Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 21.06.2012, 15:18   #1
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Hallo Ihr Lieben,

Das hier ist mein erster Forum Post also entschuldige ich mich hier schonmal für alle Rechtschreibfehler und andere Fehler.

Ich nutze Windows 7 Ultimate 64 bit Service pack 1

Ich habe große Probleme mit meinem Computer.

vor ein paar tagen habe ich dummerweise eine exe datei heruntergeladen und ausgeführt... Darin muss sich einiges versteckt haben.

Nach dem doppelklick verschwand die datei und bei jedem Start von windows sah man kurz die eingabeaufforderung mit der Überschrift : amd accelerated video transcoding device initialisation

habe das dann über den catalyst deinstalliert hat aber nichts gebracht.

Ich kann mit sicherheit sagen das ich einen Redirector habe und bestimmt noch mehr...

Benutze Opera und von google aus redirected der mich immer

wenn der pc hochfährt ist Microsoft Security Essentials nicht geöffnet...

wenn ich im task manager bei prozesse rundll 32 hostprotzess beende lässt sich Microsoft Security Essentials starten ansonsten schliesst es sich sofort wieder.

Zusätzlich kann ich in mein Lieblings Onlinerollenspiel Eden Eternal nicht mehr connecten.

Vor ein Paar monaten hatte ich schonmal einen redirector den ich aber erfolgreich mit TDSS Killer gekillt habe.

Ich habe Malwarebytes anti malware mehrmals durchlaufen lassen das findet nichts mehr.

Nur SUPERAntiSpyware findet nach jedem neustart erneut Adware Tracking cookie.

Ich habe auch verschiedene Online Scans durchlaufen lassen

Ich habe schonmal ein paar logfiles vorbereitet ich hoffe ich poste die hier richtig.

Jetzt kommts Malwarebytes anti Malware Quarantäne:

hxxp://www10.pic-upload.de/21.06.12/wjpsm322i9ap.png



OTL Log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.06.2012 22:01:59 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Fab\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 25,12% Memory free
11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,23% Paging File free
Paging file location(s): c:\pagefile.sys 8096 8099 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 27,99 Gb Free Space | 12,03% Space Free | Partition Type: NTFS
 
Computer Name: FAB | User Name: Fab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fab\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\GUILD WARS\Gw.exe (ArenaNet)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Fab\AppData\Local\Temp\GwA6494.tmp ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (COM Service) -- C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (usj) -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys ()
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (sj) -- C:\AeriaGames\EdenEternal\sjcs64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Tosrfhid) -- C:\Windows\SysWOW64\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbd) -- C:\Windows\SysWOW64\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\SysWOW64\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\SysWOW64\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\SysWOW64\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\Windows\SysWOW64\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\SysWOW64\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\SysWOW64\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 58 E5 F8 49 05 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.9.development.4
FF - prefs.js..extensions.enabledItems: langpack-de@firefox.mozilla.org:3.6.1064
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:   File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.12 17:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.13 12:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 14:11:11 | 000,000,000 | ---D | M]
 
[2011.03.29 23:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Extensions
[2012.02.13 12:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Firefox\Profiles\jiwpuw59.default\extensions
[2012.04.27 14:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 14:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.04.12 17:26:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.02.08 22:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Fab\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.81_0\
CHR - Extension: FB Photo Zoom = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\
CHR - Extension: AdBlock = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Fab\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E17A54-41E4-4FF1-B193-3EABAC8DBA41}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.19 22:00:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.19 14:53:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 02:12:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.19 02:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.19 01:58:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.18 23:05:55 | 001,342,120 | ---- | C] (TocaEdit) -- C:\Users\Fab\Desktop\x360ce.exe
[2012.06.18 23:05:55 | 000,171,176 | ---- | C] (hxxp://x360ce.googlecode.com) -- C:\Users\Fab\Desktop\xinput1_3.dll
[2012.06.14 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silkroad
[2012.06.14 17:45:30 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.14 17:45:30 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.14 17:45:09 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.14 17:45:09 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.14 17:43:29 | 021,869,488 | ---- | C] (Oracle Corporation) -- C:\Users\Fab\Desktop\jre-7u5-windows-x64.exe
[2012.06.14 01:27:52 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\ibot1.1.41
[2012.06.13 02:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Agbot.Package
[2012.05.22 00:14:58 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Local\Aeria Games
[2012.05.22 00:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.05.22 00:10:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.05.22 00:03:13 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.19 22:06:12 | 000,026,786 | ---- | M] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.19 22:06:12 | 000,005,598 | ---- | M] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.19 22:06:12 | 000,004,382 | ---- | M] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.19 22:01:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.19 21:40:26 | 000,000,512 | ---- | M] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 14:53:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 14:41:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 14:41:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 14:39:51 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.19 14:36:50 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.06.19 14:36:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.19 14:36:01 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.19 06:19:47 | 002,109,032 | ---- | M] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.19 02:12:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:06:36 | 000,002,900 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:42:30 | 000,171,176 | ---- | M] (hxxp://x360ce.googlecode.com) -- C:\Users\Fab\Desktop\xinput1_3.dll
[2012.06.18 22:36:20 | 000,090,733 | ---- | M] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 22:04:17 | 000,850,383 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.App-2.0.2.158.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | M] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | M] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.14 17:59:07 | 000,001,889 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.14 17:44:44 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.14 17:44:44 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.14 17:44:44 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.14 17:44:43 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.14 17:44:43 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.06.14 17:43:38 | 021,869,488 | ---- | M] (Oracle Corporation) -- C:\Users\Fab\Desktop\jre-7u5-windows-x64.exe
[2012.06.14 17:32:20 | 001,624,602 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.14 17:32:20 | 000,709,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 17:32:20 | 000,662,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 17:32:20 | 000,153,626 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 17:32:20 | 000,125,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 17:32:06 | 001,624,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 01:27:30 | 007,214,239 | ---- | M] () -- C:\Users\Fab\Desktop\iBot - Public Released v1.1.41.rar
[2012.06.13 03:00:37 | 000,000,612 | ---- | M] () -- C:\Users\Fab\Desktop\agbot - Verknüpfung.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | M] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.13 01:24:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.13 01:24:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.13 01:15:24 | 1308,044,538 | ---- | M] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.30 16:57:32 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012.05.29 10:47:30 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.19 21:40:26 | 000,000,512 | ---- | C] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 14:36:53 | 000,026,786 | ---- | C] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.19 14:36:53 | 000,005,598 | ---- | C] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.19 14:36:53 | 000,004,382 | ---- | C] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.19 06:19:42 | 002,109,032 | ---- | C] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.19 02:12:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.19 00:48:49 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.19 00:48:48 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:15:35 | 000,000,032 | R--- | C] () -- C:\Windows\hash.dat
[2012.06.18 23:05:55 | 000,002,900 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:36:19 | 000,090,733 | ---- | C] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 22:04:14 | 000,850,383 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.App-2.0.2.158.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | C] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | C] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.14 17:59:07 | 000,001,889 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.14 01:27:28 | 007,214,239 | ---- | C] () -- C:\Users\Fab\Desktop\iBot - Public Released v1.1.41.rar
[2012.06.13 03:00:37 | 000,000,612 | ---- | C] () -- C:\Users\Fab\Desktop\agbot - Verknüpfung.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | C] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.12 21:12:42 | 1308,044,538 | ---- | C] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.01 22:34:45 | 000,007,669 | ---- | C] () -- C:\Users\Fab\AppData\Local\Resmon.ResmonCfg
[2012.04.30 13:42:26 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.30 13:42:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.30 11:29:19 | 000,000,342 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Drives Meter_Settings.ini
[2012.04.30 11:10:13 | 000,000,352 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Network Meter_Settings.ini
[2012.04.30 11:08:34 | 000,000,422 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\All CPU Meter_Settings.ini
[2012.04.11 00:32:01 | 000,000,091 | ---- | C] () -- C:\Users\Fab\AppData\Local\fusioncache.dat
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.26 23:35:14 | 000,000,406 | ---- | C] () -- C:\Windows\SysWow64\AutoClick.ini
[2012.02.13 12:43:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.01.28 19:26:51 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2011.11.11 20:37:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.11.11 20:34:55 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.10.24 18:12:17 | 000,040,023 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\UserTile.png
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.13 18:48:43 | 000,003,584 | ---- | C] () -- C:\Users\Fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.11 23:04:37 | 000,101,096 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.06.08 17:14:43 | 000,000,136 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\1.gif
[2011.06.08 17:14:39 | 000,000,012 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\ct_start
[2011.05.14 20:02:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011.04.02 13:34:40 | 000,000,051 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\.dolphinx64wd
[2011.03.29 22:37:47 | 001,624,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.29 22:17:35 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.03.29 22:15:29 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\usetup.exe
[2011.03.29 22:14:27 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\CTray.exe
[2011.03.29 22:14:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\FlashDLL.dll
[2011.03.29 22:14:27 | 000,166,720 | ---- | C] () -- C:\Windows\SysWow64\DrvInfo.dll
[2011.03.29 22:14:27 | 000,154,432 | ---- | C] () -- C:\Windows\SysWow64\HwInfo.dll
[2011.03.29 22:14:27 | 000,146,240 | ---- | C] () -- C:\Windows\SysWow64\DTInfo.dll
[2011.03.29 22:14:27 | 000,133,952 | ---- | C] () -- C:\Windows\SysWow64\HWM.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SInfo.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Rcontrolagent.dll
[2011.03.29 22:14:27 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\CmosDLL.dll
[2011.03.29 22:14:27 | 000,117,256 | ---- | C] () -- C:\Windows\SysWow64\ycc.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\MarkFunDrv.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Flash.dll
[2011.03.29 22:14:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\GMail.dll
[2011.03.29 22:14:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\RecvMsgDLL.dll
[2011.03.29 22:14:27 | 000,101,184 | ---- | C] () -- C:\Windows\SysWow64\COM_ycc.dll
[2011.03.29 22:14:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\w83781d.dll
[2011.03.29 22:14:27 | 000,060,224 | ---- | C] () -- C:\Windows\SysWow64\HUADRV.DLL
[2011.03.29 22:14:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\FLASHFUN.DLL
[2011.03.29 22:14:27 | 000,047,936 | ---- | C] () -- C:\Windows\SysWow64\IOInfo.dll
[2011.03.29 22:14:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\GSCM2.dll
[2011.03.29 22:14:27 | 000,043,840 | ---- | C] () -- C:\Windows\SysWow64\SysConfig.dll
[2011.03.29 22:14:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DeviceID.dll
[2011.03.29 22:14:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\GSCM.dll
[2011.03.29 22:14:27 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\HWAgent.dll
[2011.03.29 22:14:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GCSVR.exe
[2011.03.29 22:14:27 | 000,004,303 | ---- | C] () -- C:\Windows\SysWow64\Mem.dat
[2011.03.29 22:14:27 | 000,000,660 | ---- | C] () -- C:\Windows\SysWow64\Cmos.dat
[2011.03.29 22:00:28 | 000,203,328 | ---- | C] () -- C:\Windows\GSetup.exe
[2011.03.29 22:00:28 | 000,000,027 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.03.29 16:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt
[2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes
[2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0
[2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0
[2011.04.09 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite
[2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid
[2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft
[2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs
[2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo
[2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9
[2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ
[2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON
[2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World
[2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org
[2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera
[2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0
[2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP
[2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA
[2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production
[2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer
[2012.01.28 17:07:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client
[2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011
[2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X
[2012.05.19 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent
[2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd
[2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj
[2012.06.19 14:39:51 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\fkykjgjgph.job
[2012.05.28 14:49:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---







OTL Extras Log:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.06.2012 22:01:59 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Fab\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 25,12% Memory free
11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,23% Paging File free
Paging file location(s): c:\pagefile.sys 8096 8099 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 27,99 Gb Free Space | 12,03% Space Free | Partition Type: NTFS
 
