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3C72AF5E-5D56-4080-B0A6-21E52A0A9A9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FA86441-5A8B-42BD-B5DA-5E33ED577C66}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{48B35770-35ED-46EF-BBC7-C7940DB709F0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4EA3BA4F-9CD5-47AE-B05E-396110C72BC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4ED4E4B4-72A8-45A6-84DB-10923A5746C4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{52ED4731-8C11-4FC7-B8F9-08EE1B6F1812}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{537E24DE-FCD4-433B-91B8-7A99B1EC30E0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{66E0ACED-35CF-4635-9B55-1377ABAB012E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7AE1463E-6C81-48C1-8145-D94D1C58BC60}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{7BF7F4B2-C26B-4EFE-B0A6-DDECABD98C53}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7F16868E-C9A0-4065-B5FF-A908BE20626D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{84AC8888-F035-426E-8DC6-8829D4437EE0}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{8A1F645C-7D2B-402A-A99F-07AD8B56DB2D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9410A213-348C-42B2-9F2F-F67ED3CA3C16}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{A0FCE890-F079-46E9-B183-CBADECD7C761}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A277DAB5-1EDF-4B88-BAC4-277DF78AC08E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AA4E41E7-97F0-412E-95F7-A3DD3502B143}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AC254002-BB55-4AF2-A522-C9CE640998E4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B4843945-489A-4DB4-BF9A-34F1386CE0AF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B49D5132-7AB9-4F82-BB74-3392B4CC22F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CC13D5BE-C47F-481A-B9F0-5144B14163A1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CD6D8D00-E03E-4924-95A1-420927185B01}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F269117A-991E-4D40-A3B2-AFCA56112B6B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074737B2-409A-487D-9957-121CBD1EA48A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0851617E-5B0C-4A9A-AA60-B12EF63DA3AA}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{0A953E24-BF5A-4330-A6A7-709219C54E5E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{0CEA3D9A-4C17-45B2-B135-87641E9EFDC2}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{1202C8D9-AE26-4544-A929-5648685D8B1B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{1E8830FF-32D1-4AD2-B88F-F802E6EE7027}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{24A65FAB-9906-4B5F-BEEE-16DD1987F4E6}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{25733426-1A51-4E6B-8096-0234312AB94F}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{29DAF9D5-F42D-4B57-B5FA-DBD4DEA102B4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2ADECDCE-30CD-4E01-B0C6-228563F6D419}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2B6AC8D4-DE2D-49C7-BE48-C1716E44A26A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2C3E90DD-9075-4446-B54B-008C6C63FCA9}" = protocol=17 | dir=in | app=e:\lol\air\lolclient.exe | 
"{2CE58316-76DF-44FD-AE80-7BC3971E2B72}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2CF6AE8A-37EB-4148-B245-8E285F065AA9}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{30FE187F-537A-456A-8968-8006F3E04C02}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{3B41FF2F-9247-43F8-A795-222B2E30A760}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{49BF9886-405B-40E2-B0E2-2E663D5F8D2B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{4E627823-3D53-44F9-9A82-F7B2AA601DE3}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{5237AE6F-A1FA-44FD-BD8B-8C7AC3A0A1D5}" = protocol=6 | dir=in | app=e:\lol\air\lolclient.exe | 
"{56531CDF-DBBF-409C-9D6E-69C571D1EA61}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{56916305-0F5C-42A9-8CE5-ABD671F77715}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5969E05C-6116-4987-BE7D-0144ED667F1A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5A96F0B9-7DCB-490E-AB9C-7E110673628C}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{5AD1CD0A-65E2-45CE-B16B-1D6BCE8E6C69}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5BE5274C-25D3-4D7A-B605-40F4B1AE8EC8}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{603D2E58-DE8E-4DEC-9F54-59B5E8CACE6F}" = protocol=6 | dir=in | app=e:\neuer ordner\battlefield 3™\bf3.exe | 
"{636CBEFE-2024-47DD-A11D-215A0A3B1FE4}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{65EB8D6D-9444-4987-BE67-CB2E0E0066F3}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"{67471619-4D3F-4E02-ABFA-AEC27EDBC90C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{68F1B1D5-F84C-4405-8675-B19E37C40E47}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{6ADF50DF-1D23-4E78-BF18-035FA7E9CE83}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{71C67CBF-194E-40BB-ACCB-DF55AFC7D45F}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{7B6CEAC2-3327-433B-A334-4AB4657AA083}" = protocol=17 | dir=in | app=e:\games\cod 4\iw3mp.exe | 
"{7B93AFB9-47F4-43D5-BAF6-D6327B9BC456}" = protocol=17 | dir=in | app=c:\users\chrissi\appdata\local\akamai\netsession_win.exe | 
"{80767071-7349-4059-8E75-B0BF99E230D7}" = protocol=6 | dir=in | app=c:\users\chrissi\appdata\local\akamai\netsession_win.exe | 
"{81F6AF84-63B4-4B40-96DA-3A9A3D3B35F6}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{87BBB1B8-A344-4E0F-9233-6DF7546950E5}" = protocol=6 | dir=in | app=e:\games\cod 4\iw3mp.exe | 
"{905D8CC2-E518-4F12-B938-8DE8A1D3E6C6}" = protocol=6 | dir=in | app=e:\lol\game\league of legends.exe | 
"{957B2E8E-5EF8-42EF-969C-9EC58C56B6CB}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"{9877DFCE-938D-41C4-9A89-E14797934772}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{9DDDD455-E585-460A-A659-04BA89C7E776}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{A34F5E76-C9C4-4FD3-ABFF-62BF437416A4}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{A8D17BA6-35A9-4289-AE54-4808161D8CA8}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{ADAFA745-2C4D-4A49-84F7-3D24F5A60F79}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{ADFF0A6D-DC66-4531-A5B0-66B2B0AD1B42}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{AFFC792F-BAFF-48DB-8DBE-0800B7D6B698}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B1F6F35B-474C-4F70-B625-578E128AD749}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B64F4DB8-E6F7-4089-8D25-E71A241C058A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C0A12C6B-C9D3-43F7-96FB-A807FF73F2F7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{C8D6DECF-69BB-4DF4-B8E0-A1EA84A65CED}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{CD83C0C6-8056-46BE-B2A4-BCFE354C8BAA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D0F786F7-3433-41BA-9235-3BD8B3331663}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D32C5F1B-109C-4A68-87CA-0091A65A16D0}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{D79FC7A6-B87D-40A3-B01B-801771E2DEB6}" = protocol=17 | dir=in | app=e:\lol\game\league of legends.exe | 
"{DAD9539C-7631-4546-93FE-EEAA6F0FFA78}" = protocol=17 | dir=in | app=e:\neuer ordner\battlefield 3™\bf3.exe | 
"{DE23916D-4CED-491D-9620-8A8E5AC722F6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{E163CE18-BEF9-4D5B-B645-342DB0EB70CB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{E39BA6BA-BE23-4454-B239-AFAD66FDD48C}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{FF13099D-C70A-46FE-B917-B02B44AA5B75}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"TCP Query User{15A2863C-B2E3-4049-96A2-D95DE50EF82B}E:\lol-recorder\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=e:\lol-recorder\lolreplay\lolreplay.exe | 
"TCP Query User{165FE0D7-B93F-4206-879C-B0D97823B8FE}C:\users\chrissi\downloads\runes_of_magic_4_0_1_2430_eu_full.exe" = protocol=6 | dir=in | app=c:\users\chrissi\downloads\runes_of_magic_4_0_1_2430_eu_full.exe | 
"TCP Query User{28AC6C9D-B224-4EB8-A9D5-5E7FAC0C5D8C}E:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{6D26FBB5-CB46-48C9-A24A-8A7624261F12}E:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\blizzard downloader.exe | 
"TCP Query User{78BBB590-115D-4194-B4FC-254AD2CECF48}C:\wolfteam\wolfteam.bin" = protocol=6 | dir=in | app=c:\wolfteam\wolfteam.bin | 
