Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ukash Bundespolizei Infektion - Logs anbei

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.11.2012, 12:26   #1
zellerli
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Hallo,

seit gestern habe ich besagten Trojaner (Computer gesperrt, 100€ zahlen).
Meine bisherige Recherche hat ergeben, dass ich wohl OTL-Logs posten muss und dann Anweisungen abwarten sollte. Ich danke schon jetzt für jegliche Hilfe!

Im abgesicherten Modus habe ich mit OTL die folgenden Logs erstellt.
Ich verwende Windows 7, Antivir und den neuesten Firefox.

edit: Ich lerne ja gerne neues und versuche halbwegs zu verstehen, was vorliegt und wie die Lösung funktioniert.
Am Log ist mir vor allem das hier aufgefallen (neuste Files):
Zitat:
[2012.11.22 18:38:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.11.22 18:38:21 | 000,161,280 | ---- | C] (Un4seen Developments) -- C:\Users\Zellerli\wgsdgsdgdsgsd.exe
kommt uhrzeitmäßig auch voll mit der Infektion hin (nach der ich den Rechner ausgeschaltet hab).

edit2: Einige Dateibewegungen (Desktop) rühren daher, dass ich für den Log aufräumen wollte (dachte die Desktopdateien werden extra aufgeführt). Ich habe beim Log auch nur 2Gb Speicher drin gehabt, weil ich die Pause gerade nutze, einen schadhaften Ram-Riegel auszumachen.

OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.11.2012 11:14:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zellerli\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,52% Memory free
3,99 Gb Paging File | 2,95 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,54 Gb Total Space | 137,43 Gb Free Space | 14,91% Space Free | Partition Type: NTFS
Drive G: | 1,81 Gb Total Space | 1,60 Gb Free Space | 88,55% Space Free | Partition Type: FAT
 
Computer Name: LAEMMERSPIEL | User Name: Zellerli | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zellerli\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (MySQL) -- C:\xamppDaten\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xamppDaten\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 81 8B 16 AC 86 CD 01  [binary data]
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{606ADCDA-32A4-4BC9-AB42-CEA943C2C9F0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3993BC9E-58B3-43CA-8C8E-ED25C2215BBF&apn_sauid=9BF59E63-0C7C-41C0-8F22-F2870D58D302
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.19 10:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 17:46:48 | 000,000,000 | ---D | M]
 
[2012.11.19 10:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zellerli\AppData\Roaming\mozilla\Extensions
[2012.11.19 10:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000..\Run: [Spotify Web Helper] C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51035B1-B4D9-4B2B-A388-C30EB39FD8AC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell - "" = AutoRun
O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.23 11:12:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe
[2012.11.22 18:38:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.11.22 18:38:21 | 000,161,280 | ---- | C] (Un4seen Developments) -- C:\Users\Zellerli\wgsdgsdgdsgsd.exe
[2012.11.19 10:46:44 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Mozilla
[2012.11.16 03:38:05 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.16 03:38:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.16 03:33:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.16 03:30:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.16 03:30:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.16 03:30:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.16 03:30:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.16 03:30:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.16 03:30:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.16 03:30:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.16 03:30:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.16 03:30:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.16 03:30:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.16 03:30:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.16 03:30:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.16 03:30:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 03:30:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.16 03:30:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.16 03:27:15 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.16 03:27:14 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.16 03:27:14 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.16 03:27:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.15 09:19:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.15 09:19:47 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.15 09:19:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.15 09:19:43 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2012.11.15 09:19:42 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2012.11.15 09:19:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2012.11.15 09:19:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2012.11.15 09:19:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2012.11.15 09:19:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2012.11.15 09:19:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2012.11.15 09:19:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2012.11.15 09:19:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2012.11.15 09:19:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2012.11.15 09:19:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2012.11.15 09:19:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2012.11.15 09:19:39 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.15 09:19:39 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.15 09:19:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.15 09:19:39 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.15 09:19:24 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.15 09:19:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.10.27 19:50:23 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\xm1
[2012.10.27 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab
[2012.10.27 19:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin86Sr0SetupFiles
[2012.10.27 19:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.10.27 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.10.27 19:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker
[2012.10.27 17:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.06.04 10:31:59 | 001,663,664 | ---- | C] (Blizzard Entertainment) -- C:\Users\Zellerli\InstallWoW.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.23 11:09:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.23 11:09:45 | 1607,065,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.23 10:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe
[2012.11.22 18:50:45 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 18:50:44 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 18:50:34 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.22 18:48:33 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.22 18:38:24 | 000,000,788 | ---- | M] () -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.11.22 18:38:22 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.11.22 18:38:21 | 000,161,280 | ---- | M] (Un4seen Developments) -- C:\Users\Zellerli\wgsdgsdgdsgsd.exe
[2012.11.22 18:18:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.20 02:39:46 | 001,796,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 02:39:46 | 000,770,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 02:39:46 | 000,712,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 02:39:46 | 000,173,294 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 02:39:46 | 000,141,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 10:46:41 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 17:45:29 | 000,080,936 | ---- | M] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf
[2012.11.16 10:04:23 | 000,605,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.27 19:04:25 | 000,000,999 | ---- | M] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk
[2012.10.25 17:28:30 | 001,255,701 | ---- | M] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_30.941725.dmp
[2012.10.25 17:28:07 | 001,257,933 | ---- | M] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_06.925434.dmp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.22 18:38:24 | 000,000,788 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.11.22 18:38:23 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.19 10:46:41 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.19 10:46:41 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 17:45:29 | 000,080,936 | ---- | C] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf
[2012.11.16 03:38:09 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 03:27:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.10.27 19:04:25 | 000,000,999 | ---- | C] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk
[2012.10.25 17:28:30 | 001,255,701 | ---- | C] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_30.941725.dmp
[2012.10.25 17:28:06 | 001,257,933 | ---- | C] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_06.925434.dmp
[2012.07.05 06:41:33 | 000,314,880 | ---- | C] () -- C:\Users\Zellerli\AppData\Local\vltdi.exe
[2012.05.12 16:30:50 | 000,001,984 | ---- | C] () -- C:\Users\Zellerli\.recently-used.xbel
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.03 16:03:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.04.01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.04.01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.04.01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.03.07 23:51:00 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16_zurCore.rar
[2011.03.07 23:50:41 | 000,176,962 | ---- | C] () -- C:\Users\Zellerli\Ravenshield_core_160.rar
[2011.03.07 23:49:57 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16.rar
[2011.03.07 23:45:24 | 000,640,707 | ---- | C] () -- C:\Users\Zellerli\jmt-MiniRS3.rar
[2011.03.07 23:44:16 | 000,454,809 | ---- | C] () -- C:\Users\Zellerli\RS-mi_SuperK.rar
[2010.12.06 00:22:02 | 000,007,608 | ---- | C] () -- C:\Users\Zellerli\AppData\Local\Resmon.ResmonCfg
[2010.10.18 14:15:29 | 000,000,035 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\Opusbext.dat
[2010.10.06 23:52:54 | 003,121,971 | ---- | C] () -- C:\Users\Zellerli\17_gesamt_003_087_klein.pdf
[2010.07.24 16:14:08 | 000,001,155 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\SAS7_000.DAT
[2010.05.13 18:28:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.26 21:41:51 | 001,024,270 | ---- | C] () -- C:\Users\Zellerli\strahlungsfelder_11.pdf
[2010.04.19 19:18:55 | 002,699,555 | ---- | C] () -- C:\Users\Zellerli\theo-vorbereitung.zip
[2010.04.15 23:12:24 | 203,279,596 | ---- | C] () -- C:\Users\Zellerli\Queen.rar
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.03.11 21:42:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\.minecraft
[2011.04.25 20:27:51 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ahnenblatt
[2012.10.20 00:52:56 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Audacity
[2012.07.21 12:58:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\calibre
[2010.11.06 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DAEMON Tools Lite
[2010.05.19 19:56:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DeepBurner
[2012.10.24 09:51:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Dropbox
[2011.04.28 09:54:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\FileZilla
[2011.01.14 14:15:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Foxit Software
[2012.05.12 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\gtk-2.0
[2012.02.27 00:05:27 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\inkscape
[2012.03.21 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Itwye
[2011.03.22 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\JonDo
[2011.05.21 23:08:48 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Leadertech
[2010.09.01 21:23:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient
[2012.06.17 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient2
[2011.08.17 23:27:22 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Mael
[2010.10.02 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Miranda
[2011.11.12 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Red Alert 3
[2011.12.10 11:43:43 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\SmartTools
[2012.09.15 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Spotify
[2012.11.22 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StarOffice8
[2011.03.07 23:39:00 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StatSoft
[2010.12.22 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Stellarium
[2011.07.26 11:44:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Texas Instruments
[2011.07.26 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\TI-Nspire
[2012.01.23 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ubisoft
[2011.09.29 16:59:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\uTorrent
[2011.08.29 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\wargaming.net
[2012.10.27 19:50:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\xm1
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >
         