Computer Name: FAB | User Name: Fab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EF41B0-CAB2-470A-BE02-58C62994F8B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C03FC63-0AE1-4FAE-8B81-B033A73F7447}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{11F7058B-800D-4970-BFFA-D9F2751EE613}" = lport=139 | protocol=6 | dir=in | app=system | 
"{178588F0-1F8A-42B4-B530-56DCB7D4DB6E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1A6427FB-ADAB-4E9C-A376-6BEC986C5471}" = lport=137 | protocol=17 | dir=in | app=system | 
"{266A12B9-1295-4127-97FD-5E9F018B181A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{26DE9AA3-E51D-4051-B540-B90F870ED3D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{581D7069-049E-4F1D-8D60-2A60EBA251A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6585C237-A68E-41E1-803D-F08C0B0C7BAC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{690B3DB0-23FC-4355-A09C-828065EFD61A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{741F91D2-7ABC-41C5-8EEB-D62C2DDE513A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{98D1F993-70B2-4699-B120-0DC1E49B31C2}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{A23EC258-F84B-4401-885C-97668D10EE82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A5C51AC0-E014-44BB-87A6-D51D1404C544}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD6027F0-DB44-4EA6-8898-418E6B8D1DCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ADBC0A2E-2EE9-43BF-A4D0-52D9AC8EAFB5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{ADCC6908-15FF-450B-83D5-B32C1E7EB813}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C959795E-BC98-40DD-81D0-719775323F43}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C9A11643-2764-4CFF-9701-AC4540B04984}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CD9042B4-AC28-4145-8957-A0DDF32D9AE1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{CD9D8EE6-65EA-4564-8D0A-FBE30B8535CA}" = lport=49182 | protocol=6 | dir=in | name=akamai netsession interface | 
"{D623C146-4ECE-400C-9C21-113D52E4E56B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D8922840-E9CF-4867-B6E2-53B52091C955}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E14974BC-2AE1-4AE2-9DC7-8B5B26E37EB7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E4E4443E-65A3-4C4C-83FD-1B551A8F324F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E6D05149-14A8-4164-BF50-27753EC84CFE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{EC0D9165-2E7D-4A06-9A34-EEA1249BC416}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{ECE92AFE-B286-47AA-B5FC-382536AECA50}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EED8BC73-0341-42F9-9DFC-D34DAFF9B84D}" = lport=49171 | protocol=6 | dir=in | name=akamai netsession interface | 
"{F03203A7-463C-477A-BCD9-4B207C8AA7E4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F0C8BA13-109F-4CEC-AD5F-0B94ED493C3B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC383E-E754-43D0-8325-9257E063AF59}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{09F746B0-87D8-4B32-A609-7DD7179DB6A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{11FBC199-A243-40C7-843B-D2C1399DBFA1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{125091D0-AA6A-4CE7-9368-E8A70077A5CC}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe | 
"{1379ED50-F62F-431B-BB64-B00F9582B5C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{13A8BD29-D37A-4334-B23B-144BA174AC96}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{14D815F2-FE8C-4947-BEFA-D237674DDD60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{176BCD48-06F9-4EBF-A556-A4F6743683FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{17ACC1BA-DBA5-42EB-8FB4-8501F680B2C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1DECC78F-4579-4B6A-B4CA-4A4102B1F4EE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{1F51B874-C061-43DA-ADDD-6FC81646A7F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F8A2EDB-AD4C-48E9-8FD6-95C9C5F912BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{22EE52EF-C2AA-4871-A14A-3EDD6822FF0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{2DEC0B17-E82E-4C3A-9393-55F50D587EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{2EA01679-A5BB-43C6-A9A9-3FC5E00BF97F}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{38306820-5691-4862-9C06-11BA08ED269D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{385BB579-8E89-4188-8B8F-488E3B0B42D8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{40F25EA6-B2D1-4244-A1B2-FDA9C51F524C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{416DFF77-5D8F-4EB0-B117-7254F21F1768}" = protocol=6 | dir=out | app=system | 
"{4377EDCB-EFD6-4F68-AF14-79DEB1B093E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4764E023-B81C-4ED3-8A74-25FE49CA366B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{49682710-7B59-4970-B69A-0AD196DA637B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4C227F96-4237-4069-BA5C-61824F85D807}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C566F24-1F77-4F7E-9B2A-A09A6E1BBDD6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{4C7A56C3-B0B0-466E-911A-06EF46342BCA}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe | 
"{4D37F240-74AF-4B2F-9FEC-8E306C7A655E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{4F61D0E1-7C66-4E00-A4AE-FD8245997048}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{563DE42C-FA31-4CAA-83E6-8440CD98FFD2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5C3986C7-A275-49DE-9BD8-3A9CC5A6B7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{5F3DFFA2-1F95-471B-BB95-16212902DDFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{64CE7BC5-53A8-4C35-A7D3-118C58CD5286}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{68D012D4-EC77-4722-B628-F96C7CEFA910}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{6B774879-3A14-44F2-A16B-88B9A340E1E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6CB74588-476F-40E4-936D-53B2AB371457}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{6E1202A1-8315-4788-9BB6-035C206EE951}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{75198A66-70C1-4128-BA36-5E9E007D668C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{75D02F41-5F26-4D97-9C55-40A83B1566CF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{7ADB45AD-022B-474B-8129-12D5522E5EA9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{7D52E935-95CE-4A8D-98B6-7BF9F493AEEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\counter-strike\hl.exe | 
"{7F8B91C0-CA76-46E4-A1EE-2FED8CB2BE17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7FC2A7B1-7646-4F6D-BE1B-0742B3B64DDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\counter-strike\hl.exe | 
"{7FEED177-8664-4D08-BFC3-AFC571021C9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{84CF5879-B40B-47FB-96B5-F78462163A7B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{873D9CDE-CCC0-4D36-BD12-FAD47F6B533E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88142BA3-7B75-4CBB-8B8D-0EB93E1585E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8E9C6E54-0DC7-4AA5-828C-A0071C05934A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{90A79170-E002-4EE6-95A5-F1BB8FC2BBE4}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{94434C26-1448-4B8A-8044-B593957808A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{953D439F-765F-494E-A2B5-FBBD285B82CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{9AC8D63F-49FD-4B8B-881B-AD71479312E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9F2CBEA9-F6E0-4004-955F-247903196534}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A5DBD9DE-F67B-4EC9-A570-8B614D30F988}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A9CC0F2A-5545-48D3-A1DA-6BFDC2DF7A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe | 
"{AF62CEBA-2114-4959-B847-B3A225AD8EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{AF92B122-BC71-4CB2-A1EC-48C2486A3D27}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AFC9D55A-F513-46B4-A00C-F7D1CBB7BB51}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{B0AEAE3F-0F78-4BF4-94DD-15296BCA2A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{B4E06326-5D8D-4D3D-B8FA-8DFA1CC4B64B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B9FD189F-C4AB-4E31-919B-E3CB9AA5EF8A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{BA1E0A5D-9A38-4F27-8734-58CBB7223921}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{C79F3D64-D5ED-415E-8CAC-35A7C5057251}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{CB5F2B29-43AA-4FE2-8146-50EA06ED5F7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{CC86ECB0-DC4B-4350-967F-8A1B69B445BA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{CD732F82-EA33-42BA-958D-CC3BA86559DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D1B75B1C-DB22-4A24-912A-D352BA54D669}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe | 
"{D7862D59-C2BF-42E1-89EC-4B2B7920DA37}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{D8228A9D-5651-4515-A4E1-18D585B6C5AE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{D8909193-565D-418F-B443-4E6E530D72DE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{E1713D19-A052-4DDF-B509-01D90FC85B39}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E190C9C8-AA75-4B8C-8E19-54FF669CA775}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{E4B72983-D2B5-4561-B9CF-76366D5998F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5CF9753-F3E6-4B36-A167-A9E352B953FC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{E7D8D36F-F577-4413-B8D7-C09F30187A68}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{EA78ED9E-7028-4749-9F8F-154475A4A8E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{ED96ADED-92DF-4C35-8BA2-93041AC7E730}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{EDF229CB-26F4-402B-A241-11AC4BD39994}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F733AF3C-2149-42A2-BEF4-A536999C66AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F9BEC370-8756-4966-B98B-1B6DD8863FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{FC80EB70-127E-4964-868B-550095424FB4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{02EC41FD-6434-4D47-9251-3574A2D8AC10}C:\users\fab\desktop\ibot neuesaktu\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot neuesaktu\ibot.exe | 
"TCP Query User{180F4CDE-D0E6-4FE6-A744-12A97C0DDB82}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe | 
"TCP Query User{186D5C6B-08CA-40F4-B3C6-DFB6355886F9}C:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe | 
"TCP Query User{19FA06A6-7EA0-4BF5-9A94-033E8A10BDFC}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe | 
"TCP Query User{254F1699-BDD7-4122-BBEF-2E6EB28CCE15}C:\users\fab\desktop\remotevolumecontrol.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\remotevolumecontrol.exe | 
"TCP Query User{265C4279-8513-4F61-83C4-2D428E3F9694}C:\users\fab\desktop\agbot.package\nuconnector1.5.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.5.exe | 
"TCP Query User{29F09BA2-03FE-41E3-B8F0-C8E5117966DD}C:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe | 
"TCP Query User{360102C7-ADFE-41FA-AC1B-592B28EB6965}C:\users\fab\desktop\ibot 13\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot 13\ibot.exe | 
"TCP Query User{397E11B9-713D-4FB8-9AA7-E30CE9DAE587}C:\users\fab\desktop\sro_l7_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\sro_l7_full_client_downloader.exe | 
"TCP Query User{4261E750-B22B-432C-A586-E1DD4BC6D4B3}C:\users\fab\desktop\ibot1.16\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.16\ibot.exe | 
"TCP Query User{4AC25604-EE34-48F9-92C5-8DB18A8FFBF6}C:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe | 
"TCP Query User{5364CCD5-942C-45E0-AFD4-E3527413D92C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{58E1807B-2D0E-4F5F-BDEC-1638E39588F2}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe | 
"TCP Query User{7016029C-CA4B-4717-8F5B-46E773F00E82}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"TCP Query User{833DA657-F368-49D9-8ACD-37526A312ECB}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{8CBE8C06-B119-4392-9CFD-40C5007947CF}C:\users\fab\desktop\ibot1.1.41\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.1.41\ibot.exe | 
"TCP Query User{8D6C454B-1E36-4549-98F6-E8B0F3E2CCAC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{9496B09A-C614-4EAD-B854-63BB23D97453}C:\program files (x86)\remote mouse\server\server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe | 
"TCP Query User{96A9022F-8DF6-447F-9A67-ECD4AA6335BE}C:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe | 
"TCP Query User{9DFB931E-1C7B-44A3-B705-2422B384F580}C:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe | 
"TCP Query User{AB7EDAB9-9C0E-4CE0-975C-9B2D62CCFB84}C:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe" = protocol=6 | dir=in | app=c:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe | 
"TCP Query User{AE493C6E-835F-4B33-9A3C-E3C790017511}C:\users\fab\desktop\agbot.package\nuconnector1.3.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.3.exe | 
"TCP Query User{C8CACC9F-3DC6-49C2-8217-C25523EFA949}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"TCP Query User{CACB0CAC-74D0-4A9B-AF1F-90DA9DAF6442}C:\users\fab\desktop\ibot\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot\ibot.exe | 
"TCP Query User{DEDC8EFA-2309-4AB3-AD62-F4AE9213FD98}C:\users\fab\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{E69B075C-2517-4878-9F27-CB3130FE9630}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe | 
"TCP Query User{E6FC5A01-738C-43AD-84AC-AA40793B61AD}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 
"TCP Query User{E92686C1-2B94-45F5-BF14-72CBC81B8D02}C:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe | 
"TCP Query User{EC969529-1FDB-4411-BC54-950829EBE66C}C:\users\fab\downloads\sro_l8_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\fab\downloads\sro_l8_full_client_downloader.exe | 
"TCP Query User{EE5360FB-5A16-4363-962D-401FCC0B7CF8}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{F4DE1879-0BBD-47F4-83BC-1053DBF142A3}C:\users\fab\desktop\ibot1.19neustemomen\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.19neustemomen\ibot.exe | 
"TCP Query User{FA17EBC4-A2DA-418F-9F75-0C1C1AFD6DE8}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{FB711252-9C33-454C-AA34-1E60703E5CC3}C:\users\fab\desktop\gunblade-dlm.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\gunblade-dlm.exe | 
"UDP Query User{003BEF24-FF28-431B-BF90-3AF2C4EE2E4B}C:\users\fab\desktop\agbot.package\nuconnector1.5.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.5.exe | 
"UDP Query User{14058421-C4C2-4043-B4D5-A3051E3A381B}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe | 
"UDP Query User{1C607A23-4F2D-471B-A6CD-BFA3063F205F}C:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe | 
"UDP Query User{2A9A22E5-9A37-492E-9504-4A66E3817AFB}C:\program files (x86)\remote mouse\server\server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe | 
"UDP Query User{304F0CBE-33AA-4FBD-8905-945767F6A003}C:\users\fab\desktop\ibot neuesaktu\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot neuesaktu\ibot.exe | 
"UDP Query User{46FC53D3-94F7-44BC-A6FB-CF2DF93B2687}C:\users\fab\desktop\ibot1.19neustemomen\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.19neustemomen\ibot.exe | 
"UDP Query User{47EBB217-68F8-4A6E-ADB4-F104569E08EF}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"UDP Query User{4C57B7D2-E759-46FC-A269-8366FA072B54}C:\users\fab\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{583D3BC1-DED6-4724-B647-01D4237DA918}C:\users\fab\desktop\sro_l7_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\sro_l7_full_client_downloader.exe | 
"UDP Query User{5A5D7C04-C593-425F-A1CA-B7B7A8E77900}C:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe | 
"UDP Query User{5AD7CE38-FDB9-491F-94A4-8115B9C1FA54}C:\users\fab\desktop\ibot1.1.41\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.1.41\ibot.exe | 
"UDP Query User{6D130F13-9607-4588-81A8-EE963CA79A52}C:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe | 
"UDP Query User{73CA9FC0-97BF-4DE2-B87C-CF951C63A6B2}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe | 
"UDP Query User{75E6717A-00FC-4E60-A894-E659AB4DD2F5}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{7DEFCA12-A216-44B1-964C-688C60D81A0E}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 
"UDP Query User{8F01742C-B5E9-4F1F-ABEA-A9AAF657A749}C:\users\fab\desktop\agbot.package\nuconnector1.3.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.3.exe | 
"UDP Query User{90BBCE7C-65DB-4D67-8015-504CF4660BAD}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe | 
"UDP Query User{99B5D779-0EB7-41F3-9622-F0D73971349A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{9E97F6CC-26DA-4AD2-886B-E2F87F1516BD}C:\users\fab\desktop\remotevolumecontrol.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\remotevolumecontrol.exe | 
"UDP Query User{A6F5E34F-B467-4740-985B-43525ADB877E}C:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe" = protocol=17 | dir=in | app=c:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe | 
"UDP Query User{A973F2B1-824F-4871-BA58-A50267AEBEE6}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe | 
"UDP Query User{AF1FF237-AA74-4520-BBD7-50B5E097D43E}C:\users\fab\desktop\ibot 13\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot 13\ibot.exe | 
"UDP Query User{C63538EF-A25B-4C5B-9401-B2327455306B}C:\users\fab\desktop\ibot\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot\ibot.exe | 
"UDP Query User{C95F16B5-125A-4EE5-BBEF-3E6663590AC9}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{D60028DB-70B4-43B5-BFC9-929BCEF5003E}C:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe | 
"UDP Query User{D6E22DED-1CE4-4FFB-94ED-CA4FD9810C77}C:\users\fab\downloads\sro_l8_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\fab\downloads\sro_l8_full_client_downloader.exe | 
"UDP Query User{E0C6DE29-8E54-4221-80F2-F1FE4BA7A969}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{E90F21D2-7515-45C4-B370-131E72C6A784}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{EA06166C-0A6B-4FED-9BD1-12549902A997}C:\users\fab\desktop\ibot1.16\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.16\ibot.exe | 
"UDP Query User{F51E0B3D-303E-46C9-AC75-D002C5A06D98}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{F6E293D4-D798-404D-9331-17F2D59A5037}C:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe | 
"UDP Query User{FCF14D18-C50A-4D07-9970-BDCF60C14EF2}C:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe | 
"UDP Query User{FEBBA1AD-5FE6-4FA2-AE19-7D5BA80EF5AA}C:\users\fab\desktop\gunblade-dlm.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\gunblade-dlm.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.04
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0908.01
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.2
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse version 1.09
"{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA4BF139-4D09-462E-B4AF-E89C640224C0}" = Quake Live Internet Explorer Plugin
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"DAEMON Tools Lite" = DAEMON Tools Lite
"DiskAid_is1" = DiskAid 5.08
"DivX Setup" = DivX-Setup
"DriverCD" = DriverCD
"Eden Eternal" = Eden Eternal
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Free YouTube Download_is1" = Free YouTube Download version 3.0.17.1117
"G.O.M" = G.O.M
"Guild Wars" = GUILD WARS
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Opera 12.00.1467" = Opera 12.00
"paw·ned²" = paw·ned² v1.3
"PunkBusterSvc" = PunkBuster Services
"Silkroad" = Silkroad
"Steam App 10" = Counter-Strike
"Steam App 113400" = APB Reloaded
"Steam App 200210" = Realm of the Mad God
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Steam App 99900" = Spiral Knights
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP Infium" = QIP Infium 3.0.9042
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei -- 
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248456 angegeben.
 Der Rückgabecode von ReadEventLog ist 8.
 