"TCP Query User{7A87285C-22DF-406D-BDD4-E8DCAAA89F07}E:\lol-replay-recorder\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=e:\lol-replay-recorder\lolreplay\lolreplay.exe | 
"TCP Query User{7DC47451-5A96-4190-97C9-37204E30AF4E}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | 
"TCP Query User{8F3586E6-433B-42EB-BF4F-DCC0A98386D8}E:\cod\cod !\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\cod\cod !\call of duty black ops\blackops.exe | 
"TCP Query User{935F9038-BAEF-43BD-9AB2-FD5BA8AA5387}E:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"TCP Query User{938A6979-E1FC-4923-B608-81C8EF58DD65}E:\games\ut\system\unrealtournament.exe" = protocol=6 | dir=in | app=e:\games\ut\system\unrealtournament.exe | 
"TCP Query User{986570D6-D4BA-4991-8900-49C18DC8BDB1}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{B0E8905C-E2E9-42B7-ABCF-749EBEF79CD2}E:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\blizzard downloader.exe | 
"TCP Query User{C6B07E16-BA0F-46E6-8288-5A4534C430B2}E:\games\css\hl2.exe" = protocol=6 | dir=in | app=e:\games\css\hl2.exe | 
"TCP Query User{C6E7FFE9-4867-4EE4-AF70-50E82331C90E}E:\lol.launcher.exe" = protocol=6 | dir=in | app=e:\lol.launcher.exe | 
"TCP Query User{D58BB7FD-EAD3-410D-A1D8-D34A03FFE8A9}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"TCP Query User{E107C792-255C-4B6D-B02A-0AA8D3491CAD}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe | 
"TCP Query User{EB1AC76D-0928-473B-AA9E-A31F0BB1E20C}E:\games\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=e:\games\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{EB1AECC5-6940-42EC-8514-EE2C50B4A60F}E:\games\metin2\metin2.bin" = protocol=6 | dir=in | app=e:\games\metin2\metin2.bin | 
"UDP Query User{05924FCB-9496-4A6A-8EF3-A05D6BF3C24B}E:\lol-replay-recorder\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=e:\lol-replay-recorder\lolreplay\lolreplay.exe | 
"UDP Query User{0D7C2E51-B0F6-48B9-B0E5-57F737E57BC1}E:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\blizzard downloader.exe | 
"UDP Query User{3679ACF5-D3D0-4D60-80CA-58109A0A679B}E:\games\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=e:\games\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{39199FB0-FB18-44EF-8E49-2F8748717A38}E:\lol.launcher.exe" = protocol=17 | dir=in | app=e:\lol.launcher.exe | 
"UDP Query User{4D4687FE-DA70-44CF-9D72-1C2619D3F8EE}C:\wolfteam\wolfteam.bin" = protocol=17 | dir=in | app=c:\wolfteam\wolfteam.bin | 
"UDP Query User{5A573AC6-E6BB-4605-9CD9-6536B589BF0E}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{5A7C18C0-7D10-4E17-AC23-86688378DA3C}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"UDP Query User{6FC7088E-28C9-4058-8E32-FF89A6435349}E:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
"UDP Query User{7456844D-FF1C-4EC5-BDB9-708E13DAA7F6}E:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{75A4774C-A191-4392-BC42-1BE266324731}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | 
"UDP Query User{8296B8C3-35E5-407B-A693-3B529A89A1C9}E:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\blizzard downloader.exe | 
"UDP Query User{95E46AB0-F41D-42A3-9AE1-CC8E07FFED33}C:\users\chrissi\downloads\runes_of_magic_4_0_1_2430_eu_full.exe" = protocol=17 | dir=in | app=c:\users\chrissi\downloads\runes_of_magic_4_0_1_2430_eu_full.exe | 
"UDP Query User{AA4B7932-B010-4434-A0A6-6E620A670B5B}E:\lol-recorder\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=e:\lol-recorder\lolreplay\lolreplay.exe | 
"UDP Query User{C7327AA3-7D4F-4E16-9AAC-835CFEC0026B}E:\games\metin2\metin2.bin" = protocol=17 | dir=in | app=e:\games\metin2\metin2.bin | 
"UDP Query User{CA13CD93-FC2D-4FE5-875E-D5164394AF49}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe | 
"UDP Query User{E0782B51-7C83-4C09-AE23-A35B45A9DBD6}E:\cod\cod !\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\cod\cod !\call of duty black ops\blackops.exe | 
"UDP Query User{E9B8EB43-5404-4562-AD9F-14A6D0C2FFFA}E:\games\ut\system\unrealtournament.exe" = protocol=17 | dir=in | app=e:\games\ut\system\unrealtournament.exe | 
"UDP Query User{ED8F4D3E-69F2-40CB-B826-819E8EEF4DAC}E:\games\css\hl2.exe" = protocol=17 | dir=in | app=e:\games\css\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7AAD31-0E7F-8330-5BDF-C6D6465E62C2}" = CCC Help Swedish
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{129FC9F8-206B-4C29-9B45-8D53B10EC6C7}" = xVideoServiceThief
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25887983-54F3-4F55-A7C5-91229AD67C16}" = Bluesoleil 5.4.277.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2A43E9C5-0067-1F86-0F77-DD46F2F45ED8}" = CCC Help Polish
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{35B99438-30FE-1A05-A578-B4DCA5FFBBB2}" = CCC Help Chinese Traditional
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40874EDE-B8A9-6A31-4A52-C288C324AE04}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D76D3E3-3670-E2E1-F076-9E9FA8F56EDD}" = CCC Help Korean
"{51B4514C-C575-9ED8-6712-C91285595B9F}" = CCC Help Italian
"{54D60FD0-ADAF-415A-8D65-9AB9681D4888}" = SanDisk ® Media Manager
"{55884B14-DB87-6F29-0FF4-A0D9B397D66B}" = CCC Help Norwegian
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{62EB454C-0F75-F3D1-B9A7-699697FCF786}" = CCC Help Danish
"{638F06F3-ADE3-0ABC-6AC5-B84C9333D881}" = CCC Help English
"{66CB1CC0-2D07-1F72-645B-37D67A8C5F7C}" = CCC Help Chinese Standard
"{67B71FB9-B707-E4A1-7F53-5DC9DB1B6659}" = CCC Help Portuguese
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BD07FEF-356B-F42A-4D64-09705FBEEAF6}" = Catalyst Control Center Localization All
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7A22584B-5E01-AB78-C592-83C048D84502}" = CCC Help Hungarian
"{82CFE8BE-7E1E-B4D3-7F72-4E2C4558A6BE}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{840E5EC4-8D97-FC73-B2AF-8D16715AE063}" = CCC Help French
"{875B4BC4-9DCF-9F13-0276-90E42F51ABF5}" = CCC Help Greek
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{984700C4-F25E-28CD-42B6-6A383ACD3C5F}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2A9984E-4653-C01E-1940-DAABC39EEF83}" = ccc-utility
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A35DF9A4-0EAC-BC11-728C-5ED4E0FE8BA4}" = CCC Help Czech
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{AE9CEE97-0769-0459-73F3-6EF150A094F5}" = Catalyst Control Center Graphics Previews Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6C2A26A-71A6-6FE7-AC99-7EDB9B867D7F}" = CCC Help Turkish
"{BACBDBE8-5DAC-D47A-D2E3-E9FE6772DA1B}" = CCC Help Thai
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0EC7B14-C363-8FCF-728E-A94144B31518}" = AMD Catalyst Install Manager
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79122EB-CC8D-5F75-98DB-9A0D3EC138AE}" = AMD VISION Engine Control Center
"{DB42F91B-5E22-F0F5-6D99-55A7BC85B412}" = CCC Help Japanese
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E82B4787-A055-8A14-8FA9-A184197B0D27}" = AMD AVIVO Codecs
"{EE6CC1D0-C6A5-46F8-BBA5-84643A7E6FDC}" = CCC Help Russian
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B305E7-07AD-E146-0335-1973B9C39C29}" = AMD Fuel
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA8004A5-E87B-F61F-5619-31660A8DE97B}" = CCC Help Spanish
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Daten-Retter_Daten-Retter_is1" = Daten-Retter
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Fraps" = Fraps
"Free Video Dub_is1" = Free Video Dub version 1.8.12.602
"Free Video to Nokia Phones Converter_is1" = Free Video to Nokia Phones Converter version 2.2.12.305
"hon" = Heroes of Newerth
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Logitech Vid" = Logitech Vid HD
"LOLReplay" = LOLReplay
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"myphotobook" = myphotobook 3.1
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WolfTeam-DE" = WolfTeam-DE
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"GeoGebra WebStart" = GeoGebra WebStart
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.12.2011 12:01:25 | Computer Name = chrissi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_Dnscache, Version 6.0.6001.18000,
 Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel
 0x4cb73436, Ausnahmecode 0xc0000008, Fehleroffset 0x00074548,  Prozess-ID 0x660, 
Anwendungsstartzeit 01ccb29dd0951a6d.
 