--- --- ---



Extras.txt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.11.2012 11:14:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zellerli\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,52% Memory free
3,99 Gb Paging File | 2,95 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,54 Gb Total Space | 137,43 Gb Free Space | 14,91% Space Free | Partition Type: NTFS
Drive G: | 1,81 Gb Total Space | 1,60 Gb Free Space | 88,55% Space Free | Partition Type: FAT
 
Computer Name: LAEMMERSPIEL | User Name: Zellerli | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003E65B1-061F-4F8B-86F0-A78F2EF4417D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{04BDAF95-5D7F-401E-A259-F0216E303044}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0592E869-A5DC-4B52-9C48-123D9F93B881}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0ACFFB57-3CC4-4B27-9BAC-2429C8026F4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C8956ED-E466-4E8F-BA92-9425FDE23F94}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{11C451E4-EACC-463C-B815-C0C5B79A21FD}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{1CC5D8BC-5004-453E-B717-BE919613077A}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{1FE6C0B7-A038-459B-8297-542BD96E87FA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{217722DE-AA15-4622-BCDD-F513027389E1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2A862473-278D-4572-B321-94BDE60374BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{36A802B4-1C8A-4A02-8383-6E91B921372D}" = lport=6892 | protocol=17 | dir=in | name=league of legends launcher | 
"{3D0B3A79-5A0F-460F-9883-EB591D440287}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{411DBB40-A24C-47B3-BC50-01FB07D21FD1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{45230AD7-3DF3-4376-84AB-47A40350FA94}" = lport=80 | protocol=6 | dir=in | name=xampp | 
"{4523A691-9AF0-4851-9D11-05234EF0C7DA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{490237B0-8DA6-419F-92D1-52ECEE319F89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4C4ED62D-8FB7-4149-B420-480616C5B311}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4EF58C36-2A23-448C-BCB7-6EF99A1C8DDB}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | 
"{53B095EE-722D-46B0-969D-768E3F51570E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{57490034-9B79-4E91-95E3-E8BBAF7CB6A2}" = lport=58947 | protocol=17 | dir=in | name=pando media booster | 
"{5D36A21C-96AD-42F0-A75C-9EA93EF5F98E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6400F3D4-8ABC-4701-91F1-1ECE5417E186}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6A37EBBF-8909-4B71-854C-169A71978A93}" = lport=6888 | protocol=17 | dir=in | name=league of legends launcher | 
"{6A58694C-FD00-49BD-BD20-6F2C85F70A19}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{6C48FE14-0CB6-406D-A5A7-F758B440EAEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C5FBED3-5C65-4DE5-930F-A7F1C27A009D}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{7E9E5C77-86F6-4EC7-98AB-DDE1C4D6F255}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7F8AF62C-A829-4871-A0AE-C49A12CAEF96}" = lport=137 | protocol=17 | dir=in | app=system | 
"{802CA42E-35F7-467B-9B01-05003F326517}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{80EB48F8-13E2-429C-8FDD-6918AA17B052}" = lport=58947 | protocol=6 | dir=in | name=pando media booster | 
"{843FD27E-DA00-48FD-B70B-D7C5E4CBE647}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{85919E83-2DB1-43B1-8395-62A9403ABCA4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{8688E206-2905-4E67-B2FB-A7AEA3E95F03}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{8D4DE0C9-DAF6-41A4-A11D-7785B41366B5}" = rport=80 | protocol=6 | dir=out | name=xampp | 
"{92A142B6-2657-4BD5-B686-CA8558EC2669}" = lport=139 | protocol=6 | dir=in | app=system | 
"{954D849B-68F9-4C85-B172-48CD12700EF5}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{9F15033C-9D53-41E9-BA5F-E88693C8558A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F3D8019-D14B-42C8-B939-EFE738A8693D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9F84E880-3D01-4A1C-B0D3-46A612BD5156}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB8258F1-36B2-4224-8E0B-45485E1575E7}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{AFE48AC7-8B97-4A9D-9BA6-55F63830C901}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B828B1CC-719C-4E44-A994-5756971562C2}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{BAA1393B-3E48-4983-9947-E8043DDA3E50}" = lport=58947 | protocol=6 | dir=in | name=pando media booster | 
"{BB48567F-14DA-4C8B-9609-5805394EA57E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BCC0EDBC-32CB-4227-B05C-A883F7323D6A}" = lport=6888 | protocol=6 | dir=in | name=league of legends launcher | 
"{BD45B64D-8152-4F12-ACD9-6B026DDDF8AA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BDA9CAD8-A935-4EC5-9D66-21296EAC282E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0B5BCC8-F755-428B-8461-36AEC66FFB47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C21D46AB-8466-4DA1-9F3C-AA7E72A35765}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C7140B34-9AD6-4748-AA6A-A5AB7989F1CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CAF864E8-1323-4359-99DB-C26128D191EE}" = lport=6892 | protocol=6 | dir=in | name=league of legends launcher | 
"{CE2B9EB2-54BB-476E-AF97-0551DB46E9F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF12D3BC-C65E-408F-8676-72F66F1B4675}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CF928608-7689-4DF3-B1A1-69A2DC2B0AF7}" = lport=58947 | protocol=17 | dir=in | name=pando media booster | 
"{D50F8D27-4721-4BC6-9D7C-6F3B7BB6486B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{DC72D35E-95A6-4B54-9532-1781015A6E51}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{DD198D1B-6402-44AD-9F71-267CB5B74DB5}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{E1322A1B-2843-44C9-9DEA-DE8C9C7B3B03}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{E15D4C25-DA62-48CF-BA82-7CE0B4C2CB73}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | 
"{E44EE432-38FC-4BF7-9932-6A58184E4DAE}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{EABFE8E1-A134-4AE5-A5F4-DD767E496712}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{EC910B25-ADCD-4184-94EB-E98B3FE12FD6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EED24FB2-3F2C-46BA-A8E4-BD5C752D964F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F2F97DAB-6EB4-475E-92BB-2D6601FD1073}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{F8732271-81F4-4AD1-A018-2D86F3DEF761}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F9105229-FC02-4C43-ADD5-16DBF43122BF}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{FA592191-9BAA-4A6D-9252-D14806D2E475}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FF9447FB-2099-4503-8F9A-3C401EBDDD44}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E24798-9132-4A41-A6B8-E871EF7C02E6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{08EB96EC-3084-456C-8B2E-0D625754D640}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"{0EAFA2E5-8BDE-46E2-B338-5FCE96F4108B}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{10412528-E2A0-45E8-B438-078C1B003485}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{19439B30-E761-450C-9026-A9682B789209}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A562E02-40D4-463C-BE3C-9768E03787DC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{1AC66571-1A65-467C-B283-348562765CFD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\anno4.exe | 