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei -- 
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248472 angegeben.
 Der Rückgabecode von ReadEventLog ist 8.
 
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei -- 
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248344 angegeben.
 Der Rückgabecode von ReadEventLog ist 8.
 
Error - 15.06.2012 13:31:58 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: app.n3app, Version: 0.0.0.0, Zeitstempel:
 0x4fd8b9f9  Name des fehlerhaften Moduls: app.n3app, Version: 0.0.0.0, Zeitstempel:
 0x4fd8b9f9  Ausnahmecode: 0x40000015  Fehleroffset: 0x005dff0a  ID des fehlerhaften Prozesses:
 0x11f4  Startzeit der fehlerhaften Anwendung: 0x01cd4b1b62acf8e7  Pfad der fehlerhaften
 Anwendung: C:\Users\Fab\AppData\Local\Temp\DSOClient\app.n3app  Pfad des fehlerhaften
 Moduls: C:\Users\Fab\AppData\Local\Temp\DSOClient\app.n3app  Berichtskennung: 01b8d1a8-b710-11e1-9120-00241d2232b9
 
Error - 17.06.2012 21:45:59 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
 0x4fd10cda  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00425cd2  ID des fehlerhaften Prozesses:
 0x13bc  Startzeit der fehlerhaften Anwendung: 0x01cd4cee65b87207  Pfad der fehlerhaften
 Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
 des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\fabiggen\team fortress
 2\tf\bin\client.dll  Berichtskennung: 5a1a16ed-b8e7-11e1-a634-00241d2232b9
 
Error - 18.06.2012 14:47:42 | Computer Name = FAB | Source = Application Hang | ID = 1002
Description = Programm UNKNOWN, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: dd8    Startzeit: 
01cd4d7fb4c985b9    Endzeit: 920    Anwendungspfad: UNKNOWN    Berichts-ID: 0fa1d30a-b976-11e1-a634-00241d2232b9

 
Error - 18.06.2012 15:11:53 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4fd10baa  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6a2de3c9
ID
 des fehlerhaften Prozesses: 0x1710  Startzeit der fehlerhaften Anwendung: 0x01cd4d82000e2711
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team
 fortress 2\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 76078f3c-b979-11e1-a634-00241d2232b9
 
Error - 18.06.2012 16:05:58 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
 0x4fd10cda  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00425cd2  ID des fehlerhaften Prozesses:
 0x11cc  Startzeit der fehlerhaften Anwendung: 0x01cd4d868cd2cff2  Pfad der fehlerhaften
 Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
 des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\fabiggen\team fortress
 2\tf\bin\client.dll  Berichtskennung: 044e84d4-b981-11e1-a634-00241d2232b9
 
Error - 18.06.2012 16:58:50 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: QuickTime.qts, Version: 7.71.80.42, Zeitstempel:
 0x4ea5d656  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001ae14  ID des fehlerhaften Prozesses:
 0xe7c  Startzeit der fehlerhaften Anwendung: 0x01cd4d9523bd6df7  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
Berichtskennung:
 676c3506-b988-11e1-8e46-00241d2232b9
 
Error - 18.06.2012 18:29:23 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd10b64  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4fd10baa  Ausnahmecode: 0xc0000005  Fehleroffset: 0x67e3e3c9
ID
 des fehlerhaften Prozesses: 0x130c  Startzeit der fehlerhaften Anwendung: 0x01cd4da0da41c80e
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team
 fortress 2\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 0d38cf2c-b995-11e1-8e46-00241d2232b9
 
[ System Events ]
Error - 19.06.2012 08:35:23 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = SNMP | ID = 16713180
Description = Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration
 ist ein Fehler aufgetreten.
 
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
 werden. Zusätzliche Daten: Fehlerwert: 2147549183.
 
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:36:22 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:36:39 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:37:06 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 08:37:06 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 09:12:02 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 19.06.2012 09:12:23 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
 
< End of report >
         
--- --- ---



Hijackthis LOG:


HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:43:39, on 19.06.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Fab\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Fab\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Internet Explorer.lnk = C:\Program Files (x86)\Internet Explorer\iexplore.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM Service - Unknown owner - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9380 bytes
         
--- --- ---



Super Anti Spyware Logs:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/21/2012 at 12:56 PM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Complete Scan
Total Scan Time : 00:10:25

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 839
Memory threats detected : 0
Registry items scanned : 66166
Registry threats detected : 0
File items scanned : 9540
File threats detected : 13

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\X0KWUPYL.txt [ /adtech.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\R5B0WU9L.txt [ /ads.creative-serving.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\J0Q9W314.txt [ /doubleclick.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\IAFDSU0E.txt [ /nextag.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\DGTR8UQJ.txt [ /overture.com ]
C:\USERS\FAB\Cookies\X0KWUPYL.txt [ Cookie:fab@adtech.de/ ]
C:\USERS\FAB\Cookies\J0Q9W314.txt [ Cookie:fab@doubleclick.net/ ]
C:\USERS\FAB\Cookies\IAFDSU0E.txt [ Cookie:fab@nextag.de/ ]
C:\USERS\FAB\Cookies\DGTR8UQJ.txt [ Cookie:fab@overture.com/ ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\BPZ7AME3.txt [ /find.safeseeking.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HAA0QI0W.txt [ /click.get-answers-fast.com ]
C:\USERS\FAB\Cookies\BPZ7AME3.txt [ Cookie:fab@find.safeseeking.com/ ]
C:\USERS\FAB\Cookies\HAA0QI0W.txt [ Cookie:fab@click.get-answers-fast.com/ads-clicktrack/click/ ]




NR 2


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/21/2012 at 03:42 AM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Complete Scan
Total Scan Time : 01:11:16

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 887
Memory threats detected : 0
Registry items scanned : 66312
Registry threats detected : 0
File items scanned : 97496
File threats detected : 17

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\BENLAHXH.txt [ /unitymedia.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\OSUXMJNC.txt [ /tracking.quisma.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\KPKOF9KE.txt [ /ad.yieldmanager.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\2X2JB7N1.txt [ /adtech.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\9VOJXJAA.txt [ /adfarm1.adition.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\1PD7DNRT.txt [ /doubleclick.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\XPMCY3CS.txt [ /xml.trafficno.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\6FMFEULI.txt [ /overture.com ]
C:\USERS\FAB\Cookies\BENLAHXH.txt [ Cookie:fab@unitymedia.de/ ]
C:\USERS\FAB\Cookies\OSUXMJNC.txt [ Cookie:fab@tracking.quisma.com/ ]
C:\USERS\FAB\Cookies\2X2JB7N1.txt [ Cookie:fab@adtech.de/ ]
C:\USERS\FAB\Cookies\1PD7DNRT.txt [ Cookie:fab@doubleclick.net/ ]
C:\USERS\FAB\Cookies\6FMFEULI.txt [ Cookie:fab@overture.com/ ]

PUP.MyWebSearch
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01U5W93L\api[2].htm [ cache:mywebsearch.com ]
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01U5W93L\api[3].htm [ cache:mywebsearch.com ]
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3E27O6YM\api[2].htm [ cache:mywebsearch.com ]
C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6UK21F7\api[1].htm [ cache:mywebsearch.com ]






Nr 3




SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/20/2012 at 04:40 PM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Custom Scan
Total Scan Time : 00:13:20

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 895
Memory threats detected : 0
Registry items scanned : 66282
Registry threats detected : 0
File items scanned : 7427
File threats detected : 42

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\6PC2B5SS.txt [ /traffictrack.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\TYMTHD69.txt [ /ads.bleepingcomputer.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\DD560O3Z.txt [ /mm.chitika.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\H5GC1A3D.txt [ /mediaplex.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\4ICSKNBG.txt [ /at.atwola.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\4JDY54JE.txt [ /ru4.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EBPQXRYF.txt [ /kaspersky.122.2o7.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HMT1VKCJ.txt [ /kontera.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\V75N6P28.txt [ /atdmt.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LRRS5APJ.txt [ /ad.yieldmanager.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5ML59VHB.txt [ /lucidmedia.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\RVZWAWZB.txt [ /c.atdmt.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\IUEHJVQ4.txt [ /www.traffictrack.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\WQUJ46J7.txt [ /247realmedia.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\3WXSENB5.txt [ /doubleclick.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\1OH8RXFV.txt [ /apmebf.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\R1PHNFTF.txt [ /advertising.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\Y5PAYXJH.txt [ /tracking.3gnet.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LVRKYT79.txt [ /serving-sys.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EPB71HKS.txt [ /adbrite.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\SUXFQZIS.txt [ /www.googleadservices.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\A77HX2ZV.txt [ /invitemedia.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5EG5BUIH.txt [ /ad.360yield.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5R6XKKH3.txt [ /media6degrees.com ]
C:\USERS\FAB\Cookies\6PC2B5SS.txt [ Cookie:fab@traffictrack.de/ ]
C:\USERS\FAB\Cookies\H5GC1A3D.txt [ Cookie:fab@mediaplex.com/ ]
C:\USERS\FAB\Cookies\4ICSKNBG.txt [ Cookie:fab@at.atwola.com/ ]
C:\USERS\FAB\Cookies\4JDY54JE.txt [ Cookie:fab@ru4.com/ ]
C:\USERS\FAB\Cookies\EBPQXRYF.txt [ Cookie:fab@kaspersky.122.2o7.net/ ]
C:\USERS\FAB\Cookies\HMT1VKCJ.txt [ Cookie:fab@kontera.com/ ]
C:\USERS\FAB\Cookies\V75N6P28.txt [ Cookie:fab@atdmt.com/ ]
C:\USERS\FAB\Cookies\5ML59VHB.txt [ Cookie:fab@lucidmedia.com/ ]
C:\USERS\FAB\Cookies\RVZWAWZB.txt [ Cookie:fab@c.atdmt.com/ ]
C:\USERS\FAB\Cookies\IUEHJVQ4.txt [ Cookie:fab@www.traffictrack.de/ ]
C:\USERS\FAB\Cookies\WQUJ46J7.txt [ Cookie:fab@247realmedia.com/ ]
C:\USERS\FAB\Cookies\3WXSENB5.txt [ Cookie:fab@doubleclick.net/ ]
C:\USERS\FAB\Cookies\1OH8RXFV.txt [ Cookie:fab@apmebf.com/ ]
C:\USERS\FAB\Cookies\R1PHNFTF.txt [ Cookie:fab@advertising.com/ ]
C:\USERS\FAB\Cookies\Y5PAYXJH.txt [ Cookie:fab@tracking.3gnet.de/ ]
C:\USERS\FAB\Cookies\LVRKYT79.txt [ Cookie:fab@serving-sys.com/ ]
C:\USERS\FAB\Cookies\EPB71HKS.txt [ Cookie:fab@adbrite.com/ ]
C:\USERS\FAB\Cookies\A77HX2ZV.txt [ Cookie:fab@invitemedia.com/ ]


NR 4


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/20/2012 at 02:48 AM

Application Version : 5.1.1002

Core Rules Database Version : 8761
Trace Rules Database Version: 6573

Scan type : Complete Scan
Total Scan Time : 01:22:02

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 842
Memory threats detected : 0
Registry items scanned : 66217
Registry threats detected : 0
File items scanned : 95542
File threats detected : 3

Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\QGWPO1R8.txt [ /adtech.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\3UTKQ21H.txt [ /adfarm1.adition.com ]
C:\USERS\FAB\Cookies\QGWPO1R8.txt [ Cookie:fab@adtech.de/ ]



Es tut mir wirklich leid euch mit soviel zu belästigen.