Error - 04.12.2011 13:01:43 | Computer Name = chrissi-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1468  Anfangszeit: 01ccb2a633047fdd  Zeitpunkt
 der Beendigung: 0
 
Error - 04.12.2011 13:07:30 | Computer Name = chrissi-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1190  Anfangszeit: 01ccb2a6f52d64fd  Zeitpunkt
 der Beendigung: 4
 
Error - 04.12.2011 13:07:36 | Computer Name = chrissi-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.6.0.5620 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 15e0  Anfangszeit: 01ccb2a6319d103d  Zeitpunkt der Beendigung:
 4
 
Error - 04.12.2011 13:13:44 | Computer Name = chrissi-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.6.0.5620 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 11b0  Anfangszeit: 01ccb2a73ab2067d  Zeitpunkt der Beendigung:
 10
 
Error - 04.12.2011 13:14:22 | Computer Name = chrissi-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1680  Anfangszeit: 01ccb2a8155f516d  Zeitpunkt
 der Beendigung: 3
 
Error - 04.12.2011 13:43:40 | Computer Name = chrissi-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.6.0.5620 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 113c  Anfangszeit: 01ccb2ac0f75048d  Zeitpunkt der Beendigung:
 0
 
Error - 04.12.2011 13:43:53 | Computer Name = chrissi-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: d08  Anfangszeit: 01ccb2ac16dbcb0d  Zeitpunkt
 der Beendigung: 0
 
Error - 04.12.2011 13:44:03 | Computer Name = chrissi-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1200  Anfangszeit: 01ccb2ac4b6e694d  Zeitpunkt
 der Beendigung: 16
 
Error - 04.12.2011 13:45:02 | Computer Name = chrissi-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: e54  Anfangszeit: 01ccb2ac58bb518d  Zeitpunkt
 der Beendigung: 0
 
[ System Events ]
Error - 15.12.2011 14:19:42 | Computer Name = chrissi-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 15.12.2011 14:19:42 | Computer Name = chrissi-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 15.12.2011 14:19:42 | Computer Name = chrissi-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 15.12.2011 18:44:32 | Computer Name = chrissi-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2011 08:44:48 | Computer Name = chrissi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.12.2011 08:44:48 | Computer Name = chrissi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.12.2011 08:44:48 | Computer Name = chrissi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.12.2011 08:44:48 | Computer Name = chrissi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.12.2011 08:44:57 | Computer Name = chrissi-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 16.12.2011 08:45:26 | Computer Name = chrissi-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
 
< End of report >

--- --- ---

Chris4You · 16.12.2011, 21:26

Hi,

sieht gar nicht so schlecht aus, was macht der Rechner?

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = dword:0x00

:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Whooop · 16.12.2011, 23:46

Hier erst mal die OTL Logs:

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: chrissi
->Temp folder emptied: 133012410 bytes
->Temporary Internet Files folder emptied: 336876082 bytes
->Java cache emptied: 29082870 bytes
->FireFox cache emptied: 63406023 bytes
->Google Chrome cache emptied: 6515406 bytes
->Flash cache emptied: 11603 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40235 bytes
RecycleBin emptied: 1574504 bytes

Total Files Cleaned = 544,00 mb

[EMPTYFLASH]

User: All Users

User: chrissi
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12162011_233616