"{1CCE85DE-6AFB-430C-9ED4-68852776D54E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{22301842-1B9D-4EAE-B001-ED64E22D3394}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{235FE788-10A4-4094-922B-75B95F111013}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{2571AFDD-F545-4992-8BB5-3081339B7887}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{25E317A1-AD9F-4F52-AC8B-F66C7E2B1C36}" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\dropbox\bin\dropbox.exe | 
"{29ADB9A2-BB69-4CE7-88C1-97FC54DE80EA}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{310F7292-3673-4513-A65B-0C9635FBC39D}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{341B7905-1465-461F-83AB-54D80BD78623}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{34CAD4B2-1D1F-4D1B-822E-EE8F453D5DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{36466367-7C7F-4FA1-887B-245FED326CA2}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{37AD5E77-A17E-4F54-B71E-6AD90741606D}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{37C0EEE3-0619-4ADE-B26D-DE62E251CDE1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | 
"{38164E45-3C1E-4EE8-854A-50B527CD1803}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{39ED505F-5B89-4B4F-96E1-3209511DC0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{3C8CCF41-6708-4DB8-B70F-38ECF8BCAA9B}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | 
"{3F016C5F-54C2-4E10-9A51-EE49B7F91520}" = protocol=17 | dir=in | app=c:\program files (x86)\ut2k4\system\ut2004.exe | 
"{3FA6FB51-9681-45D8-9AC8-8D33445331D7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | 
"{442A0033-2094-4108-9391-205DEE8E1D90}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{444C1016-AFFB-48B3-A7E1-E09DEB69EBDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{44FFC111-10DF-4940-A6E7-4661F0B12260}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{463E015E-56F1-4AA6-963F-D23FC764B6C5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{51D53117-4F64-4816-AA91-7A826DB96FBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2.exe | 
"{5797B216-D8EB-4810-B5F3-AE754BD5C32F}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{58A66449-1BFB-4987-9DAC-45B4A8AE425A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5A754C9F-39D4-4BAD-84C0-7E49E068E51B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5C00FDFC-9C2F-4517-8E40-67BE89D633BC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5DCC306C-35FF-4DCA-938D-F9810DA8411C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6E300200-7F30-452F-8044-818BF280326C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{749FB92B-5BF0-4201-AA22-7F20BBB5061D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{74F120E7-B5EC-41A4-A845-313764ED4688}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7B604866-1E22-42A1-8F3C-2B4DC18E96D9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{81586FD4-4A91-4D7A-BEDD-B5B14012CDFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8186C802-8479-4C2A-985D-18EA807ACBF5}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{852D04A9-8FBE-46C6-9313-D0DDA3399256}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\anno4web.exe | 
"{89771538-1550-4543-84A1-1FCDC394DD07}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{8F1932DA-8A8A-4807-8A58-1D9C2EEFA619}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{93D46D9B-4567-45F0-AC87-11284628E19B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{978C20AB-4ED3-4755-AD72-E9ECB4DD74C8}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | 
"{9A02C3DA-0FD9-44AA-9F9D-19DEDE5F597D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | 
"{9ADBE6DF-716A-4B57-AC90-16A4C905DD7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{9D24E21A-13D0-4FC0-9913-A33734F8AEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe | 
"{A1707C1E-B9DC-4797-91E1-59AB9881A3EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A22414D0-D5AC-498E-8263-22971783F950}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A33B86CD-9F41-4484-9E44-E5A7AD2EF3FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2.exe | 
"{A3F1F49B-515E-4D69-89D2-C2519E613B67}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{A51100CC-4222-4DC2-947B-901CD0829FE5}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{A57E067D-EB68-4B51-AC02-AD38F7984781}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A78EBD96-12EE-4DA5-8030-CC263FBC6433}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe | 
"{B20A3F60-11F1-4000-8F73-D3341D069870}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2CD6F03-2266-4D34-8B0F-7BA9BF43CD11}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B335765D-FF7B-426D-B044-4BD03B0DF83D}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{B3C71977-66AC-42B4-9ED0-76FAC173BE8E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B69AE2FB-99F9-44FC-9207-E8CBABB40BC4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\anno4.exe | 
"{B6FC33E1-452F-4D10-A5F0-A7AF8B5C4A2D}" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B834CFAB-38EE-410A-9A2C-8A0A7EEE26DB}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{B8AD7CA6-DB22-4512-A47C-DF630152AFE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B8E97628-A3AC-4607-9A94-806ABE2429C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BFDF1575-6070-4B3C-A9B7-70BE9A6E00B4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C3CDED26-D471-4809-8FA1-202F09DFA792}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C44FEA29-80DC-47E4-BC0F-B4FC32309D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\ut2k4\system\ut2004.exe | 
"{C5E6ADC8-65C1-4297-8CE7-23D22A697E0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C62FA975-A663-43AD-8277-7D088A3A68EF}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{C6BB950E-85B9-460C-983D-8F4F010F2C0A}" = protocol=6 | dir=out | app=system | 
"{C7D670E1-3ED8-443C-8949-1AB6C68C36C1}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"{C8736291-530B-4E43-8320-63E384C4EB1B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\benchmark.exe | 