Ich glaube ich habe alles falsch gemacht was man überhaupt falschmachen kann...

Ich habe nämlich TDSS Killer benutzt und die roten sachen gelöscht war das sehr schlimm? XD ^^

Es wäre nett wenn mir jemand helfen könnte .

Geändert von cosinus (24.06.2012 um 18:32 Uhr) Grund: Bild zu Link

Alt 24.06.2012, 18:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Zitat:
vor ein paar tagen habe ich dummerweise eine exe datei heruntergeladen und ausgeführt... Darin muss sich einiges versteckt haben.
geht das auch konkreter? Dateiname, Sinn, Zweck und Quelle dieser exe Datei?

Die Logs von Malwarebytes bitte in Textform posten! So ein riesiges Bild von Malwarebytes ist sinnfrei, die anderen Logs hast du doch auch normal gepostet!
Ich mach aus dem riesigen Bild mal nur einen normalen Link.
__________________

__________________

Alt 25.06.2012, 16:23   #3
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Ja die datei war eine exe datei die einen x box 360 controller emulieren sollte habe nur einen speedlink die datei hiess x360ce is aber irrelevant da sie nicht das gewünschte programm war sondern sich nach dem doppelklick in luft auflöste ...
ich habe die datei bei google gesucht dann in google auf einen link geklickt und schon kam der download

Ja die Malware logs zeigen alle 0 funde an ... komisch
__________________

Alt 25.06.2012, 19:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Du solltest alle Logs von Malwarebytes in Textform posten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.06.2012, 13:21   #5
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Ok Sorry hier sind alle von alt nach neu geordnet

und ich sehe grade das im task manager ganz of opera_plugin_wrapper.exe*32 geöffnet ist das war voher nicht der prozess ist mehr als 30 mal geöffnet


MBAM LOGS:

nr 1

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6822

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10.06.2011 04:07:42
mbam-log-2011-06-10 (04-07-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|)
Durchsuchte Objekte: 299117
Laufzeit: 1 Stunde(n), 13 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\Windows\SysWOW64\CML.exe (Backdoor.Agent) -> 852 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray2 (Backdoor.Agent) -> Value: tray2 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\SysWOW64\CML.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\CML.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Users\Fab\Desktop\agbot.package\agBot.exe (Trojan.Scar) -> Quarantined and deleted successfully.
c:\Users\Fab\Desktop\agbot.package\nuconnector9.26.exe (Trojan.Scar) -> Quarantined and deleted successfully.




nr 2


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8209

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.12.2011 18:38:39
mbam-log-2011-12-07 (18-38-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 20851
Laufzeit: 18 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Fab\AppData\Local\Temp\0.4891385984227795.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Local\Temp\0.6793807639939748.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Local\Temp\0.840330846978053.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Local\Temp\dwme.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


nr 3



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8209

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.12.2011 21:00:30
mbam-log-2011-12-07 (21-00-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|)
Durchsuchte Objekte: 337375
Laufzeit: 1 Stunde(n), 59 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XbbbF4m5QJ6dE8R8234A (Trojan.FakeAlert.CLGen) -> Value: XbbbF4m5QJ6dE8R8234A -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



nr 4



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8329

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.12.2011 21:23:50
mbam-log-2011-12-07 (21-23-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 20637
Laufzeit: 15 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Fab\AppData\Roaming\microsoft\Windows\start menu\Programs\cloud av 2012 (Rogue.CloudAV2012) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\Fab\AppData\Roaming\ahst.lni (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Fab\AppData\Roaming\microsoft\Windows\start menu\Programs\cloud av 2012\cloud av 2012.lnk (Rogue.CloudAV2012) -> Quarantined and deleted successfully.



nr 5


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.20.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

Schutz: Aktiviert

20.01.2012 17:50:53
mbam-log-2012-01-20 (17-50-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345500
Laufzeit: 1 Stunde(n), 27 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray3 (Trojan.Agent) -> Daten: C:\Windows\system32\RecvMessage.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\System32\RecvMessage.exe (Trojan.Agent) -> Löschen bei Neustart.

(Ende)



nr 6

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

Schutz: Aktiviert

27.02.2012 22:05:23
mbam-log-2012-02-27 (22-05-23).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 1
Laufzeit: 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Fab\Downloads\kool_savas__kool_savas__aura__2011_itunes__deluxe_edition___bonus.exe (PUP.BundleInstaller.MG) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



nr 7


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.19.01

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

19.06.2012 02:13:19
mbam-log-2012-06-19 (02-13-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 433060
Laufzeit: 1 Stunde(n), 25 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\TDSSKiller_Quarantine\19.06.2012_01.56.59\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



nr 8 is alles clean

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fab :: FAB [Administrator]

22.06.2012 08:47:07
mbam-log-2012-06-22 (08-47-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426910
Laufzeit: 3 Stunde(n), 4 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Geändert von danke (27.06.2012 um 13:27 Uhr)

Alt 28.06.2012, 09:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________
--> Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt

Alt 28.06.2012, 21:56   #7
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



oh da is wohl was durch java gekommen



ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=54bc3c8726ca0140bfc455ac965c2838
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 05:03:37
# local_time=2012-06-28 07:03:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 38945570 92522711 0 0
# compatibility_mode=8192 67108863 100 0 753176 753176 0 0
# scanned=227176
# found=3
# cleaned=0
# scan_time=10157
C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\63353b17-556bb6e2 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\510abf60-34023288 Java/TrojanDownloader.Agent.NDR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\fd299c9-7fe2b229 multiple threats (unable to clean) 00000000000000000000000000000000 I

Alt 29.06.2012, 12:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.06.2012, 14:01   #9
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.06.2012 14:34:53 - Run 2
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Fab\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 58,98% Memory free
11,90 Gb Paging File | 9,95 Gb Available in Paging File | 83,62% Paging File free
Paging file location(s): c:\pagefile.sys 8096 8099 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 21,73 Gb Free Space | 9,33% Space Free | Partition Type: NTFS
 
Computer Name: FAB | User Name: Fab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fab\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (usj) -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys ()
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (sj) -- C:\AeriaGames\EdenEternal\sjcs64.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 58 E5 F8 49 05 CD 01  [binary data]
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.9.development.4
FF - prefs.js..extensions.enabledItems: langpack-de@firefox.mozilla.org:3.6.1064
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:   File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.12 17:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.13 12:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 14:11:11 | 000,000,000 | ---D | M]
 