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.12.2011 16:17:03 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\chrissi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 44,62% Memory free
6,73 Gb Paging File | 3,97 Gb Available in Paging File | 58,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,42 Gb Total Space | 132,54 Gb Free Space | 57,02% Space Free | Partition Type: NTFS
Drive E: | 231,87 Gb Total Space | 178,45 Gb Free Space | 76,96% Space Free | Partition Type: NTFS
Drive F: | 55,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRISSI-PC | User Name: chrissi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\LoL-Replay-Recorder\LOLReplay\LOLRecorder.exe (LOL Replay)
PRC - C:\Users\chrissi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Riot Games\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\League of Legends.exe ()
PRC - C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe ()
PRC - C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.0.114\deploy\LolClient.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\RocketDock\RocketDock.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - E:\LoL-Replay-Recorder\LOLReplay\LOLUtils.dll ()
MOD - C:\Riot Games\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\rads.dll ()
MOD - C:\Riot Games\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\League of Legends.exe ()
MOD - E:\LoL-Replay-Recorder\LOLReplay\Air.dll ()
MOD - E:\LoL-Replay-Recorder\LOLReplay\Launcher.dll ()
MOD - E:\LoL-Replay-Recorder\LOLReplay\Compression.dll ()
MOD - E:\LoL-Replay-Recorder\LOLReplay\Recorder.dll ()
MOD - C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\22e853d2fe1435baa459685dee7ce7b7\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\244632c797f8e7997b177a96806afa5c\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\525882eedcc1764d44cff3da55c1b047\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.35\deploy\LoLLauncher.exe ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Riot Games\League of Legends\rads\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\util.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
MOD - C:\Programme\RocketDock\RocketDock.exe ()
MOD - C:\Programme\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) --  File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b427739.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (BlueSoleilCS) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsHelpCS) -- C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (LVUVC) Logitech Webcam 300(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (BTNetFilter) -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.0&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "de.search-results.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.1&q="
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.14 22:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2010.11.05 19:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrissi\AppData\Roaming\mozilla\Extensions
[2011.12.15 13:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions
[2011.02.04 20:48:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.07 18:00:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.07 18:00:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.24 15:14:47 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\DTToolbar@toolbarnet.com
[2011.05.24 15:14:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\engine@conduit.com
[2011.04.27 20:55:10 | 000,000,000 | ---D | M] (vShare) -- C:\Users\chrissi\AppData\Roaming\mozilla\Firefox\Profiles\r5ioesar.default\extensions\vshare@toolbar
[2011.04.14 09:22:10 | 000,000,873 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\conduit.xml
[2011.05.23 19:34:06 | 000,002,342 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icq-search.xml
[2011.05.17 08:55:20 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-1.xml
[2011.08.16 19:53:06 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-10.xml
[2011.08.18 19:37:16 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-11.xml
[2011.09.02 15:47:50 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-12.xml
[2011.09.07 15:52:40 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-13.xml
[2011.09.22 14:09:35 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-14.xml
[2011.09.27 20:52:34 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-15.xml
[2011.10.04 23:35:34 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-16.xml
[2011.11.08 15:17:23 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-17.xml
[2011.11.14 22:41:26 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-18.xml
[2011.11.14 22:42:27 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-19.xml
[2011.02.21 14:28:02 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-2.xml
[2011.12.09 13:31:58 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-20.xml
[2011.03.03 13:23:30 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-3.xml
[2011.03.05 01:05:01 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-4.xml
[2011.03.23 19:29:11 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-5.xml
[2011.03.27 00:39:11 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-6.xml
[2011.05.29 13:48:36 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-7.xml
[2011.07.04 10:04:31 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-8.xml
[2011.07.15 22:40:50 | 000,000,950 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\icqplugin.xml
[2011.04.27 20:55:28 | 000,001,583 | ---- | M] () -- C:\Users\chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\r5ioesar.default\searchplugins\web-search.xml
[2011.11.10 18:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.10 18:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.14 22:05:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKCU..\Run: [Overwolf] C:\Program Files\Overwolf\Overwolf.exe -silent File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAFB8B9-39F3-4C5A-8B14-914E1FA4321D}: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB4876E1-60D9-4374-A2FB-29351A59450E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\chrissi\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\chrissi\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.02.22 08:47:12 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{23290e40-e685-11df-aa0a-001c2583e192}\Shell - "" = AutoRun
O33 - MountPoints2\{23290e40-e685-11df-aa0a-001c2583e192}\Shell\AutoRun\command - "" = L:\pushinst.exe
O33 - MountPoints2\{ce9c7830-e67e-11df-a43c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ce9c7830-e67e-11df-a43c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\DWizard.exe -- [2011.03.08 10:02:08 | 001,046,912 | R--- | M] (D-Link Corp.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.16 16:13:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chrissi\Desktop\OTL.exe
[2011.12.15 03:02:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.15 03:02:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.15 03:02:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.15 03:02:32 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.15 03:02:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.15 03:02:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 07:29:47 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 07:29:47 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 07:29:44 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 07:29:42 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 07:29:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 07:29:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.03 13:56:19 | 000,000,000 | ---D | C] -- C:\Users\chrissi\AppData\Roaming\Google
[2011.12.03 13:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.12.03 13:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011.11.30 17:37:13 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.28 21:49:10 | 000,000,000 | ---D | C] -- C:\Users\chrissi\Documents\888poker
[2011.11.28 21:49:09 | 000,000,000 | ---D | C] -- C:\Users\chrissi\Start Menu
[2011.11.28 21:49:09 | 000,000,000 | ---D | C] -- C:\Users\chrissi\Application Data
[2011.11.28 21:49:09 | 000,000,000 | ---D | C] -- C:\Users\chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
[2011.11.28 21:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
[2011.11.28 21:48:23 | 000,000,000 | ---D | C] -- C:\Users\chrissi\AppData\Roaming\PacificPoker
[2011.11.28 21:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\PacificPoker
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.16 17:01:15 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.16 16:15:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chrissi\Desktop\OTL.exe
[2011.12.16 15:44:36 | 000,005,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 15:44:36 | 000,005,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 15:25:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.16 14:01:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.16 13:54:01 | 000,000,961 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2011.12.16 13:51:02 | 000,000,520 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2011.12.16 13:50:48 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.16 13:50:48 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.16 13:50:48 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.16 13:50:48 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.16 13:47:23 | 000,005,100 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
[2011.12.16 13:47:23 | 000,000,102 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
[2011.12.16 13:44:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.12.16 13:44:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.16 13:44:26 | 3487,039,488 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.16 13:44:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.12.15 03:24:05 | 000,279,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.09 19:23:57 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.03 12:00:49 | 000,000,680 | ---- | M] () -- C:\Users\chrissi\AppData\Local\d3d9caps.dat
[2011.11.28 21:49:09 | 000,001,835 | ---- | M] () -- C:\Users\chrissi\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.11.18 21:40:54 | 000,003,763 | ---- | M] () -- C:\Windows\System32\SHORTCUT.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.28 21:49:09 | 000,001,835 | ---- | C] () -- C:\Users\chrissi\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2011.11.22 21:37:16 | 000,000,680 | ---- | C] () -- C:\Users\chrissi\AppData\Local\d3d9caps.dat
[2011.11.17 21:27:02 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.07.20 13:14:39 | 000,003,763 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2011.07.20 13:14:29 | 000,000,520 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2011.07.20 13:14:26 | 000,005,100 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2011.07.20 13:14:24 | 000,000,102 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2011.07.20 13:09:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2011.06.06 20:31:22 | 000,029,696 | ---- | C] () -- C:\Windows\System32\SynCtrld.dll
[2011.05.18 16:18:32 | 002,771,968 | ---- | C] () -- C:\Windows\System32\wxmsw28u_core_vc_custom.dll
[2011.05.18 16:18:32 | 001,163,776 | ---- | C] () -- C:\Windows\System32\wxbase28u_vc_custom.dll
[2011.05.18 16:18:32 | 000,681,472 | ---- | C] () -- C:\Windows\System32\wxmsw28u_adv_vc_custom.dll
[2011.05.18 16:18:32 | 000,492,032 | ---- | C] () -- C:\Windows\System32\wxmsw28u_xrc_vc_custom.dll
[2011.05.18 16:18:32 | 000,470,528 | ---- | C] () -- C:\Windows\System32\wxmsw28u_html_vc_custom.dll
[2011.05.18 16:18:32 | 000,119,808 | ---- | C] () -- C:\Windows\System32\wxbase28u_net_vc_custom.dll
[2011.05.18 16:18:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\wxbase28u_xml_vc_custom.dll
[2011.05.18 10:51:11 | 000,000,136 | ---- | C] () -- C:\ProgramData\~29679352r
[2011.05.18 10:51:11 | 000,000,112 | ---- | C] () -- C:\ProgramData\~29679352
[2011.05.18 10:51:06 | 000,000,392 | ---- | C] () -- C:\ProgramData\29679352
[2011.04.24 14:58:29 | 000,029,239 | ---- | C] () -- C:\Users\chrissi\AppData\Roaming\UserTile.png
[2011.04.20 17:30:06 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.04.13 21:01:36 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.04.01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.04.01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 03:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.24 21:02:41 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.03.24 21:02:40 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.01.23 01:44:44 | 000,000,016 | ---- | C] () -- C:\Users\chrissi\AppData\Local\mxfilerelatedcache.mxc2
[2011.01.12 16:53:54 | 000,027,136 | ---- | C] () -- C:\Users\chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.25 20:43:54 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2010.11.27 20:48:31 | 000,000,016 | ---- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2010.11.15 14:08:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.11.14 20:45:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.11.14 20:45:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.11.07 16:28:31 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.07 15:55:14 | 000,000,016 | ---- | C] () -- C:\Users\chrissi\AppData\Roaming\mxfilerelatedcache.mxc2
[2010.11.05 19:19:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.29 02:13:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.05.07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.09.07 14:42:42 | 000,000,961 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2009.09.02 08:39:46 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2009.06.17 13:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2007.09.14 09:27:05 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.09.14 09:12:14 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.09.14 08:44:13 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007.09.14 08:44:13 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007.09.14 08:40:24 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.09.14 07:25:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.14 07:24:00 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2006.12.05 12:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 16:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,279,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