"{CB9F7A13-99B6-48B2-B320-1FA022CCFBAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CBE406AA-E81D-41C4-896E-240EE6E2DC59}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CC2F1063-94E0-47CC-A108-63A9C22F5443}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCAB01D5-41D4-4469-BDF7-37C64A0E48CD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CD9E0643-94BB-437B-B989-A7A3D07EF4F9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\benchmark.exe | 
"{CE438225-9DE2-471C-8CA1-7DBCC08A7334}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{CF43A1D5-9664-4115-B384-807FE2BC5139}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D0B6DF0D-8B0F-421B-910D-64BC7B184011}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\anno4web.exe | 
"{D1CC8C48-78D8-406A-BD7E-13EF3C65FCAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D21109DB-7463-4DBD-8F8B-6A29F08FD77E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D324626A-1ED4-4504-A8E7-C95F7D42C313}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{D348747C-A9F9-499E-950B-26F6C089AE06}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D369BB07-249A-4A38-9865-36ECBE2F901C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D71D55E3-4AD0-4925-93BA-9826342BA18A}" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | 
"{D9E88595-ACE4-4612-9C59-F4B4E0D1F92E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{DA0E8E94-D66C-405F-B67A-F75B8B67D5F5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DC528CC0-5008-44D6-838F-813E43D01A35}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{E03B4E17-F826-40CB-8FDC-B05A4FA766F5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E344AC1A-4D04-4C69-8F03-BB2261913579}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E71D5DD9-8310-4C10-921F-7A23D743E73F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EAA2890B-9E21-4E0C-A2C1-8BC2989C67FE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | 
"{EB15CDDC-9DE6-4EA4-B68C-8ACF3B1C2D75}" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | 
"{F02851F0-F3C5-45E4-A36D-9EDECB0F5419}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{F0861924-4AC0-480C-8683-288448B97F33}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F417E334-563A-4101-9749-717BFE8B7465}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{F4C6210F-10FC-4A4E-B964-CAC1FC9E01E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{F599DA2D-E505-43BF-9AA2-F2C90FA37967}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F7C41998-4ED6-4758-BB86-D824E412AF3B}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{FABFD627-2EAD-4EE4-A672-F05780C2CE76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{FB853588-B840-49E6-B7F8-5A981928D562}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{FE19D4D1-83B2-468D-B74B-7137C4D023B0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FF2E998F-82F5-44BE-9600-0801AC6EC263}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{03341652-A564-46B8-BE55-C17D927D8C49}C:\xamppdaten\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xamppdaten\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{04082BF3-CDB6-4462-B034-E47B548B6C7C}C:\users\zellerli\downloads\starcraft_2_beta_dede.exe" = protocol=6 | dir=in | app=c:\users\zellerli\downloads\starcraft_2_beta_dede.exe | 
"TCP Query User{0442162C-6275-4F8A-82EC-9432202F146C}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{0CAB75DC-F005-403C-BB6F-84CEB2DF0178}C:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe | 
"TCP Query User{0D8CA656-B29F-4BBB-A28F-67DF203957F6}C:\users\zellerli\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{0E6C4971-5087-4F21-92F7-DC7585B3D1A2}C:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe | 
"TCP Query User{103D9D6E-D7AC-4CCC-9AC8-409D43E28478}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{10BED12C-A114-4857-AB60-C3B19CA50955}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | 
"TCP Query User{163C00DD-4239-4558-B7DB-A71D31740E66}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe | 
"TCP Query User{2014D340-718F-492D-8B65-A205A74CC598}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe | 
"TCP Query User{231CF380-62A0-4342-B4D3-D8AC847F5389}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{27C92E5C-4B2B-4C56-9C27-507C8D86A7CA}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{298DA669-7A10-4283-8B87-592DC6484E1B}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{3A8564F5-EED0-4682-AD18-02BD6301D749}C:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | 
"TCP Query User{40ABAF44-2EF1-4FCF-AF17-E07FFAE4A840}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
"TCP Query User{40B3268B-194B-48FB-B912-109438E5E475}C:\program files\miranda x64\miranda64.exe" = protocol=6 | dir=in | app=c:\program files\miranda x64\miranda64.exe | 
"TCP Query User{4492AB14-A845-4DDB-AC31-4FB383E9C8C6}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{4D251248-92A7-42F2-A6BD-B948B6D68176}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{4D902F90-6D25-4B38-AAD5-0BAA44D7CFE7}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{4EAC75C0-3901-426F-8BFA-9691D639FE4B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{50C7C93C-76B6-47DD-8BBD-118104432274}C:\setups\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\setups\starcraft_2_eu_de-de.exe | 
"TCP Query User{52ECB185-B2AC-4D47-BE32-077AF75F79AB}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{56E00A92-30F5-4E86-9BB5-39788E22C3AE}C:\lan\bf2_ulf\bf2.exe" = protocol=6 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | 
"TCP Query User{58B2AE24-7977-4429-8E62-E9FE07C406D7}C:\program files (x86)\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flatout2\flatout2.exe | 
"TCP Query User{5E91AD2F-9C20-4037-9C25-673013F008C4}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe | 
"TCP Query User{6C5270BE-A891-4329-8898-96AB33711AFD}C:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"TCP Query User{7537212F-DF51-4242-8566-3D9080E2F4E5}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{77253648-1B95-46FF-BF5A-54E941FDA6D1}C:\program files (x86)\ea games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command and conquer generals\game.dat | 
"TCP Query User{7A936E8A-6CFF-4E14-8FDA-A9B96C68D0F0}C:\ti\game.exe" = protocol=6 | dir=in | app=c:\ti\game.exe | 
"TCP Query User{7DCD31C1-FB33-4A1A-A13C-BC6039A803B0}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe | 
"TCP Query User{80FDE594-AC7D-458D-9CAF-3338EC86E6C9}C:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe | 
"TCP Query User{831D22DD-BF82-49F9-8C95-0244FD4B471D}C:\program files (x86)\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\battlefield 2\bf2.exe | 
"TCP Query User{85EBB3B6-0A69-43C1-A852-A4604ED0ABE2}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe | 
"TCP Query User{874D29EA-B2AF-4648-9424-2B06E09E8A5C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{8DAD0460-5BCE-4C38-AFBF-C1D249307A18}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{986CBBF3-9533-459C-B514-87BE21693C13}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"TCP Query User{A0BFB125-7C3F-4B85-82C1-6F886AD6A7ED}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{A8175184-3AD6-44BA-BF83-1382E0DE354A}C:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=6 | dir=in | app=c:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe | 