[2011.03.29 23:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Extensions
[2012.02.13 12:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Firefox\Profiles\jiwpuw59.default\extensions
[2012.06.26 16:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 14:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.06.26 16:23:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.04.12 17:26:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.02.08 22:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Fab\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.81_0\
CHR - Extension: FB Photo Zoom = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\
CHR - Extension: AdBlock = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E17A54-41E4-4FF1-B193-3EABAC8DBA41}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: iCloudServices - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: 39480465.sys - Driver
SafeBootMin:64bit: 95626647.sys - Driver
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin: 39480465.sys - Driver
SafeBootMin: 95626647.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: 39480465.sys - Driver
SafeBootNet:64bit: 95626647.sys - Driver
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootNet: 39480465.sys - Driver
SafeBootNet: 95626647.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 14:20:17 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.28 06:01:44 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
[2012.06.28 06:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drakensang Online
[2012.06.21 12:57:16 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fab\Desktop\TDSSKiller.exe
[2012.06.21 00:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.06.21 00:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.20 04:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.06.20 04:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.06.20 04:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.06.20 04:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.06.20 03:19:37 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\f-secure
[2012.06.20 03:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.06.20 03:05:50 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\QuickScan
[2012.06.20 03:05:03 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2012.06.20 03:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012.06.20 02:29:57 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\osam
[2012.06.20 01:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.20 01:39:33 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\Fab\Desktop\ccsetup319.exe
[2012.06.19 23:12:07 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.19 23:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.19 23:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.19 23:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.19 23:11:12 | 017,937,032 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Fab\Desktop\SUPERAntiSpyware.exe
[2012.06.19 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.19 22:43:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fab\Desktop\HijackThis.exe
[2012.06.19 14:53:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 02:12:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.19 02:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.19 01:58:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.18 23:05:55 | 001,342,120 | ---- | C] (TocaEdit) -- C:\Users\Fab\Desktop\x360ce.exe
[2012.06.14 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silkroad
[2012.06.14 01:27:52 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\ibot1.1.41
[2012.06.13 02:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Agbot.Package
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 14:41:31 | 000,027,268 | ---- | M] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.29 14:41:31 | 000,006,355 | ---- | M] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.29 14:41:31 | 000,005,224 | ---- | M] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.29 14:35:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 14:35:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 14:30:31 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.29 14:30:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 14:30:20 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 14:20:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe
[2012.06.28 06:01:44 | 000,001,972 | ---- | M] () -- C:\Users\Fab\Desktop\Drakensang Online.lnk
[2012.06.22 08:31:36 | 001,648,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.22 08:31:36 | 000,709,428 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.22 08:31:36 | 000,663,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.22 08:31:36 | 000,153,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.22 08:31:36 | 000,126,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.22 08:30:28 | 000,094,909 | ---- | M] () -- C:\Users\Fab\Desktop\Zeugnis Fabian Dietrich.pdf
[2012.06.22 08:28:42 | 000,000,005 | ---- | M] () -- C:\Users\Fab\AppData\Roaming\mbam.context.scan
[2012.06.21 15:57:30 | 000,834,855 | ---- | M] () -- C:\Users\Fab\Desktop\Clipboarder.2012.06.21.png
[2012.06.21 12:57:42 | 002,109,806 | ---- | M] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.21 00:45:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.21 00:45:43 | 001,669,766 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.21 00:30:46 | 000,294,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.20 21:11:20 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fab\Desktop\TDSSKiller.exe
[2012.06.20 10:44:20 | 005,745,269 | ---- | M] () -- C:\Users\Fab\AppData\Local\census.cache
[2012.06.20 10:38:42 | 000,102,417 | ---- | M] () -- C:\Users\Fab\AppData\Local\ars.cache
[2012.06.20 05:09:53 | 001,294,411 | ---- | M] () -- C:\Windows\umcat_01.db
[2012.06.20 04:13:02 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.20 04:13:02 | 000,002,154 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.20 03:10:18 | 000,000,036 | ---- | M] () -- C:\Users\Fab\AppData\Local\housecall.guid.cache
[2012.06.20 02:29:01 | 004,272,474 | ---- | M] () -- C:\Users\Fab\Desktop\osam_autorun_manager_5_0_portable.rar
[2012.06.20 01:56:29 | 000,112,660 | ---- | M] () -- C:\Users\Fab\Documents\cc_20120620_015600.reg
[2012.06.20 01:41:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.20 01:39:34 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\Fab\Desktop\ccsetup319.exe
[2012.06.19 23:11:40 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.19 23:11:22 | 017,937,032 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Fab\Desktop\SUPERAntiSpyware.exe
[2012.06.19 22:43:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Fab\Desktop\HijackThis.exe
[2012.06.19 21:40:26 | 000,000,512 | ---- | M] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 14:53:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe
[2012.06.19 02:12:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:06:36 | 000,002,900 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:36:20 | 000,090,733 | ---- | M] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | M] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | M] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.14 17:59:07 | 000,001,889 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | M] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.13 01:15:24 | 1308,044,538 | ---- | M] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.30 16:57:32 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.29 14:31:24 | 000,027,266 | ---- | C] () -- C:\Windows\SysWow64\jcsball.dat
[2012.06.29 14:31:24 | 000,006,355 | ---- | C] () -- C:\Windows\SysWow64\jcsb.new
[2012.06.29 14:31:24 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\jerror.dat
[2012.06.26 16:10:41 | 000,001,972 | ---- | C] () -- C:\Users\Fab\Desktop\Drakensang Online.lnk
[2012.06.22 08:30:28 | 000,094,909 | ---- | C] () -- C:\Users\Fab\Desktop\Zeugnis Fabian Dietrich.pdf
[2012.06.22 08:28:42 | 000,000,005 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\mbam.context.scan
[2012.06.21 15:57:45 | 000,834,855 | ---- | C] () -- C:\Users\Fab\Desktop\Clipboarder.2012.06.21.png
[2012.06.21 00:45:47 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.06.20 10:44:20 | 005,745,269 | ---- | C] () -- C:\Users\Fab\AppData\Local\census.cache
[2012.06.20 10:38:42 | 000,102,417 | ---- | C] () -- C:\Users\Fab\AppData\Local\ars.cache
[2012.06.20 05:09:13 | 001,294,411 | ---- | C] () -- C:\Windows\umcat_01.db
[2012.06.20 04:13:02 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.20 04:12:57 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.20 03:10:18 | 000,000,036 | ---- | C] () -- C:\Users\Fab\AppData\Local\housecall.guid.cache
[2012.06.20 02:29:01 | 004,272,474 | ---- | C] () -- C:\Users\Fab\Desktop\osam_autorun_manager_5_0_portable.rar
[2012.06.20 01:56:20 | 000,112,660 | ---- | C] () -- C:\Users\Fab\Documents\cc_20120620_015600.reg
[2012.06.20 01:41:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.19 23:11:40 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.19 21:40:26 | 000,000,512 | ---- | C] () -- C:\Users\Fab\Desktop\MBR.dat
[2012.06.19 06:19:42 | 002,109,806 | ---- | C] () -- C:\Users\Fab\Desktop\tdsskiller.zip
[2012.06.19 02:12:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.19 00:48:49 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\fkykjgjgph.job
[2012.06.19 00:48:48 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\fdBthk.dll
[2012.06.18 23:15:35 | 000,000,032 | R--- | C] () -- C:\Windows\hash.dat
[2012.06.18 23:05:55 | 000,002,900 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.ini
[2012.06.18 22:36:19 | 000,090,733 | ---- | C] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip
[2012.06.18 05:38:00 | 000,000,221 | ---- | C] () -- C:\Users\Fab\Desktop\Spiral Knights.url
[2012.06.18 01:29:13 | 000,000,219 | ---- | C] () -- C:\Users\Fab\Desktop\Team Fortress 2.url
[2012.06.14 17:59:07 | 000,001,889 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad.lnk
[2012.06.13 03:00:28 | 000,000,661 | ---- | C] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk
[2012.06.13 02:49:57 | 000,001,156 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk
[2012.06.12 21:12:42 | 1308,044,538 | ---- | C] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe
[2012.05.01 22:34:45 | 000,007,669 | ---- | C] () -- C:\Users\Fab\AppData\Local\Resmon.ResmonCfg
[2012.04.30 13:42:26 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.30 13:42:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.30 11:29:19 | 000,000,342 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Drives Meter_Settings.ini
[2012.04.30 11:10:13 | 000,000,352 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Network Meter_Settings.ini
[2012.04.30 11:08:34 | 000,000,422 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\All CPU Meter_Settings.ini
[2012.04.11 00:32:01 | 000,000,091 | ---- | C] () -- C:\Users\Fab\AppData\Local\fusioncache.dat
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.07 09:20:12 | 000,078,083 | ---- | C] () -- C:\Users\Fab\gw profi makro g 13.xml
[2012.02.26 23:35:14 | 000,000,406 | ---- | C] () -- C:\Windows\SysWow64\AutoClick.ini
[2012.02.13 12:43:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.01.28 19:26:51 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2011.11.11 20:37:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.11.11 20:34:55 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.10.24 18:12:17 | 000,040,023 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\UserTile.png
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.13 18:48:43 | 000,003,584 | ---- | C] () -- C:\Users\Fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.11 23:04:37 | 000,101,096 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.06.27 22:17:18 | 000,015,119 | ---- | C] () -- C:\Users\Fab\steiger hdm.jpg
[2011.06.08 17:14:43 | 000,000,136 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\1.gif
[2011.06.08 17:14:39 | 000,000,012 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\ct_start
[2011.05.14 20:02:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011.04.02 13:34:40 | 000,000,051 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\.dolphinx64wd
[2011.03.29 22:37:47 | 001,669,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.29 22:17:35 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.03.29 22:15:29 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\usetup.exe
[2011.03.29 22:14:27 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\CTray.exe
[2011.03.29 22:14:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\FlashDLL.dll
[2011.03.29 22:14:27 | 000,166,720 | ---- | C] () -- C:\Windows\SysWow64\DrvInfo.dll
[2011.03.29 22:14:27 | 000,154,432 | ---- | C] () -- C:\Windows\SysWow64\HwInfo.dll
[2011.03.29 22:14:27 | 000,146,240 | ---- | C] () -- C:\Windows\SysWow64\DTInfo.dll
[2011.03.29 22:14:27 | 000,133,952 | ---- | C] () -- C:\Windows\SysWow64\HWM.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SInfo.dll
[2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Rcontrolagent.dll
[2011.03.29 22:14:27 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\CmosDLL.dll
[2011.03.29 22:14:27 | 000,117,256 | ---- | C] () -- C:\Windows\SysWow64\ycc.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\MarkFunDrv.dll
[2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Flash.dll
[2011.03.29 22:14:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\GMail.dll
[2011.03.29 22:14:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\RecvMsgDLL.dll
[2011.03.29 22:14:27 | 000,101,184 | ---- | C] () -- C:\Windows\SysWow64\COM_ycc.dll
[2011.03.29 22:14:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\w83781d.dll
[2011.03.29 22:14:27 | 000,060,224 | ---- | C] () -- C:\Windows\SysWow64\HUADRV.DLL
[2011.03.29 22:14:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\FLASHFUN.DLL
[2011.03.29 22:14:27 | 000,047,936 | ---- | C] () -- C:\Windows\SysWow64\IOInfo.dll
[2011.03.29 22:14:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\GSCM2.dll
[2011.03.29 22:14:27 | 000,043,840 | ---- | C] () -- C:\Windows\SysWow64\SysConfig.dll
[2011.03.29 22:14:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DeviceID.dll
[2011.03.29 22:14:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\GSCM.dll
[2011.03.29 22:14:27 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\HWAgent.dll
[2011.03.29 22:14:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GCSVR.exe
[2011.03.29 22:14:27 | 000,004,303 | ---- | C] () -- C:\Windows\SysWow64\Mem.dat
[2011.03.29 22:14:27 | 000,000,660 | ---- | C] () -- C:\Windows\SysWow64\Cmos.dat
[2011.03.29 22:00:28 | 000,203,328 | ---- | C] () -- C:\Windows\GSetup.exe
[2011.03.29 22:00:28 | 000,000,027 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.03.29 16:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt
[2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes
[2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0
[2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite
[2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid
[2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft
[2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs
[2012.06.20 03:19:37 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\f-secure
[2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo
[2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9
[2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ
[2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON
[2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World
[2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org
[2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera
[2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0
[2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP
[2012.06.20 03:05:54 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QuickScan
[2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA
[2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production
[2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer
[2012.06.20 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client
[2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011
[2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent
[2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd
[2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj
[2012.06.29 14:30:31 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\fkykjgjgph.job
[2012.05.28 14:49:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.29 03:56:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Adobe
[2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt
[2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment
[2012.04.29 13:22:26 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Apple Computer
[2011.03.29 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ATI
[2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes
[2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0
[2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite
[2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid
[2011.04.14 20:27:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DivX
[2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft
[2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs
[2012.06.20 03:19:37 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\f-secure
[2011.10.19 17:37:29 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\FastStone
[2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo
[2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9
[2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ
[2011.03.29 21:31:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Identities
[2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON
[2011.03.29 22:29:14 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Macromedia
[2011.06.09 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Media Center Programs
[2012.04.27 12:41:46 | 000,000,000 | --SD | M] -- C:\Users\Fab\AppData\Roaming\Microsoft
[2012.04.12 01:49:35 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Mozilla
[2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World
[2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org
[2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera
[2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0
[2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP
[2012.06.20 03:05:54 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QuickScan
[2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA
[2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production
[2012.06.19 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\SUPERAntiSpyware.com
[2011.06.24 20:45:51 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\teamspeak2
[2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer
[2012.06.20 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client
[2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011
[2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent
[2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd
[2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Ventrilo
[2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj
[2011.12.29 02:39:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.02.29 03:55:51 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Fab\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.02.29 03:55:46 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Fab\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2011.09.02 20:25:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2011.09.02 20:25:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2011.09.02 20:25:21 | 000,008,854 | R--- | M] () -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: AHCIX86.SYS  >
[2008.05.27 07:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=15DA079FF09BE5FA6602041EE286DE80 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\7-Ser\XP\SBDrv\RAID7xx\x86\ahcix86.sys
[2008.05.27 07:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=15DA079FF09BE5FA6602041EE286DE80 -- C:\Users\Fab\ZZZZZZ\Chipset\7-Ser\XP\SBDrv\RAID7xx\x86\ahcix86.sys
[2007.08.08 03:54:32 | 000,123,392 | ---- | M] (Promise Technology, Inc.) MD5=DDD2E4A9AA3A57C510962B862663A3B6 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\RD790\XP2K\SBDrv\RAID\x86\ahcix86.sys
[2007.08.08 03:54:32 | 000,123,392 | ---- | M] (Promise Technology, Inc.) MD5=DDD2E4A9AA3A57C510962B862663A3B6 -- C:\Users\Fab\ZZZZZZ\Chipset\RD790\XP2K\SBDrv\RAID\x86\ahcix86.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007.08.08 03:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\RD790\Vista\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2007.08.08 03:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Users\Fab\ZZZZZZ\Chipset\RD790\Vista\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\Desktop\Usb stick alles\driver\BootDrv\SB750V\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\7-Ser\Vista\RAID\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\ZZZZZZ\BootDrv\SB750V\LH\ahcix86s.sys
[2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\ZZZZZZ\Chipset\7-Ser\Vista\RAID\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\fdBthk.dll
[2010.11.20 14:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
 
<           >

< End of report >
         
--- --- ---
[/code]

Alt 29.06.2012, 14:37   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Zitat:
-- C:\TDSSKiller_Quarantine
Die Logs vom TDSS-Killer müssen auch gepostet werden
Bitte nicht wild und v.a. nicht ohne Absprache alles einfach an Tools ausprobieren, du machst es dadurch nur noch schlimmer!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.06.2012, 15:32   #11
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



wie finde ich die logs ? und ich werde seit neustem von google bei suche wieder zu google weitergeleitet

Alt 29.06.2012, 23:36   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Siehste, sowas ist kontraproduktiv. Du spielst mit Tools ohne Anleitung rum ohne zu wissen was du da machst oder die Logs gespeichert sind. Deswegen seh ich das überhaupt nicht gerne wenn solche Spezialtools schon ausgeführt wurden, weil ich eine dafür eine ganz bestimmte defenierte Instruktion zu habe! Das wurde natürlich nicht von mir vorher erwähnt, nur poste ich das als Warnung und Hinweise jetzt für dich und evtl. Mitleser.

Ok wollen wir mal weiter machen, die Logs vom TDSS-Killer sind direkt auf C:
Bitte alles posten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.06.2012, 04:54   #13
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Hallo, Ich Entschuldige mich wegen dem rumgedocktore aber nachdem ich hier angemeldet war habe ich nichtmehr rumgedocktort.

Ich habe die logs als anhang beigefügt da es sonst viel zu viele zeichen sind Sorry.

Alt 01.07.2012, 15:19   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Sehr unübersichtlich, zudem hast du da leider ziemlich ohne echten Sinn und Verstand da drauflosgefixt

Bitte ein neues Log (im normalen Windows-Modus) mit dem TDSS-Killer machen und posten, lade das Tool bitte neu runter damit du wirklich eine aktuelle Version verwendest
Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.07.2012, 18:38   #15
danke
 
Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32  geblockt - Standard

Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt



Code:
ATTFilter
 19:35:33.0408 2972	TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
19:35:33.0447 2972	============================================================
19:35:33.0447 2972	Current date / time: 2012/07/01 19:35:33.0447
19:35:33.0447 2972	SystemInfo:
19:35:33.0447 2972	
19:35:33.0447 2972	OS Version: 6.1.7601 ServicePack: 1.0
19:35:33.0447 2972	Product type: Workstation
19:35:33.0447 2972	ComputerName: FAB
19:35:33.0447 2972	UserName: Fab
19:35:33.0447 2972	Windows directory: C:\Windows
19:35:33.0447 2972	System windows directory: C:\Windows
19:35:33.0447 2972	Running under WOW64
19:35:33.0447 2972	Processor architecture: Intel x64
19:35:33.0447 2972	Number of processors: 2
19:35:33.0447 2972	Page size: 0x1000
19:35:33.0447 2972	Boot type: Normal boot
19:35:33.0447 2972	============================================================
19:35:34.0345 2972	Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:35:34.0353 2972	Drive \Device\Harddisk1\DR1 - Size: 0x3C3D12000 (15.06 Gb), SectorSize: 0x200, Cylinders: 0x7AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:35:34.0361 2972	Drive \Device\Harddisk2\DR2 - Size: 0x3E800000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:35:34.0370 2972	============================================================
19:35:34.0370 2972	\Device\Harddisk0\DR0:
19:35:34.0378 2972	MBR partitions:
19:35:34.0378 2972	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:35:34.0378 2972	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192000
19:35:34.0378 2972	\Device\Harddisk1\DR1:
19:35:34.0379 2972	MBR partitions:
19:35:34.0379 2972	\Device\Harddisk2\DR2:
19:35:34.0380 2972	MBR partitions:
19:35:34.0380 2972	============================================================
19:35:34.0412 2972	C: <-> \Device\Harddisk0\DR0\Partition1
19:35:34.0420 2972	B: <-> \Device\Harddisk0\DR0\Partition0
19:35:34.0420 2972	============================================================
19:35:34.0420 2972	Initialize success
19:35:34.0420 2972	============================================================
19:35:49.0271 1588	============================================================
19:35:49.0271 1588	Scan started
19:35:49.0271 1588	Mode: Manual; SigCheck; TDLFS; 
19:35:49.0271 1588	============================================================
19:35:49.0579 1588	!SASCORE        (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:35:49.0707 1588	!SASCORE - ok
19:35:50.0129 1588	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:35:50.0177 1588	1394ohci - ok
19:35:50.0229 1588	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:35:50.0250 1588	ACPI - ok
19:35:50.0270 1588	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:35:50.0326 1588	AcpiPmi - ok
19:35:50.0445 1588	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:35:50.0461 1588	AdobeARMservice - ok
19:35:50.0512 1588	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:35:50.0540 1588	adp94xx - ok
19:35:50.0580 1588	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:35:50.0602 1588	adpahci - ok
19:35:50.0619 1588	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:35:50.0634 1588	adpu320 - ok
19:35:50.0675 1588	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:35:50.0772 1588	AeLookupSvc - ok
19:35:50.0840 1588	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:35:50.0906 1588	AFD - ok
19:35:50.0966 1588	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:35:50.0978 1588	agp440 - ok
19:35:51.0001 1588	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:35:51.0060 1588	ALG - ok
19:35:51.0084 1588	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:35:51.0095 1588	aliide - ok
19:35:51.0149 1588	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
19:35:51.0288 1588	AMD External Events Utility - ok
19:35:51.0383 1588	AMD FUEL Service - ok
19:35:51.0432 1588	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:35:51.0443 1588	amdide - ok
19:35:51.0472 1588	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:35:51.0924 1588	amdiox64 - ok
19:35:52.0192 1588	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:35:52.0210 1588	AmdK8 - ok
19:35:52.0584 1588	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:52.0877 1588	amdkmdag - ok
19:35:53.0007 1588	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
19:35:53.0039 1588	amdkmdap - ok
19:35:53.0055 1588	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:35:53.0070 1588	AmdPPM - ok
19:35:53.0129 1588	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:35:53.0156 1588	amdsata - ok
19:35:53.0185 1588	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:35:53.0210 1588	amdsbs - ok
19:35:53.0251 1588	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:35:53.0261 1588	amdxata - ok
19:35:53.0373 1588	AODDriver4.0    (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:35:53.0388 1588	AODDriver4.0 - ok
19:35:53.0447 1588	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:35:53.0713 1588	AppID - ok
19:35:53.0731 1588	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:35:53.0767 1588	AppIDSvc - ok
19:35:53.0827 1588	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:35:53.0861 1588	Appinfo - ok
19:35:53.0976 1588	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:35:53.0993 1588	Apple Mobile Device - ok
19:35:54.0030 1588	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:35:54.0090 1588	AppMgmt - ok
19:35:54.0125 1588	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:35:54.0142 1588	arc - ok
19:35:54.0159 1588	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:35:54.0176 1588	arcsas - ok
19:35:54.0313 1588	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:35:54.0351 1588	aspnet_state - ok
19:35:54.0376 1588	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:54.0410 1588	AsyncMac - ok
19:35:54.0454 1588	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:35:54.0464 1588	atapi - ok
19:35:55.0075 1588	atikmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:55.0200 1588	atikmdag - ok
19:35:55.0336 1588	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:35:55.0385 1588	AudioEndpointBuilder - ok
19:35:55.0391 1588	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:35:55.0426 1588	AudioSrv - ok
19:35:55.0483 1588	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:35:55.0570 1588	AxInstSV - ok
19:35:55.0644 1588	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:35:55.0690 1588	b06bdrv - ok
19:35:55.0726 1588	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:35:55.0750 1588	b57nd60a - ok
19:35:55.0807 1588	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:35:55.0837 1588	BDESVC - ok
19:35:55.0880 1588	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:35:55.0926 1588	Beep - ok
19:35:56.0010 1588	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:35:56.0054 1588	BFE - ok
19:35:56.0123 1588	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:35:56.0218 1588	BITS - ok
19:35:56.0267 1588	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:35:56.0305 1588	blbdrive - ok
19:35:56.0415 1588	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:35:56.0438 1588	Bonjour Service - ok
19:35:56.0495 1588	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:35:56.0531 1588	bowser - ok
19:35:56.0551 1588	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:35:56.0568 1588	BrFiltLo - ok
19:35:56.0592 1588	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:35:56.0605 1588	BrFiltUp - ok
19:35:56.0655 1588	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:35:56.0723 1588	Browser - ok
19:35:56.0771 1588	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:35:56.0806 1588	Brserid - ok
19:35:56.0818 1588	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:35:56.0863 1588	BrSerWdm - ok
19:35:56.0886 1588	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:35:56.0901 1588	BrUsbMdm - ok
19:35:56.0914 1588	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:35:56.0946 1588	BrUsbSer - ok
19:35:57.0009 1588	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:35:57.0071 1588	BthEnum - ok
19:35:57.0088 1588	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:35:57.0118 1588	BTHMODEM - ok
19:35:57.0157 1588	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:35:57.0194 1588	BthPan - ok
19:35:57.0236 1588	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
19:35:57.0282 1588	BTHPORT - ok
19:35:57.0316 1588	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:35:57.0368 1588	bthserv - ok
19:35:57.0388 1588	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
19:35:57.0419 1588	BTHUSB - ok
19:35:57.0456 1588	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:35:57.0496 1588	cdfs - ok
19:35:57.0550 1588	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:35:57.0577 1588	cdrom - ok
19:35:57.0630 1588	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:35:57.0687 1588	CertPropSvc - ok
19:35:57.0726 1588	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:35:57.0750 1588	circlass - ok
19:35:57.0776 1588	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:35:57.0798 1588	CLFS - ok
19:35:57.0859 1588	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:57.0869 1588	clr_optimization_v2.0.50727_32 - ok
19:35:57.0912 1588	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:35:57.0932 1588	clr_optimization_v2.0.50727_64 - ok
19:35:58.0026 1588	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:58.0080 1588	clr_optimization_v4.0.30319_32 - ok
19:35:58.0148 1588	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:35:58.0178 1588	clr_optimization_v4.0.30319_64 - ok
19:35:58.0202 1588	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:58.0219 1588	CmBatt - ok
19:35:58.0256 1588	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:35:58.0268 1588	cmdide - ok
19:35:58.0322 1588	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:35:58.0356 1588	CNG - ok
19:35:58.0384 1588	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:35:58.0396 1588	Compbatt - ok
19:35:58.0441 1588	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:35:58.0460 1588	CompositeBus - ok
19:35:58.0474 1588	COMSysApp - ok
19:35:58.0497 1588	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:35:58.0508 1588	crcdisk - ok
19:35:58.0568 1588	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:35:58.0609 1588	CryptSvc - ok
19:35:58.0665 1588	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:35:58.0741 1588	CSC - ok
19:35:58.0775 1588	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:35:58.0806 1588	CscService - ok
19:35:58.0865 1588	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:35:58.0913 1588	DcomLaunch - ok
19:35:58.0939 1588	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:35:58.0981 1588	defragsvc - ok
19:35:59.0041 1588	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:35:59.0078 1588	DfsC - ok
19:35:59.0137 1588	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:35:59.0179 1588	Dhcp - ok
19:35:59.0200 1588	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:35:59.0239 1588	discache - ok
19:35:59.0272 1588	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:35:59.0283 1588	Disk - ok
19:35:59.0323 1588	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:35:59.0355 1588	Dnscache - ok
19:35:59.0404 1588	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:35:59.0448 1588	dot3svc - ok
19:35:59.0495 1588	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:35:59.0549 1588	DPS - ok
19:35:59.0583 1588	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:35:59.0618 1588	drmkaud - ok
19:35:59.0670 1588	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:35:59.0690 1588	dtsoftbus01 - ok
19:35:59.0760 1588	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:35:59.0796 1588	DXGKrnl - ok
19:35:59.0894 1588	E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:35:59.0919 1588	E1G60 - ok
19:36:00.0056 1588	EagleX64 - ok
19:36:00.0078 1588	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:36:00.0117 1588	EapHost - ok
19:36:00.0271 1588	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:36:00.0371 1588	ebdrv - ok
19:36:00.0514 1588	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:36:00.0576 1588	EFS - ok
19:36:00.0666 1588	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:36:00.0730 1588	ehRecvr - ok
19:36:00.0762 1588	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:36:00.0781 1588	ehSched - ok
19:36:00.0869 1588	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:36:00.0895 1588	elxstor - ok
19:36:00.0934 1588	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:36:00.0947 1588	ErrDev - ok
19:36:01.0036 1588	etdrv           (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
19:36:01.0056 1588	etdrv - ok
19:36:01.0091 1588	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:36:01.0151 1588	EventSystem - ok
19:36:01.0195 1588	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:36:01.0232 1588	exfat - ok
19:36:01.0251 1588	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:36:01.0293 1588	fastfat - ok
19:36:01.0370 1588	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:36:01.0433 1588	Fax - ok
19:36:01.0444 1588	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:36:01.0459 1588	fdc - ok
19:36:01.0490 1588	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:36:01.0526 1588	fdPHost - ok
19:36:01.0538 1588	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:36:01.0572 1588	FDResPub - ok
19:36:01.0598 1588	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:36:01.0611 1588	FileInfo - ok
19:36:01.0625 1588	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:36:01.0657 1588	Filetrace - ok
19:36:01.0666 1588	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:01.0677 1588	flpydisk - ok
19:36:01.0731 1588	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:36:01.0755 1588	FltMgr - ok
19:36:01.0809 1588	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:36:01.0852 1588	FontCache - ok
19:36:01.0943 1588	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:36:01.0957 1588	FontCache3.0.0.0 - ok
19:36:02.0001 1588	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:36:02.0012 1588	FsDepends - ok
19:36:02.0037 1588	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:36:02.0047 1588	Fs_Rec - ok
19:36:02.0098 1588	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:36:02.0123 1588	fvevol - ok
19:36:02.0148 1588	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:02.0158 1588	gagp30kx - ok
19:36:02.0210 1588	gdrv            (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
19:36:02.0229 1588	gdrv - ok
19:36:02.0268 1588	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:36:02.0278 1588	GEARAspiWDM - ok
19:36:02.0342 1588	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:36:02.0395 1588	gpsvc - ok
19:36:02.0448 1588	GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
19:36:02.0469 1588	GVTDrv64 - ok
19:36:02.0490 1588	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:36:02.0520 1588	hcw85cir - ok
19:36:02.0579 1588	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:36:02.0603 1588	HdAudAddService - ok
19:36:02.0642 1588	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:36:02.0662 1588	HDAudBus - ok
19:36:02.0681 1588	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:02.0695 1588	HidBatt - ok
19:36:02.0747 1588	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:36:02.0769 1588	HidBth - ok
19:36:02.0785 1588	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:36:02.0800 1588	HidIr - ok
19:36:02.0823 1588	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:36:02.0857 1588	hidserv - ok
19:36:02.0909 1588	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:36:02.0921 1588	HidUsb - ok
19:36:02.0964 1588	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:36:03.0000 1588	hkmsvc - ok
19:36:03.0045 1588	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:36:03.0082 1588	HomeGroupListener - ok
19:36:03.0131 1588	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:36:03.0154 1588	HomeGroupProvider - ok
19:36:03.0203 1588	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:36:03.0213 1588	HpSAMD - ok
19:36:03.0294 1588	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:36:03.0344 1588	HTTP - ok
19:36:03.0381 1588	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:36:03.0392 1588	hwpolicy - ok
19:36:03.0436 1588	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:36:03.0452 1588	i8042prt - ok
19:36:03.0512 1588	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:36:03.0535 1588	iaStorV - ok
19:36:03.0622 1588	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:36:03.0631 1588	IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:36:03.0631 1588	IDriverT - detected UnsignedFile.Multi.Generic (1)
19:36:03.0741 1588	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:36:03.0780 1588	idsvc - ok
19:36:03.0862 1588	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:36:03.0872 1588	iirsp - ok
19:36:03.0936 1588	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:36:03.0990 1588	IKEEXT - ok
19:36:04.0066 1588	IntcAzAudAddService (6bcd9505f0ab48edda1ee250987b0eb4) C:\Windows\system32\drivers\RTKVHD64.sys
19:36:04.0120 1588	IntcAzAudAddService - ok
19:36:04.0235 1588	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:36:04.0245 1588	intelide - ok
19:36:04.0273 1588	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:36:04.0301 1588	intelppm - ok
19:36:04.0331 1588	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:36:04.0384 1588	IPBusEnum - ok
19:36:04.0418 1588	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:04.0472 1588	IpFilterDriver - ok
19:36:04.0517 1588	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:36:04.0563 1588	iphlpsvc - ok
19:36:04.0603 1588	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:36:04.0635 1588	IPMIDRV - ok
19:36:04.0672 1588	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:36:04.0707 1588	IPNAT - ok
19:36:04.0783 1588	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:36:04.0815 1588	iPod Service - ok
19:36:04.0847 1588	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:36:04.0883 1588	IRENUM - ok
19:36:04.0915 1588	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:36:04.0925 1588	isapnp - ok
19:36:04.0972 1588	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:36:05.0001 1588	iScsiPrt - ok
19:36:05.0165 1588	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:36:05.0178 1588	kbdclass - ok
19:36:05.0189 1588	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:36:05.0225 1588	kbdhid - ok
19:36:05.0263 1588	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:05.0273 1588	KeyIso - ok
19:36:05.0290 1588	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:36:05.0308 1588	KSecDD - ok
19:36:05.0323 1588	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:36:05.0338 1588	KSecPkg - ok
19:36:05.0368 1588	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:36:05.0404 1588	ksthunk - ok
19:36:05.0439 1588	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:36:05.0500 1588	KtmRm - ok
19:36:05.0566 1588	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:36:05.0607 1588	LanmanServer - ok
19:36:05.0651 1588	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:36:05.0689 1588	LanmanWorkstation - ok
19:36:05.0752 1588	LGBusEnum       (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
19:36:05.0762 1588	LGBusEnum - ok
19:36:05.0785 1588	LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
19:36:05.0796 1588	LGVirHid - ok
19:36:05.0826 1588	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:36:05.0859 1588	lltdio - ok
19:36:05.0895 1588	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:36:05.0940 1588	lltdsvc - ok
19:36:05.0958 1588	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:36:05.0989 1588	lmhosts - ok
19:36:06.0021 1588	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:06.0036 1588	LSI_FC - ok
19:36:06.0054 1588	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:06.0069 1588	LSI_SAS - ok
19:36:06.0083 1588	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:06.0095 1588	LSI_SAS2 - ok
19:36:06.0111 1588	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:06.0127 1588	LSI_SCSI - ok
19:36:06.0150 1588	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:36:06.0188 1588	luafv - ok
19:36:06.0294 1588	McComponentHostService (485405de203e88b3fe4294a2ea48d7ee) C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe
19:36:06.0317 1588	McComponentHostService - ok
19:36:06.0359 1588	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:36:06.0395 1588	Mcx2Svc - ok
19:36:06.0428 1588	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:36:06.0438 1588	megasas - ok
19:36:06.0467 1588	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:06.0488 1588	MegaSR - ok
19:36:06.0539 1588	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:36:06.0588 1588	MMCSS - ok
19:36:06.0610 1588	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:36:06.0660 1588	Modem - ok
19:36:06.0687 1588	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:36:06.0701 1588	monitor - ok
19:36:06.0757 1588	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:36:06.0768 1588	mouclass - ok
19:36:06.0786 1588	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:36:06.0800 1588	mouhid - ok
19:36:06.0842 1588	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:36:06.0858 1588	mountmgr - ok
19:36:06.0912 1588	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
19:36:06.0929 1588	MpFilter - ok
19:36:06.0973 1588	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:36:06.0987 1588	mpio - ok
19:36:07.0017 1588	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:36:07.0046 1588	mpsdrv - ok
19:36:07.0111 1588	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:36:07.0162 1588	MpsSvc - ok
19:36:07.0200 1588	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:36:07.0242 1588	MRxDAV - ok
19:36:07.0280 1588	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:07.0307 1588	mrxsmb - ok
19:36:07.0363 1588	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:07.0384 1588	mrxsmb10 - ok
19:36:07.0398 1588	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:07.0416 1588	mrxsmb20 - ok
19:36:07.0458 1588	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:36:07.0469 1588	msahci - ok
19:36:07.0510 1588	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:36:07.0527 1588	msdsm - ok
19:36:07.0549 1588	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:36:07.0590 1588	MSDTC - ok
19:36:07.0630 1588	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:36:07.0659 1588	Msfs - ok
19:36:07.0669 1588	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:36:07.0701 1588	mshidkmdf - ok
19:36:07.0734 1588	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:36:07.0744 1588	msisadrv - ok
19:36:07.0778 1588	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:36:07.0815 1588	MSiSCSI - ok
19:36:07.0819 1588	msiserver - ok
19:36:07.0855 1588	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:36:07.0887 1588	MSKSSRV - ok
19:36:07.0986 1588	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:36:07.0998 1588	MsMpSvc - ok
19:36:08.0026 1588	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:08.0078 1588	MSPCLOCK - ok
19:36:08.0104 1588	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:36:08.0135 1588	MSPQM - ok
19:36:08.0186 1588	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:36:08.0212 1588	MsRPC - ok
19:36:08.0254 1588	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:36:08.0263 1588	mssmbios - ok
19:36:08.0286 1588	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:36:08.0335 1588	MSTEE - ok
19:36:08.0361 1588	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:08.0375 1588	MTConfig - ok
19:36:08.0399 1588	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:36:08.0409 1588	Mup - ok
19:36:08.0476 1588	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:36:08.0522 1588	napagent - ok