--- --- ---

Whooop · 16.12.2011, 23:49

Ok was bedeutet denn "Laden Sie das Archiv TDSSKiller.zip herunter und entpacken Sie es in einen einzelnen Ordner mit einem Archivierungsprogramm (z.B. WinZip) auf dem infizierten (oder potentiell infizierten) Rechner."

Muss ich vorher was bestimmtes mit dem Ordner machen ?

Danke für die tolle bisherige Hilfe!

Whooop · 16.12.2011, 23:54

Ok hier der TDSS-Log:

23:52:13.0864 6040 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
23:52:13.0963 6040 ============================================================
23:52:13.0963 6040 Current date / time: 2011/12/16 23:52:13.0963
23:52:13.0963 6040 SystemInfo:
23:52:13.0963 6040
23:52:13.0963 6040 OS Version: 6.0.6002 ServicePack: 2.0
23:52:13.0963 6040 Product type: Workstation
23:52:13.0963 6040 ComputerName: CHRISSI-PC
23:52:13.0964 6040 UserName: chrissi
23:52:13.0964 6040 Windows directory: C:\Windows
23:52:13.0964 6040 System windows directory: C:\Windows
23:52:13.0964 6040 Processor architecture: Intel x86
23:52:13.0964 6040 Number of processors: 2
23:52:13.0964 6040 Page size: 0x1000
23:52:13.0964 6040 Boot type: Normal boot
23:52:13.0964 6040 ============================================================
23:52:15.0199 6040 Initialize success
23:52:17.0300 3476 ============================================================
23:52:17.0300 3476 Scan started
23:52:17.0300 3476 Mode: Manual;
23:52:17.0300 3476 ============================================================
23:52:19.0127 3476 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:52:19.0152 3476 ACPI - ok
23:52:19.0212 3476 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:52:19.0372 3476 adp94xx - ok
23:52:19.0407 3476 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:52:19.0457 3476 adpahci - ok
23:52:19.0522 3476 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:52:19.0532 3476 adpu160m - ok
23:52:19.0562 3476 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:52:19.0562 3476 adpu320 - ok
23:52:19.0637 3476 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:52:19.0652 3476 AFD - ok
23:52:19.0682 3476 AgereSoftModem - ok
23:52:19.0760 3476 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
23:52:19.0760 3476 agp440 - ok
23:52:19.0822 3476 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:52:19.0838 3476 aic78xx - ok
23:52:19.0884 3476 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
23:52:19.0884 3476 aliide - ok
23:52:19.0947 3476 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
23:52:19.0962 3476 amdagp - ok
23:52:19.0994 3476 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
23:52:20.0009 3476 amdide - ok
23:52:20.0072 3476 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
23:52:20.0072 3476 amdiox86 - ok
23:52:20.0118 3476 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:52:20.0134 3476 AmdK7 - ok
23:52:20.0196 3476 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
23:52:20.0196 3476 AmdK8 - ok
23:52:20.0493 3476 amdkmdag (aeae5ecbeaa0107d36c0b94ef341abc7) C:\Windows\system32\DRIVERS\atikmdag.sys
23:52:20.0540 3476 amdkmdag - ok
23:52:20.0571 3476 amdkmdap (60643c3abe28015269a62eb3dd4a49f4) C:\Windows\system32\DRIVERS\atikmpag.sys
23:52:20.0571 3476 amdkmdap - ok
23:52:20.0727 3476 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:52:20.0727 3476 arc - ok
23:52:20.0774 3476 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:52:20.0789 3476 arcsas - ok
23:52:20.0852 3476 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:52:20.0852 3476 AsyncMac - ok
23:52:20.0914 3476 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:52:20.0914 3476 atapi - ok
23:52:20.0992 3476 AtiHDAudioService (1af3b5f04cc572daffcb6b5528c63134) C:\Windows\system32\drivers\AtihdLH3.sys
23:52:21.0008 3476 AtiHDAudioService - ok
23:52:21.0320 3476 atikmdag (aeae5ecbeaa0107d36c0b94ef341abc7) C:\Windows\system32\DRIVERS\atikmdag.sys
23:52:21.0351 3476 atikmdag - ok
23:52:21.0460 3476 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
23:52:21.0476 3476 AtiPcie - ok
23:52:21.0538 3476 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
23:52:21.0538 3476 avgntflt - ok
23:52:21.0588 3476 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
23:52:21.0598 3476 avipbb - ok
23:52:21.0628 3476 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
23:52:21.0638 3476 avkmgr - ok
23:52:21.0718 3476 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
23:52:21.0718 3476 avmeject - ok
23:52:21.0808 3476 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:52:21.0808 3476 Beep - ok
23:52:21.0858 3476 blbdrive - ok
23:52:21.0938 3476 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:52:21.0948 3476 bowser - ok
23:52:22.0008 3476 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:52:22.0008 3476 BrFiltLo - ok
23:52:22.0048 3476 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:52:22.0048 3476 BrFiltUp - ok
23:52:22.0098 3476 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:52:22.0108 3476 Brserid - ok
23:52:22.0128 3476 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:52:22.0128 3476 BrSerWdm - ok
23:52:22.0188 3476 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:52:22.0198 3476 BrUsbMdm - ok
23:52:22.0238 3476 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:52:22.0248 3476 BrUsbSer - ok
23:52:22.0358 3476 BT (33a331bd56aeaef290e175e926d52c57) C:\Windows\system32\DRIVERS\btnetdrv.sys
23:52:22.0368 3476 BT - ok
23:52:22.0448 3476 Btcsrusb (cd4113699ce34fe4b63c99aaa13f10c1) C:\Windows\system32\Drivers\btcusb.sys
23:52:22.0448 3476 Btcsrusb - ok
23:52:22.0558 3476 BtHidBus (ac2e61482a57ea50730f8c2679f37040) C:\Windows\system32\Drivers\BtHidBus.sys
23:52:22.0568 3476 BtHidBus - ok
23:52:22.0648 3476 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:52:22.0658 3476 BTHMODEM - ok
23:52:22.0788 3476 btnetBUs (6783c5c81bfb640469468a80dfa1ccb3) C:\Windows\system32\Drivers\btnetBus.sys
23:52:22.0788 3476 btnetBUs - ok
23:52:22.0848 3476 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
23:52:22.0858 3476 BTNetFilter - ok
23:52:22.0958 3476 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:52:22.0978 3476 cdfs - ok
23:52:23.0028 3476 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:52:23.0038 3476 cdrom - ok
23:52:23.0088 3476 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
23:52:23.0098 3476 circlass - ok
23:52:23.0158 3476 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:52:23.0188 3476 CLFS - ok
23:52:23.0248 3476 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
23:52:23.0258 3476 CmBatt - ok
23:52:23.0288 3476 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
23:52:23.0288 3476 cmdide - ok
23:52:23.0348 3476 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:52:23.0358 3476 Compbatt - ok
23:52:23.0378 3476 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:52:23.0388 3476 crcdisk - ok
23:52:23.0418 3476 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:52:23.0428 3476 Crusoe - ok
23:52:23.0478 3476 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:52:23.0478 3476 DfsC - ok
23:52:23.0618 3476 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:52:23.0628 3476 disk - ok
23:52:23.0708 3476 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:52:23.0708 3476 drmkaud - ok
23:52:23.0768 3476 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:52:23.0768 3476 dtsoftbus01 - ok
23:52:23.0838 3476 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:52:23.0858 3476 DXGKrnl - ok
23:52:23.0908 3476 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:52:23.0918 3476 E1G60 - ok
23:52:23.0958 3476 EagleNT - ok
23:52:24.0048 3476 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:52:24.0058 3476 Ecache - ok
23:52:24.0148 3476 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:52:24.0158 3476 elxstor - ok
23:52:24.0238 3476 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:52:24.0238 3476 exfat - ok
23:52:24.0298 3476 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:52:24.0308 3476 fastfat - ok
23:52:24.0368 3476 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:52:24.0378 3476 fdc - ok
23:52:24.0448 3476 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:52:24.0458 3476 FileInfo - ok
23:52:24.0538 3476 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:52:24.0538 3476 Filetrace - ok
23:52:24.0619 3476 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
23:52:24.0619 3476 flpydisk - ok
23:52:24.0697 3476 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:52:24.0713 3476 FltMgr - ok
23:52:24.0791 3476 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:52:24.0791 3476 Fs_Rec - ok
23:52:24.0838 3476 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
23:52:24.0853 3476 FWLANUSB - ok
23:52:24.0900 3476 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
23:52:24.0916 3476 FwLnk - ok
23:52:24.0947 3476 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:52:24.0962 3476 gagp30kx - ok
23:52:25.0056 3476 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:52:25.0072 3476 HdAudAddService - ok
23:52:25.0150 3476 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:52:25.0165 3476 HDAudBus - ok
23:52:25.0196 3476 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:52:25.0196 3476 HidBth - ok
23:52:25.0259 3476 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:52:25.0274 3476 HidIr - ok
23:52:25.0368 3476 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:52:25.0368 3476 HidUsb - ok
23:52:25.0430 3476 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:52:25.0462 3476 HpCISSs - ok