"TCP Query User{AB200B5D-CA30-496B-BF41-5DE2C7E75515}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{B4A9A4A2-4808-43FC-81B3-D1744525CD37}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | 
"TCP Query User{B63A236F-C12F-4164-BDAF-67777E2CBE91}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{BC7B28FF-A136-4738-A7C2-52CB79FEACCB}C:\program files (x86)\anno 1602 - gold edition\1602.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | 
"TCP Query User{C23EB4B3-49AC-4533-BC0B-86D6EE084243}C:\program files\miranda x64\miranda64.exe" = protocol=6 | dir=in | app=c:\program files\miranda x64\miranda64.exe | 
"TCP Query User{C4845111-1712-4882-AE03-B429F59BBC3B}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{CADDC25C-F135-407E-AABE-AF6E39F7ED1F}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{D7459CD1-D089-4BD8-97C7-F09798E190CA}C:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | 
"TCP Query User{E2E31DD6-6B2D-4FC2-A50F-C092922FE3F8}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{E3750BC6-993A-4FAA-9B0A-46059EA94F66}C:\lan\bf2_ulf\bf2.exe" = protocol=6 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | 
"TCP Query User{E93E1576-75B6-4722-BE94-50D34142A729}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{EB02FAA6-57BB-4228-BF02-16520586385D}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 
"TCP Query User{EFB6674F-978A-4D84-8940-53EC5B797C92}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{F1B1FC13-B8F9-4AB4-8C9F-D85C044CDDAD}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe | 
"TCP Query User{FCB2551F-8116-472D-A86B-B604442BA48C}C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=6 | dir=in | app=c:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe | 
"UDP Query User{01880564-2BFE-471C-A7D0-85D33586E7B2}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{02A745F4-C99C-4705-9366-197909B049A0}C:\program files\miranda x64\miranda64.exe" = protocol=17 | dir=in | app=c:\program files\miranda x64\miranda64.exe | 
"UDP Query User{10A0D758-4A87-4590-9C41-499E84070EB8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{1773D523-4F8D-4635-A9DF-67EF31BBFD81}C:\program files (x86)\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\battlefield 2\bf2.exe | 
"UDP Query User{1A19203F-B352-4F93-BF0B-C61289B13293}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{1E466306-9D64-47C2-824D-011CA77413A8}C:\lan\bf2_ulf\bf2.exe" = protocol=17 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | 
"UDP Query User{2D4E0653-377C-486D-BBCC-967A5E7DB958}C:\ti\game.exe" = protocol=17 | dir=in | app=c:\ti\game.exe | 
"UDP Query User{325FE92E-BA01-4139-B889-0781CA19ED9D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{3461833D-B6D8-409E-A215-14C20C6829B4}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{37E1D480-90D6-4CBE-8BBB-81FC40B91061}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe | 
"UDP Query User{3B02417F-23CD-4675-B269-3FBB3374AA14}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe | 
"UDP Query User{3E78C60C-E919-4472-AAB0-01E9499D5823}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{3E929647-C271-44B2-9C9B-5B8515874F1A}C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=17 | dir=in | app=c:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe | 
"UDP Query User{452319E5-C7E5-434F-9020-D4BAB78EF7DD}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{4694E673-6825-434D-AA1E-A742F88789ED}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{56C854B0-F400-43EF-AEFB-A3F156AEA026}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe | 
"UDP Query User{5C21011F-3132-4C8A-A8BF-70B05D26F7A8}C:\program files (x86)\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flatout2\flatout2.exe | 
"UDP Query User{5F9119DA-3CD5-428A-9C20-16EF74547365}C:\users\zellerli\downloads\starcraft_2_beta_dede.exe" = protocol=17 | dir=in | app=c:\users\zellerli\downloads\starcraft_2_beta_dede.exe | 
"UDP Query User{64CE4C92-690C-44A0-9BA8-36600AB6950A}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{65F4B86D-CBBD-4C90-852D-89D88374641D}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{6D7BDDB4-C8F0-4596-9273-7B026E259BEE}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
"UDP Query User{79506361-521B-4533-8989-F242572E81B7}C:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | 
"UDP Query User{79789828-B014-4225-B5F7-921F6BDDA1F8}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{7D9AA12C-958D-422D-A506-A1B748DE537E}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{7E850182-C807-41D1-926A-DCCC76FAA52F}C:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | 
"UDP Query User{84785378-6D96-43EF-A346-B7664BBEF9C8}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{8C26E52F-5223-4444-9ADB-DFB3E63C3EE5}C:\users\zellerli\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{8CB60C07-8B7A-483B-9B4A-8153884488DD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{8EB2D814-3C48-4267-88C2-7B4D7842EEBE}C:\setups\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\setups\starcraft_2_eu_de-de.exe | 
"UDP Query User{8FDFF509-B8AC-4EC8-8559-229A0F490618}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe | 
"UDP Query User{90917955-49DB-4AE7-89FF-D5C555419851}C:\lan\bf2_ulf\bf2.exe" = protocol=17 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | 
"UDP Query User{9DA7D87C-22BE-4F8C-913B-7FC1C1358677}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{9E9C2F35-1349-47D2-B995-99A21B19C578}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 
"UDP Query User{A4545ED6-888B-44C4-AEE1-A2CC7BD5C168}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{A8647FD7-C7D1-4054-A467-D1B7C723EB58}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"UDP Query User{A97A262C-BB96-4F9A-A503-AE6D65B73A16}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{ACF4FD19-F8CC-49FC-B64A-1CAA153ACCBB}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{ADBCC90C-0781-4BD3-AE3C-28B5600E8E18}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{AF5329F6-B7CF-43B7-84E1-9880EAC13A82}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe | 
"UDP Query User{BCCC0B21-7F8A-4420-B205-CFA3524896FA}C:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe | 
"UDP Query User{C90870D2-CAD3-44CF-9F28-958898F5EF7F}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | 
"UDP Query User{CC147F0B-E4FF-4A3B-8EE4-67CDE1D45847}C:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"UDP Query User{CE9E29AC-534A-4802-89D7-84B1684BAF45}C:\program files\miranda x64\miranda64.exe" = protocol=17 | dir=in | app=c:\program files\miranda x64\miranda64.exe | 