19:36:08.0570 1588	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:36:08.0596 1588	NativeWifiP - ok
19:36:08.0660 1588	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:36:08.0699 1588	NDIS - ok
19:36:08.0728 1588	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:08.0760 1588	NdisCap - ok
19:36:08.0819 1588	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:08.0850 1588	NdisTapi - ok
19:36:08.0912 1588	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:08.0945 1588	Ndisuio - ok
19:36:08.0996 1588	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:09.0040 1588	NdisWan - ok
19:36:09.0082 1588	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:36:09.0113 1588	NDProxy - ok
19:36:09.0135 1588	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:36:09.0166 1588	NetBIOS - ok
19:36:09.0212 1588	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:36:09.0255 1588	NetBT - ok
19:36:09.0295 1588	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:09.0305 1588	Netlogon - ok
19:36:09.0346 1588	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:36:09.0389 1588	Netman - ok
19:36:09.0517 1588	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0531 1588	NetMsmqActivator - ok
19:36:09.0536 1588	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0545 1588	NetPipeActivator - ok
19:36:09.0582 1588	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:36:09.0630 1588	netprofm - ok
19:36:09.0635 1588	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0643 1588	NetTcpActivator - ok
19:36:09.0647 1588	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:36:09.0656 1588	NetTcpPortSharing - ok
19:36:09.0701 1588	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:09.0711 1588	nfrd960 - ok
19:36:09.0744 1588	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:36:09.0759 1588	NisDrv - ok
19:36:09.0864 1588	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
19:36:09.0888 1588	NisSrv - ok
19:36:09.0987 1588	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:36:10.0034 1588	NlaSvc - ok
19:36:10.0064 1588	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:36:10.0093 1588	Npfs - ok
19:36:10.0112 1588	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:36:10.0145 1588	nsi - ok
19:36:10.0155 1588	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:36:10.0187 1588	nsiproxy - ok
19:36:10.0276 1588	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:36:10.0339 1588	Ntfs - ok
19:36:10.0446 1588	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:36:10.0478 1588	Null - ok
19:36:10.0549 1588	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:36:10.0564 1588	nvraid - ok
19:36:10.0593 1588	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:36:10.0607 1588	nvstor - ok
19:36:10.0669 1588	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:36:10.0684 1588	nv_agp - ok
19:36:10.0696 1588	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:36:10.0741 1588	ohci1394 - ok
19:36:10.0795 1588	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:36:10.0828 1588	p2pimsvc - ok
19:36:10.0852 1588	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:36:10.0881 1588	p2psvc - ok
19:36:10.0902 1588	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:36:10.0918 1588	Parport - ok
19:36:10.0956 1588	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:36:10.0967 1588	partmgr - ok
19:36:10.0997 1588	pavboot         (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
19:36:11.0010 1588	pavboot - ok
19:36:11.0036 1588	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:36:11.0085 1588	PcaSvc - ok
19:36:11.0123 1588	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:36:11.0137 1588	pci - ok
19:36:11.0150 1588	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:36:11.0160 1588	pciide - ok
19:36:11.0185 1588	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:11.0208 1588	pcmcia - ok
19:36:11.0224 1588	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:36:11.0236 1588	pcw - ok
19:36:11.0266 1588	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:36:11.0316 1588	PEAUTH - ok
19:36:11.0382 1588	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:36:11.0463 1588	PeerDistSvc - ok
19:36:11.0530 1588	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:36:11.0545 1588	PerfHost - ok
19:36:11.0669 1588	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:36:11.0733 1588	pla - ok
19:36:11.0800 1588	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:36:11.0830 1588	PlugPlay - ok
19:36:11.0872 1588	PnkBstrA - ok
19:36:11.0894 1588	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:36:11.0905 1588	PNRPAutoReg - ok
19:36:11.0925 1588	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:36:11.0938 1588	PNRPsvc - ok
19:36:11.0988 1588	Point64         (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
19:36:11.0997 1588	Point64 - ok
19:36:12.0048 1588	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:36:12.0097 1588	PolicyAgent - ok
19:36:12.0128 1588	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:36:12.0174 1588	Power - ok
19:36:12.0228 1588	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:36:12.0287 1588	PptpMiniport - ok
19:36:12.0315 1588	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:36:12.0350 1588	Processor - ok
19:36:12.0409 1588	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:36:12.0484 1588	ProfSvc - ok
19:36:12.0527 1588	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:12.0537 1588	ProtectedStorage - ok
19:36:12.0590 1588	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:36:12.0627 1588	Psched - ok
19:36:12.0704 1588	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:36:12.0757 1588	ql2300 - ok
19:36:12.0847 1588	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:12.0863 1588	ql40xx - ok
19:36:12.0893 1588	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:36:12.0940 1588	QWAVE - ok
19:36:12.0963 1588	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:36:13.0026 1588	QWAVEdrv - ok
19:36:13.0048 1588	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:36:13.0077 1588	RasAcd - ok
19:36:13.0107 1588	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:13.0137 1588	RasAgileVpn - ok
19:36:13.0157 1588	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:36:13.0212 1588	RasAuto - ok
19:36:13.0255 1588	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:13.0309 1588	Rasl2tp - ok
19:36:13.0340 1588	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:36:13.0384 1588	RasMan - ok
19:36:13.0414 1588	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:13.0452 1588	RasPppoe - ok
19:36:13.0468 1588	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:36:13.0504 1588	RasSstp - ok
19:36:13.0555 1588	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:36:13.0599 1588	rdbss - ok
19:36:13.0612 1588	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:13.0629 1588	rdpbus - ok
19:36:13.0639 1588	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:13.0692 1588	RDPCDD - ok
19:36:13.0732 1588	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:36:13.0766 1588	RDPDR - ok
19:36:13.0797 1588	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:36:13.0831 1588	RDPENCDD - ok
19:36:13.0839 1588	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:36:13.0869 1588	RDPREFMP - ok
19:36:13.0921 1588	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
19:36:13.0947 1588	RdpVideoMiniport - ok
19:36:13.0971 1588	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:36:13.0996 1588	RDPWD - ok
19:36:14.0051 1588	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:36:14.0066 1588	rdyboost - ok
19:36:14.0097 1588	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:36:14.0135 1588	RemoteAccess - ok
19:36:14.0159 1588	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:36:14.0194 1588	RemoteRegistry - ok
19:36:14.0226 1588	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:36:14.0255 1588	RFCOMM - ok
19:36:14.0281 1588	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:36:14.0319 1588	RpcEptMapper - ok
19:36:14.0341 1588	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:36:14.0356 1588	RpcLocator - ok
19:36:14.0408 1588	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:36:14.0444 1588	RpcSs - ok
19:36:14.0467 1588	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:36:14.0498 1588	rspndr - ok
19:36:14.0537 1588	RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614) C:\Windows\system32\drivers\RtHDMIVX.sys
19:36:14.0558 1588	RTHDMIAzAudService - ok
19:36:14.0602 1588	RTL8167         (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:36:14.0658 1588	RTL8167 - ok
19:36:14.0700 1588	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:36:14.0727 1588	s3cap - ok
19:36:14.0767 1588	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:14.0778 1588	SamSs - ok
19:36:14.0983 1588	SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:36:15.0034 1588	SASDIFSV - ok
19:36:15.0091 1588	SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:36:15.0099 1588	SASKUTIL - ok
19:36:15.0150 1588	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:36:15.0165 1588	sbp2port - ok
19:36:15.0195 1588	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:36:15.0241 1588	SCardSvr - ok
19:36:15.0276 1588	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:36:15.0309 1588	scfilter - ok
19:36:15.0382 1588	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:36:15.0442 1588	Schedule - ok
19:36:15.0490 1588	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:36:15.0518 1588	SCPolicySvc - ok
19:36:15.0561 1588	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:36:15.0584 1588	SDRSVC - ok
19:36:15.0638 1588	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:36:15.0669 1588	secdrv - ok
19:36:15.0708 1588	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:36:15.0740 1588	seclogon - ok
19:36:15.0762 1588	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:36:15.0800 1588	SENS - ok
19:36:15.0809 1588	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:36:15.0830 1588	SensrSvc - ok
19:36:15.0850 1588	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:36:15.0862 1588	Serenum - ok
19:36:15.0886 1588	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:36:15.0905 1588	Serial - ok
19:36:15.0967 1588	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:36:15.0980 1588	sermouse - ok
19:36:16.0030 1588	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:36:16.0065 1588	SessionEnv - ok
19:36:16.0107 1588	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:36:16.0123 1588	sffdisk - ok
19:36:16.0134 1588	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:36:16.0165 1588	sffp_mmc - ok
19:36:16.0190 1588	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:36:16.0225 1588	sffp_sd - ok
19:36:16.0255 1588	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:36:16.0266 1588	sfloppy - ok
19:36:16.0298 1588	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:36:16.0342 1588	SharedAccess - ok
19:36:16.0392 1588	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:36:16.0457 1588	ShellHWDetection - ok
19:36:16.0491 1588	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:36:16.0502 1588	SiSRaid2 - ok
19:36:16.0514 1588	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:36:16.0525 1588	SiSRaid4 - ok
19:36:16.0633 1588	sj              (4523268768f70049ea95ffdf8354b4fa) C:\AeriaGames\EdenEternal\sjcs64.sys
19:36:16.0642 1588	sj - ok
19:36:16.0669 1588	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:36:16.0709 1588	Smb - ok
19:36:16.0760 1588	SNMP            (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
19:36:16.0787 1588	SNMP - ok
19:36:16.0811 1588	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:36:16.0827 1588	SNMPTRAP - ok
19:36:16.0835 1588	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:36:16.0845 1588	spldr - ok
19:36:16.0905 1588	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:36:16.0949 1588	Spooler - ok
19:36:17.0088 1588	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:36:17.0212 1588	sppsvc - ok
19:36:17.0294 1588	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:36:17.0331 1588	sppuinotify - ok
19:36:17.0404 1588	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:36:17.0459 1588	srv - ok
19:36:17.0521 1588	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:36:17.0572 1588	srv2 - ok
19:36:17.0609 1588	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:36:17.0641 1588	srvnet - ok
19:36:17.0686 1588	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:36:17.0732 1588	SSDPSRV - ok
19:36:17.0741 1588	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:36:17.0773 1588	SstpSvc - ok
19:36:17.0854 1588	Steam Client Service - ok
19:36:17.0885 1588	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:36:17.0895 1588	stexstor - ok
19:36:17.0957 1588	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:36:17.0991 1588	stisvc - ok
19:36:18.0028 1588	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:36:18.0039 1588	storflt - ok
19:36:18.0059 1588	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:36:18.0070 1588	storvsc - ok
19:36:18.0110 1588	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:36:18.0122 1588	swenum - ok
19:36:18.0159 1588	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:36:18.0210 1588	swprv - ok
19:36:18.0220 1588	Synth3dVsc - ok
19:36:18.0314 1588	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:36:18.0377 1588	SysMain - ok
19:36:18.0478 1588	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:36:18.0501 1588	TabletInputService - ok
19:36:18.0520 1588	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:36:18.0562 1588	TapiSrv - ok
19:36:18.0587 1588	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:36:18.0623 1588	TBS - ok
19:36:18.0734 1588	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:36:18.0805 1588	Tcpip - ok
19:36:18.0985 1588	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:36:19.0016 1588	TCPIP6 - ok
19:36:19.0092 1588	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:36:19.0123 1588	tcpipreg - ok
19:36:19.0150 1588	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:36:19.0165 1588	TDPIPE - ok
19:36:19.0208 1588	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:36:19.0220 1588	TDTCP - ok
19:36:19.0278 1588	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:36:19.0312 1588	tdx - ok
19:36:19.0473 1588	TeamViewer7     (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:36:19.0554 1588	TeamViewer7 - ok
19:36:19.0675 1588	teamviewervpn   (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
19:36:19.0684 1588	teamviewervpn - ok
19:36:19.0729 1588	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:36:19.0741 1588	TermDD - ok
19:36:19.0797 1588	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:36:19.0860 1588	TermService - ok
19:36:19.0892 1588	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:36:19.0913 1588	Themes - ok
19:36:20.0051 1588	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:36:20.0084 1588	THREADORDER - ok
19:36:20.0112 1588	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:36:20.0150 1588	TrkWks - ok
19:36:20.0226 1588	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:36:20.0290 1588	TrustedInstaller - ok
19:36:20.0326 1588	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:20.0357 1588	tssecsrv - ok
19:36:20.0414 1588	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:36:20.0478 1588	TsUsbFlt - ok
19:36:20.0481 1588	tsusbhub - ok
19:36:20.0536 1588	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:36:20.0594 1588	tunnel - ok
19:36:20.0625 1588	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:36:20.0635 1588	uagp35 - ok
19:36:20.0689 1588	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:36:20.0764 1588	udfs - ok
19:36:20.0810 1588	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:36:20.0828 1588	UI0Detect - ok
19:36:20.0885 1588	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:36:20.0896 1588	uliagpkx - ok
19:36:20.0929 1588	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:36:20.0943 1588	umbus - ok
19:36:20.0975 1588	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:36:20.0987 1588	UmPass - ok
19:36:21.0032 1588	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:36:21.0080 1588	UmRdpService - ok
19:36:21.0123 1588	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:36:21.0201 1588	upnphost - ok
19:36:21.0269 1588	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:36:21.0282 1588	USBAAPL64 - ok
19:36:21.0328 1588	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:21.0348 1588	usbccgp - ok
19:36:21.0400 1588	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:36:21.0418 1588	usbcir - ok
19:36:21.0442 1588	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:36:21.0471 1588	usbehci - ok
19:36:21.0518 1588	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:36:21.0541 1588	usbhub - ok
19:36:21.0554 1588	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:36:21.0567 1588	usbohci - ok
19:36:21.0593 1588	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:36:21.0626 1588	usbprint - ok
19:36:21.0663 1588	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
19:36:21.0685 1588	USBSTOR - ok
19:36:21.0695 1588	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:36:21.0709 1588	usbuhci - ok
19:36:21.0826 1588	usj             (659ba43f61fc37609288a5340a8d37d4) C:\AeriaGames\EdenEternal\avital\ussjcs64.sys
19:36:21.0838 1588	usj - ok
19:36:21.0863 1588	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:36:21.0897 1588	UxSms - ok
19:36:21.0940 1588	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:36:21.0950 1588	VaultSvc - ok
19:36:22.0001 1588	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:36:22.0011 1588	vdrvroot - ok
19:36:22.0073 1588	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:36:22.0139 1588	vds - ok
19:36:22.0179 1588	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:22.0192 1588	vga - ok
19:36:22.0209 1588	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:36:22.0240 1588	VgaSave - ok
19:36:22.0243 1588	VGPU - ok
19:36:22.0290 1588	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:36:22.0313 1588	vhdmp - ok
19:36:22.0350 1588	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:36:22.0360 1588	viaide - ok
19:36:22.0378 1588	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:36:22.0401 1588	vmbus - ok
19:36:22.0420 1588	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:36:22.0452 1588	VMBusHID - ok
19:36:22.0482 1588	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:36:22.0493 1588	volmgr - ok
19:36:22.0547 1588	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:36:22.0568 1588	volmgrx - ok
19:36:22.0617 1588	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:36:22.0640 1588	volsnap - ok
19:36:22.0673 1588	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:22.0688 1588	vsmraid - ok
19:36:22.0773 1588	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:36:22.0854 1588	VSS - ok
19:36:22.0941 1588	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:36:22.0971 1588	vwifibus - ok
19:36:23.0017 1588	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:36:23.0056 1588	W32Time - ok
19:36:23.0074 1588	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:36:23.0085 1588	WacomPen - ok
19:36:23.0131 1588	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:23.0166 1588	WANARP - ok
19:36:23.0176 1588	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:23.0203 1588	Wanarpv6 - ok
19:36:23.0292 1588	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:36:23.0349 1588	wbengine - ok
19:36:23.0442 1588	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:36:23.0469 1588	WbioSrvc - ok
19:36:23.0522 1588	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:36:23.0558 1588	wcncsvc - ok
19:36:23.0573 1588	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:36:23.0597 1588	WcsPlugInService - ok
19:36:23.0620 1588	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:36:23.0630 1588	Wd - ok
19:36:23.0665 1588	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:36:23.0694 1588	Wdf01000 - ok
19:36:23.0705 1588	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:36:23.0806 1588	WdiServiceHost - ok
19:36:23.0809 1588	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:36:23.0826 1588	WdiSystemHost - ok
19:36:23.0872 1588	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:36:23.0916 1588	WebClient - ok
19:36:23.0958 1588	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:36:24.0018 1588	Wecsvc - ok
19:36:24.0045 1588	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:36:24.0080 1588	wercplsupport - ok
19:36:24.0108 1588	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:36:24.0161 1588	WerSvc - ok
19:36:24.0218 1588	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:24.0247 1588	WfpLwf - ok
19:36:24.0263 1588	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:36:24.0273 1588	WIMMount - ok
19:36:24.0300 1588	WinDefend - ok
19:36:24.0313 1588	WinHttpAutoProxySvc - ok
19:36:24.0353 1588	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:36:24.0398 1588	Winmgmt - ok
19:36:24.0495 1588	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:36:24.0577 1588	WinRM - ok
19:36:24.0694 1588	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:36:24.0860 1588	WinUsb - ok
19:36:25.0072 1588	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:36:25.0117 1588	Wlansvc - ok
19:36:25.0277 1588	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:36:25.0350 1588	wlidsvc - ok
19:36:25.0471 1588	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:36:25.0484 1588	WmiAcpi - ok
19:36:25.0532 1588	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:36:25.0558 1588	wmiApSrv - ok
19:36:25.0603 1588	WMPNetworkSvc - ok
19:36:25.0629 1588	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:36:25.0645 1588	WPCSvc - ok
19:36:25.0693 1588	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:36:25.0710 1588	WPDBusEnum - ok
19:36:25.0734 1588	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:36:25.0766 1588	ws2ifsl - ok
19:36:25.0770 1588	WSearch - ok
19:36:25.0861 1588	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:36:25.0976 1588	wuauserv - ok
19:36:26.0100 1588	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:36:26.0136 1588	WudfPf - ok
19:36:26.0171 1588	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:26.0214 1588	WUDFRd - ok
19:36:26.0254 1588	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:36:26.0284 1588	wudfsvc - ok
19:36:26.0305 1588	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:36:26.0337 1588	WwanSvc - ok
19:36:26.0391 1588	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:36:26.0527 1588	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:36:26.0527 1588	\Device\Harddisk0\DR0 - detected TDSS File System (1)
19:36:26.0532 1588	MBR (0x1B8)     (245e3dcf979ac3adbf815ab0a12c59cb) \Device\Harddisk1\DR1
19:37:29.0731 1588	\Device\Harddisk1\DR1 - ok
19:37:29.0740 1588	MBR (0x1B8)     (42b02a2a0140f4274d69783b59fead9f) \Device\Harddisk2\DR2
19:37:36.0587 1588	\Device\Harddisk2\DR2 - ok
19:37:36.0623 1588	Boot (0x1200)   (f56491357f6ba883ce1f0c6a9a7e8391) \Device\Harddisk0\DR0\Partition0
19:37:36.0624 1588	\Device\Harddisk0\DR0\Partition0 - ok
19:37:36.0632 1588	Boot (0x1200)   (ffaf2f3c9df2cba1da79bde988e03cc1) \Device\Harddisk0\DR0\Partition1
19:37:36.0633 1588	\Device\Harddisk0\DR0\Partition1 - ok
19:37:36.0633 1588	============================================================
19:37:36.0633 1588	Scan finished
19:37:36.0633 1588	============================================================
19:37:36.0648 4264	Detected object count: 2
19:37:36.0648 4264	Actual detected object count: 2
19:37:40.0996 4264	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:40.0996 4264	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:37:40.0998 4264	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:37:40.0998 4264	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         