23:52:25.0657 3476 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:52:25.0692 3476 HTTP - ok
23:52:25.0737 3476 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:52:25.0742 3476 i2omp - ok
23:52:25.0812 3476 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:52:25.0817 3476 i8042prt - ok
23:52:25.0857 3476 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
23:52:25.0867 3476 iaStorV - ok
23:52:25.0912 3476 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:52:25.0917 3476 iirsp - ok
23:52:26.0022 3476 IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys
23:52:26.0122 3476 IntcAzAudAddService - ok
23:52:26.0172 3476 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
23:52:26.0177 3476 intelide - ok
23:52:26.0217 3476 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
23:52:26.0222 3476 intelppm - ok
23:52:26.0277 3476 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:52:26.0282 3476 IpFilterDriver - ok
23:52:26.0312 3476 IpInIp - ok
23:52:26.0362 3476 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:52:26.0372 3476 IPMIDRV - ok
23:52:26.0422 3476 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:52:26.0427 3476 IPNAT - ok
23:52:26.0457 3476 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:52:26.0462 3476 IRENUM - ok
23:52:26.0492 3476 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
23:52:26.0497 3476 isapnp - ok
23:52:26.0552 3476 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:52:26.0557 3476 iScsiPrt - ok
23:52:26.0587 3476 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:52:26.0592 3476 iteatapi - ok
23:52:26.0632 3476 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:52:26.0637 3476 iteraid - ok
23:52:26.0697 3476 IvtBtBUs (01cbb39001afda1152f3fce15ab646ea) C:\Windows\system32\Drivers\IvtBtBus.sys
23:52:26.0702 3476 IvtBtBUs - ok
23:52:26.0742 3476 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:52:26.0747 3476 kbdclass - ok
23:52:26.0777 3476 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:52:26.0782 3476 kbdhid - ok
23:52:26.0832 3476 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys
23:52:26.0842 3476 KR10I - ok
23:52:26.0867 3476 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys
23:52:26.0877 3476 KR10N - ok
23:52:26.0912 3476 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:52:26.0932 3476 KSecDD - ok
23:52:27.0012 3476 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:52:27.0017 3476 lltdio - ok
23:52:27.0072 3476 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:52:27.0082 3476 LSI_FC - ok
23:52:27.0142 3476 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:52:27.0147 3476 LSI_SAS - ok
23:52:27.0212 3476 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:52:27.0217 3476 LSI_SCSI - ok
23:52:27.0277 3476 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:52:27.0282 3476 luafv - ok
23:52:27.0352 3476 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\Windows\system32\DRIVERS\lvpopflt.sys
23:52:27.0357 3476 lvpopflt - ok
23:52:27.0392 3476 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
23:52:27.0397 3476 LVPr2Mon - ok
23:52:27.0447 3476 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys
23:52:27.0462 3476 LVRS - ok
23:52:27.0611 3476 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
23:52:27.0752 3476 LVUVC - ok
23:52:27.0845 3476 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
23:52:27.0861 3476 MBAMProtector - ok
23:52:27.0908 3476 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:52:27.0908 3476 megasas - ok
23:52:27.0955 3476 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:52:27.0955 3476 Modem - ok
23:52:28.0033 3476 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:52:28.0033 3476 monitor - ok
23:52:28.0048 3476 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:52:28.0064 3476 mouclass - ok
23:52:28.0111 3476 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:52:28.0111 3476 mouhid - ok
23:52:28.0173 3476 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:52:28.0173 3476 MountMgr - ok
23:52:28.0220 3476 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:52:28.0235 3476 mpio - ok
23:52:28.0298 3476 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:52:28.0298 3476 mpsdrv - ok
23:52:28.0376 3476 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:52:28.0376 3476 Mraid35x - ok
23:52:28.0454 3476 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:52:28.0469 3476 MRxDAV - ok
23:52:28.0532 3476 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:52:28.0547 3476 mrxsmb - ok
23:52:28.0625 3476 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:52:28.0657 3476 mrxsmb10 - ok
23:52:28.0750 3476 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:52:28.0766 3476 mrxsmb20 - ok
23:52:28.0813 3476 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
23:52:28.0813 3476 msahci - ok
23:52:28.0859 3476 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:52:28.0875 3476 msdsm - ok
23:52:28.0984 3476 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:52:29.0000 3476 Msfs - ok
23:52:29.0078 3476 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:52:29.0078 3476 msisadrv - ok
23:52:29.0156 3476 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:52:29.0171 3476 MSKSSRV - ok
23:52:29.0218 3476 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:52:29.0218 3476 MSPCLOCK - ok
23:52:29.0281 3476 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:52:29.0281 3476 MSPQM - ok
23:52:29.0359 3476 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:52:29.0359 3476 MsRPC - ok
23:52:29.0421 3476 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:52:29.0421 3476 mssmbios - ok
23:52:29.0452 3476 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:52:29.0468 3476 MSTEE - ok
23:52:29.0515 3476 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:52:29.0515 3476 Mup - ok
23:52:29.0561 3476 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:52:29.0571 3476 NativeWifiP - ok
23:52:29.0653 3476 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:52:29.0658 3476 NDIS - ok
23:52:29.0708 3476 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:52:29.0711 3476 NdisTapi - ok
23:52:29.0771 3476 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:52:29.0776 3476 Ndisuio - ok
23:52:29.0838 3476 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:52:29.0846 3476 NdisWan - ok
23:52:29.0903 3476 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:52:29.0908 3476 NDProxy - ok
23:52:29.0973 3476 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:52:29.0978 3476 NetBIOS - ok
23:52:30.0051 3476 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:52:30.0063 3476 netbt - ok
23:52:30.0098 3476 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:52:30.0116 3476 nfrd960 - ok
23:52:30.0158 3476 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:52:30.0163 3476 Npfs - ok
23:52:30.0238 3476 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:52:30.0241 3476 nsiproxy - ok
23:52:30.0318 3476 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:52:30.0323 3476 Ntfs - ok
23:52:30.0356 3476 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:52:30.0358 3476 ntrigdigi - ok
23:52:30.0426 3476 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:52:30.0428 3476 Null - ok
23:52:30.0493 3476 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
23:52:30.0493 3476 nvraid - ok
23:52:30.0526 3476 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
23:52:30.0531 3476 nvstor - ok
23:52:30.0561 3476 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
23:52:30.0561 3476 nv_agp - ok
23:52:30.0593 3476 NwlnkFlt - ok
23:52:30.0616 3476 NwlnkFwd - ok
23:52:30.0718 3476 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:52:30.0718 3476 ohci1394 - ok
23:52:30.0801 3476 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
23:52:30.0806 3476 Parport - ok
23:52:30.0856 3476 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:52:30.0863 3476 partmgr - ok
23:52:30.0898 3476 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
23:52:30.0901 3476 Parvdm - ok
23:52:30.0968 3476 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:52:30.0971 3476 pci - ok
23:52:31.0011 3476 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
23:52:31.0013 3476 pciide - ok
23:52:31.0056 3476 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:52:31.0066 3476 pcmcia - ok
23:52:31.0146 3476 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:52:31.0218 3476 PEAUTH - ok
23:52:31.0373 3476 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:52:31.0381 3476 PptpMiniport - ok
23:52:31.0416 3476 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:52:31.0421 3476 Processor - ok
23:52:31.0488 3476 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:52:31.0496 3476 PSched - ok
23:52:31.0551 3476 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:52:31.0561 3476 ql2300 - ok
23:52:31.0606 3476 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:52:31.0616 3476 ql40xx - ok
23:52:31.0681 3476 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:52:31.0686 3476 QWAVEdrv - ok
23:52:31.0738 3476 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:52:31.0741 3476 RasAcd - ok
23:52:31.0808 3476 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:52:31.0816 3476 Rasl2tp - ok
23:52:31.0861 3476 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:52:31.0866 3476 RasPppoe - ok
23:52:31.0933 3476 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:52:31.0941 3476 RasSstp - ok