"UDP Query User{D4F81D01-9067-4A4D-940E-55211A206DA6}C:\program files (x86)\anno 1602 - gold edition\1602.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | 
"UDP Query User{D63233AB-9EE7-4E76-91BA-C8AAAC73EC15}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{D7E9974E-8D54-46B3-9EBE-B4F30341FE4D}C:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe | 
"UDP Query User{DAB25831-4FA9-4383-9A60-2BCF4BD94CA7}C:\xamppdaten\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xamppdaten\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{E2DB5A7D-D45A-4FAD-89E6-C539FD93C07E}C:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe | 
"UDP Query User{EA8147E3-B4FC-4C57-A43D-ED920CC22367}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{F4398DDB-F07E-4D39-897B-9ABA7E10BE72}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe | 
"UDP Query User{F6E1C33E-E4F4-486B-8014-952DCCE3D400}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | 
"UDP Query User{FAEF00E0-4197-46AC-8BEE-ED136E4C1F41}C:\program files (x86)\ea games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command and conquer generals\game.dat | 
"UDP Query User{FE789878-EA1C-4049-BEDC-8AC92CA9B2C1}C:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=17 | dir=in | app=c:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C8281B8-D579-414B-AA10-186542582A3B}" = 64-bit MathLink Libraries (6.0.3.1048069)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{78BFF077-C4A2-4715-8321-651585432C79}" = Oracle VM VirtualBox 3.2.0
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A5D44F9D-C159-4C1E-AD21-A4D85B31AB46}" = Corel Graphics - Windows Shell Extension 64 Bit
"{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1" = PDF-XChange Lite 4
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"sp6" = Logitech SetPoint 6.22
"STATNOVAPDF_is1" = STATNOVAPDF (novaPDF 6.1  printer)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0DE35ACF-BDF7-41D3-B45E-4BD26A7F807B}" = STATISTICA 9.1a (DE)
"{103B6835-DCA0-413F-A99E-ECAD6622726E}" = Aliens versus Predator 2: Primal Hunt
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{142DA0F4-8569-4D64-B374-0B65D8F4C9CE}" = Wolfram Notebook Indexer 2.0
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C3147A7-4810-45FC-AD89-064D8023A514}" = SEPA Account Converter
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C2A073C-4352-4D64-9928-91EAD643CF0C}" = Wolfram Mathematica 6
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0408.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F928B83-3D8E-402B-8480-5C5C3BCE8040}" = OKI B410 Druckermenü-Einrichtungstool
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96700F76-C4C8-4D76-9A1C-0065F8CF36BA}" = Origin86
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{9FE15B75-8AD9-4A6F-A57A-7E7C03C4CBEB}" = StarOffice 8
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.07.07
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B364DC2A-9783-4737-B795-D6F0562A41C5}" = calibre
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}" = Cisco AnyConnect VPN Client
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D51BAC38-15D6-462B-9EFB-B330959F0839}" = Origin86
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E327C2A5-E236-44C4-A410-B899403A49A9}" = B400 Series PCL Driver from OKI® Printing Solutions for Windows 
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ACE LoL Client" = League of Legends - ACE Client by Matricus
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"Ahnenblatt_is1" = Ahnenblatt 2.64
"ANNO 1602 - Gold Edition" = ANNO 1602 - Gold Edition
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Company of Heroes" = Company of Heroes
"EA Download Manager" = EA Download Manager
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.50
"FileZilla Client" = FileZilla Client 3.2.7.1
"Gothic II" = Gothic II
"GPU Caps Viewer_is1" = GPU Caps Viewer v1.4.2
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{3C2A073C-4352-4D64-9928-91EAD643CF0C}" = Wolfram Mathematica 6
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0408.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JAP" = JAP
"JDownloader" = JDownloader
"League of Legends_is1" = League of Legends
"MiKTeX 2.8" = MiKTeX 2.8
"Miranda IM" = Miranda IM 0.9.10
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"pdfsam" = pdfsam
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SmartToolsFalz & Lochmarken-Assistentv6.50" = SmartTools Publishing • Word Falz & Lochmarken-Assistent
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 22600" = Worms Reloaded
"Steam App 2760" = Neverwinter Nights 2: Platinum
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 57900" = Duke Nukem Forever
"Stellarium_is1" = Stellarium 0.10.6.1
"Sweet Home 3D_is1" = Sweet Home 3D version 3.3
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TI-Nspire CAS Student Software" = TI-Nspire CAS Student Software
"TI-Nspire Student Software" = TI-Nspire Student Software
"TripleAVersion1_2_5_5" = TripleA Version 1_2_5_5
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR Archivierer
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GeoGebra 4" = GeoGebra 4
"Hades webstart" = Hades webstart
"Inkscape" = Inkscape 0.48.2
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.11.2011 16:04:21 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.11.2011 16:05:23 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 02:17:05 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 02:18:08 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 03:42:20 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 03:43:37 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 03:56:57 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 03:57:21 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 05:34:39 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 05:46:41 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
[ Cisco AnyConnect VPN Client Events ]
Error - 21.11.2012 14:29:44 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 03:06:19 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 06:09:34 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 09:21:48 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 10:52:52 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 13:40:30 | Computer Name = LAEMMERSPIEL | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 13:48:27 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 13:50:44 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 22.11.2012 13:50:44 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 23.11.2012 06:08:07 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ System Events ]
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = DCOM | ID = 10005
Description = 
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:53 | Computer Name = Laemmerspiel | Source = DCOM | ID = 10005
Description = 
 