Antwort

Themen zu Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt
7-zip, acrobat update, adblock, adware, akamai, battle.net, bho, bonjour, browser, downloader, error, exe, fb photo zoom, firefox, flash player, format, helper, iexplore.exe, install.exe, langs, launch, object, plug-in, prozesse, realtek, registry, rundll, schlimm?, schreibfehler, searchscopes, security, server, software, start von windows, starten, svchost.exe, teamspeak, windows, wrapper




Ähnliche Themen: Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt


  1. Adware.Tracking cookie
    Überwachung, Datenschutz und Spam - 08.04.2014 (16)
  2. Adware Tracking Cookie und Security HiJack
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (30)
  3. Trojan.Agent/Gen, Adware.Tracking Cookie und Oreans32 gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (11)
  4. "SuperantiSpyware" erkennt "Adware.tracking cookie" kann aber das nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (21)
  5. Tracking Cookie
    Log-Analyse und Auswertung - 08.07.2010 (3)
  6. unerwünschte pop ups -> (Adware Tracking Cookie,trojan agent,trojan dropper)
    Log-Analyse und Auswertung - 02.06.2010 (20)
  7. AVG Meldungen: Adware:Generic2.CMX und Tracking cookie.Atdmt gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.06.2009 (1)
  8. tracking cookie, 100% CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 16.06.2009 (27)
  9. @atdmt Tracking Cookie ???
    Plagegeister aller Art und deren Bekämpfung - 10.06.2009 (0)
  10. Tracking Cookie
    Plagegeister aller Art und deren Bekämpfung - 27.01.2009 (0)
  11. adware tracking cookie
    Plagegeister aller Art und deren Bekämpfung - 15.11.2008 (1)
  12. Adware.Tracking.Cookie
    Plagegeister aller Art und deren Bekämpfung - 13.09.2008 (6)
  13. Tracking-cookie, popup-terror, cookie-einstellungen
    Plagegeister aller Art und deren Bekämpfung - 02.08.2008 (0)
  14. tracking cookie kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 26.02.2008 (9)
  15. Tracking Cookie
    Plagegeister aller Art und deren Bekämpfung - 15.02.2008 (5)
  16. Adware.Tracking Cookie
    Plagegeister aller Art und deren Bekämpfung - 12.06.2007 (1)
  17. Tracking-Cookie
    Plagegeister aller Art und deren Bekämpfung - 04.01.2006 (2)

Zum Thema Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt - Hallo Ihr Lieben, Das hier ist mein erster Forum Post also entschuldige ich mich hier schonmal für alle Rechtschreibfehler und andere Fehler. Ich nutze Windows 7 Ultimate 64 bit Service - Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt...

Alle Zeitangaben in WEZ +1. Es ist jetzt 08:59 Uhr.


Copyright ©2000-2024, Trojaner-Board
Archiv
Du betrachtest: Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.