23:52:32.0006 3476 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:52:32.0018 3476 rdbss - ok
23:52:32.0068 3476 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:52:32.0073 3476 RDPCDD - ok
23:52:32.0168 3476 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
23:52:32.0213 3476 rdpdr - ok
23:52:32.0243 3476 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:52:32.0251 3476 RDPENCDD - ok
23:52:32.0341 3476 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:52:32.0356 3476 RDPWD - ok
23:52:32.0434 3476 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
23:52:32.0450 3476 rimmptsk - ok
23:52:32.0512 3476 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
23:52:32.0512 3476 rimsptsk - ok
23:52:32.0543 3476 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
23:52:32.0559 3476 rismxdp - ok
23:52:32.0653 3476 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
23:52:32.0653 3476 ROOTMODEM - ok
23:52:32.0731 3476 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:52:32.0746 3476 rspndr - ok
23:52:32.0793 3476 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
23:52:32.0809 3476 RTL8169 - ok
23:52:32.0840 3476 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:52:32.0855 3476 sbp2port - ok
23:52:32.0918 3476 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
23:52:32.0933 3476 sdbus - ok
23:52:32.0949 3476 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:52:32.0949 3476 secdrv - ok
23:52:32.0996 3476 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
23:52:32.0996 3476 Serenum - ok
23:52:33.0027 3476 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
23:52:33.0027 3476 Serial - ok
23:52:33.0058 3476 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:52:33.0074 3476 sermouse - ok
23:52:33.0105 3476 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
23:52:33.0105 3476 sffdisk - ok
23:52:33.0136 3476 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
23:52:33.0136 3476 sffp_mmc - ok
23:52:33.0152 3476 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
23:52:33.0167 3476 sffp_sd - ok
23:52:33.0183 3476 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:52:33.0199 3476 sfloppy - ok
23:52:33.0261 3476 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
23:52:33.0261 3476 sisagp - ok
23:52:33.0292 3476 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
23:52:33.0308 3476 SiSRaid2 - ok
23:52:33.0339 3476 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:52:33.0355 3476 SiSRaid4 - ok
23:52:33.0417 3476 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:52:33.0433 3476 Smb - ok
23:52:33.0542 3476 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:52:33.0542 3476 spldr - ok
23:52:33.0620 3476 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:52:33.0635 3476 srv - ok
23:52:33.0698 3476 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:52:33.0713 3476 srv2 - ok
23:52:33.0760 3476 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:52:33.0760 3476 srvnet - ok
23:52:33.0838 3476 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
23:52:33.0854 3476 ssmdrv - ok
23:52:33.0947 3476 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:52:33.0947 3476 swenum - ok
23:52:34.0004 3476 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:52:34.0004 3476 Symc8xx - ok
23:52:34.0064 3476 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:52:34.0064 3476 Sym_hi - ok
23:52:34.0104 3476 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:52:34.0104 3476 Sym_u3 - ok
23:52:34.0159 3476 SynTP (11f730bf0d0aa4fe7de7138a32a52422) C:\Windows\system32\DRIVERS\SynTP.sys
23:52:34.0174 3476 SynTP - ok
23:52:34.0274 3476 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:52:34.0334 3476 Tcpip - ok
23:52:34.0419 3476 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:52:34.0424 3476 Tcpip6 - ok
23:52:34.0464 3476 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:52:34.0469 3476 tcpipreg - ok
23:52:34.0534 3476 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:52:34.0534 3476 TDPIPE - ok
23:52:34.0594 3476 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:52:34.0599 3476 TDTCP - ok
23:52:34.0689 3476 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:52:34.0704 3476 tdx - ok
23:52:34.0769 3476 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:52:34.0784 3476 TermDD - ok
23:52:34.0909 3476 Tosrfcom - ok
23:52:34.0969 3476 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
23:52:34.0969 3476 tosrfec - ok
23:52:35.0034 3476 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
23:52:35.0049 3476 tos_sps32 - ok
23:52:35.0119 3476 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:52:35.0129 3476 tssecsrv - ok
23:52:35.0199 3476 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:52:35.0204 3476 tunmp - ok
23:52:35.0239 3476 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:52:35.0239 3476 tunnel - ok
23:52:35.0289 3476 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:52:35.0299 3476 uagp35 - ok
23:52:35.0394 3476 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:52:35.0424 3476 udfs - ok
23:52:35.0489 3476 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
23:52:35.0504 3476 uliagpkx - ok
23:52:35.0559 3476 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:52:35.0589 3476 uliahci - ok
23:52:35.0639 3476 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:52:35.0654 3476 UlSata - ok
23:52:35.0709 3476 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:52:35.0734 3476 ulsata2 - ok
23:52:35.0819 3476 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:52:35.0824 3476 umbus - ok
23:52:35.0889 3476 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
23:52:35.0894 3476 usbaudio - ok
23:52:35.0954 3476 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:52:35.0959 3476 usbccgp - ok
23:52:36.0014 3476 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:52:36.0014 3476 usbcir - ok
23:52:36.0084 3476 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:52:36.0089 3476 usbehci - ok
23:52:36.0124 3476 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:52:36.0134 3476 usbhub - ok
23:52:36.0159 3476 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
23:52:36.0164 3476 usbohci - ok
23:52:36.0225 3476 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
23:52:36.0241 3476 usbprint - ok
23:52:36.0303 3476 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:52:36.0303 3476 USBSTOR - ok
23:52:36.0319 3476 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
23:52:36.0319 3476 usbuhci - ok
23:52:36.0366 3476 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:52:36.0366 3476 usbvideo - ok
23:52:36.0413 3476 VComm (025c2a8cba0ab595d3461d278eff5793) C:\Windows\system32\DRIVERS\VComm.sys
23:52:36.0413 3476 VComm - ok
23:52:36.0459 3476 VcommMgr (95ddf14292354887d7d8c8a0881c7485) C:\Windows\system32\Drivers\VcommMgr.sys
23:52:36.0459 3476 VcommMgr - ok
23:52:36.0491 3476 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:52:36.0506 3476 vga - ok
23:52:36.0537 3476 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:52:36.0553 3476 VgaSave - ok
23:52:36.0569 3476 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
23:52:36.0584 3476 viaagp - ok
23:52:36.0615 3476 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:52:36.0631 3476 ViaC7 - ok
23:52:36.0693 3476 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
23:52:36.0693 3476 viaide - ok
23:52:36.0756 3476 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:52:36.0756 3476 volmgr - ok
23:52:36.0818 3476 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:52:36.0849 3476 volmgrx - ok
23:52:36.0881 3476 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:52:36.0912 3476 volsnap - ok
23:52:36.0943 3476 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:52:36.0943 3476 vsmraid - ok
23:52:36.0990 3476 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:52:37.0005 3476 WacomPen - ok
23:52:37.0052 3476 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:52:37.0052 3476 Wanarp - ok
23:52:37.0052 3476 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:52:37.0052 3476 Wanarpv6 - ok
23:52:37.0083 3476 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:52:37.0099 3476 Wd - ok
23:52:37.0177 3476 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:52:37.0193 3476 Wdf01000 - ok
23:52:37.0286 3476 wlemiv - ok
23:52:37.0333 3476 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
23:52:37.0333 3476 WmiAcpi - ok
23:52:37.0380 3476 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:52:37.0380 3476 WpdUsb - ok
23:52:37.0427 3476 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:52:37.0442 3476 ws2ifsl - ok
23:52:37.0505 3476 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:52:37.0520 3476 WUDFRd - ok
23:52:37.0614 3476 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
23:52:37.0614 3476 yukonwlh - ok
23:52:37.0661 3476 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:52:37.0676 3476 \Device\Harddisk0\DR0 - ok
23:52:37.0676 3476 Boot (0x1200) (76671ff34b8244ac7dbabe02025b8c87) \Device\Harddisk0\DR0\Partition0
23:52:37.0676 3476 \Device\Harddisk0\DR0\Partition0 - ok
23:52:37.0723 3476 Boot (0x1200) (6a56a42e9e2ee507bb36494b08e316bf) \Device\Harddisk0\DR0\Partition1
23:52:37.0723 3476 \Device\Harddisk0\DR0\Partition1 - ok
23:52:37.0723 3476 ============================================================
23:52:37.0723 3476 Scan finished
23:52:37.0723 3476 ============================================================
23:52:37.0754 5788 Detected object count: 0
23:52:37.0754 5788 Actual detected object count: 0