Error - 23.11.2012 06:10:52 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:53 | Computer Name = Laemmerspiel | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von zellerli (23.11.2012 um 12:43 Uhr)

Alt 23.11.2012, 21:54   #2
t'john
/// Helfer-Team
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
O4 - Startup: C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) 
[2012.11.22 18:38:24 | 000,000,788 | ---- | M] () -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:F35A93AD 
[2012.11.22 18:38:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe 
[2012.11.22 18:38:21 | 000,161,280 | ---- | C] (Un4seen Developments) -- C:\Users\Zellerli\wgsdgsdgdsgsd.exe 
[2012.11.22 18:38:23 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad 

:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Zellerli\*.tmp
C:\Users\Zellerli\AppData\Local\Temp\*.exe
C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 24.11.2012, 00:37   #3
zellerli
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Danke für deine Hilfe t'john!


EDIT: Der nachfolgende Text entspricht nicht dem neuesten Stand. Hat beim zweiten Anlauf geklappt. Weitere Logs werden nun generiert (weiß nicht wie lange das dauert, daher dieser Edit, da sonst die Frist abläuft).


[HINFÄLLIG]

Beim Durchlaufen der fix ist folgendes passiert:
Zuerst kam: "Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet, Speichern Sie jetzt Ihre Daten." (gelbes Symbol), habe dort OK geklickt in der Annahme es handelt sich um den angekündigten Neustart.
Dann kam noch ein Fehler mit rotem Symbol, relativ kurz mit iexplorer.exe und Speicheradressen.
Nach der Minute ist der Rechner dann auch neugestartet (dies hat ab dem Windows-Start sehr lange gedauert, meine Maus ging dabei auch ca. 1 Minute nicht).

Es erschien dieses Log-File (habe es hoffentlich Zeichengenau abgetippt, wenn du es kopiersicher brauchst, sag bescheid!):
Zitat:
Files\Folders moved on Reboot...
C:\User\Zellerli\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Zellerli\AppData\Local\Temp\Plan Auftritte.doc not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Was nun? Nochmal versuchen? Abgesichert versuchen?
Ich befinde mich nicht im abgesicherten Modus. Der Trojaner bleibt still, wenn das Internet weg ist, weshalb ich alles ausführen kann.