Chris4You · 17.12.2011, 14:29

Hi,

was treibt der Rechner?

chris

Whooop · 17.12.2011, 15:58

Hi, der trojaner ist glaube ich immernoch drauf, da ich heute mal wieder Spybot laufen ließ und der trojaner immernoch gefunden wurde. Weist du noch wie es weiter gehen soll ? Bin echt ratlos.

Edit: Mir ist außerdem aufgefallen, dass Videos seit gestern ( als ich die ganzen Programme laufen gelassen hab) nurnoch am ruckeln sind. Auch wenn die Antivirenprogramme nicht laufen!

Chris4You · 18.12.2011, 14:30

Hi,

nicht gut, dann schießen wir halt mal schärfer...

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet (Spezielle den Spybot)

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

Chris

Whooop · 19.12.2011, 17:03

wie schalt ich die antivirenprogramme denn so aus dass sie nachm reboot nicht neustarten?

Chance hoch dass es passieren kann dass ich den PC neu aufsetzen müsste ? Weiß nämlich im moment nicht wie ^^

Chris4You · 19.12.2011, 17:31

Hi,

dient beides zru Sicherheit. CF disabled normalerweise die Scanner von selbst, das CF einen Rechner so zerschießt das er nicht mehr lauffähig ist, ist bisher bei mir einmal passiert (in ca. 3 Jahren)...

Fürs Neuaufsetzen dem Link folgen, Du brauchst dazu eine Windows-CD (bzw. eine Recovery-CD die mit ausgeliefert wrude bzw. erstellt werden kann... je ach OEM befindet sich auch ein entsprechendes Servicevolumen auf der Festplatte)...

chris

Whooop · 19.12.2011, 18:05

also einfach nur antivirenprogramme ausm windowsstartmenü nehmen sodass die nicht von allein starten und dann das programm ausführen :P ok wird gemacht und ich meld mich dann wieder! Danke !

Kann Trojaner "win32.katusha.o " nicht entfernen!

Plagegeister aller Art und deren Bekämpfung: Kann Trojaner "win32.katusha.o " nicht entfernen!