[/HINFÄLLIG]
__________________

Geändert von zellerli (24.11.2012 um 00:46 Uhr)

Alt 24.11.2012, 06:04   #4
t'john
/// Helfer-Team
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Hast du den Fix richtig reinkopiert?

Versuche es im abgesicherten Modus nochmal.
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.11.2012, 11:15   #5
zellerli
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Dann erstmal Historie:
Als ich gestern den Rechner ohne LAN einschaltete, konnte ich normal ins Windows. Das war nach dem hochgeladenen OLT-Log. Ich habe in diesem Zustand Antivir durchlaufen lassen, weil es wieder ging. Im Nachhinein denke ich mir, dass das ein Fehler gewesen sein könnte und entschuldige mich dafür. Wird nicht wieder vorkommen.
Der Vollständigkeit halber: Antivir hat jedenfalls folgendes zwei Files in die Quarantäne:
Code:
ATTFilter
Die Datei 'C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\341b2629-4a0b7a51'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Inject.AX' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '552f5eb5.qua' verschoben!
Die Datei 'C:\Users\Zellerli\AppData\Local\vltdi.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Winwebsec.aziouq' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c7b714a.qua' verschoben!
         
Dann habe ich deinen ersten Beitrag gesehen und befolgt.
Das erste mal OLT-Fix wurde abgebrochen (siehe Beitrag). Ich bin mir sehr sicher, dass ich das Skript richtig reinkopiert habe. Ich habe mir dann gedacht, dass das schlimmste, was beim nochmaligen Versuch passieren kann ist, dass irgend eine (aber dokumnetierte) Datei flöten geht und habe es nochmal versuch.
Es hat (laut OLT) geklappt.
OLTFix-Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
File move failed. C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk scheduled to be moved on reboot.
File C:\ProgramData\lsass.exe not found.
File C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
Unable to delete ADS C:\ProgramData\Temp:F35A93AD .
File C:\ProgramData\lsass.exe not found.
File C:\Users\Zellerli\wgsdgsdgdsgsd.exe not found.
File C:\ProgramData\dsgsdgdsgdsgw.pad not found.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Zellerli\*.tmp not found.
File\Folder C:\Users\Zellerli\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Zellerli\Desktop\cmd.bat deleted successfully.
C:\Users\Zellerli\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Zellerli
->Temp folder emptied: 398377 bytes
->Temporary Internet Files folder emptied: 188083652 bytes
->FireFox cache emptied: 60466359 bytes
->Flash cache emptied: 193439 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 580643774 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 11516276 bytes
 
Total Files Cleaned = 802,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11242012_004213

Files\Folders moved on Reboot...
File\Folder C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found!
C:\Users\Zellerli\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Zellerli\AppData\Local\Temp\Plan Auftritte.doc   not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Ich hab dann über Nacht den vollen Malware-Scan gemacht (aktuellste Version per kurzem LAN-Kabel-Einsatz):
Malwarebytes-Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.23.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zellerli :: LAEMMERSPIEL [Administrator]

24.11.2012 00:49:45
mbam-log-2012-11-24 (00-49-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 562097
Laufzeit: 1 Stunde(n), 57 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und der Vollständigkeit halber noch AdwCleaner (da kannte ich deinen neuen Beitrag schon) Log:
Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 24/11/2012 um 10:19:51 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Zellerli - LAEMMERSPIEL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Zellerli\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Ask

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Zellerli\AppData\Roaming\Mozilla\Firefox\Profiles\u08xwy80.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1036 octets] - [24/11/2012 10:19:51]

########## EOF - C:\AdwCleaner[S1].txt - [1096 octets] ##########
         
Dann habe ich deinen zweiten Beitrag gelesen und bin in den abgesicherten Modus. Dort nochmal das OLG-Fix ausgeführt (ich denke mir, dass es im schlimmsten Fall nochmal das gleiche ausführt, aber im besten Fall dabei ein paar mehr Dateien mitnimmt). Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
File move failed. C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk scheduled to be moved on reboot.
File C:\ProgramData\lsass.exe not found.
File C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
Unable to delete ADS C:\ProgramData\Temp:F35A93AD .
File C:\ProgramData\lsass.exe not found.
File C:\Users\Zellerli\wgsdgsdgdsgsd.exe not found.
File C:\ProgramData\dsgsdgdsgdsgw.pad not found.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Zellerli\*.tmp not found.
File\Folder C:\Users\Zellerli\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Zellerli\Desktop\cmd.bat deleted successfully.
C:\Users\Zellerli\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Zellerli
->Temp folder emptied: 399731 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11242012_104118
         
Und gerade läuft ein voller Malware-Scan im abgesicherten Modus (auch hier denke ich mir, dass es im schlimmsten Fall wieder nichts findet, aber im besten Fall mehr findet). Ich arbeite nun die ganze Kette nochmal abgesichert ab.

Ich hoffe dass die einzelnen Prozesse sich nicht gegenseitig behindert haben und meine Annahmen stimmen.

Danke dir nochmals für deine Hilfe!

Weitere Instruktionen?

Nachtrag:
Hier noch das Log von Malwarebytes im abgesicherten Modus (dort habe ich ein Laufwerk mehr gehabt als im nicht-abgesicherten, denke das ist von der Virtual Machine):
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.23.09

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Zellerli :: LAEMMERSPIEL [Administrator]

24.11.2012 10:55:13
mbam-log-2012-11-24 (10-55-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 561222
Laufzeit: 1 Stunde(n), 18 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und AdwareCleaner im abgesicherten Modus:
Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 24/11/2012 um 12:28:20 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Zellerli - LAEMMERSPIEL
# Bootmodus : Abgesicherter Modus
# Ausgeführt unter : C:\Users\Zellerli\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Zellerli\AppData\Roaming\Mozilla\Firefox\Profiles\u08xwy80.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1163 octets] - [24/11/2012 10:19:51]
AdwCleaner[S2].txt - [834 octets] - [24/11/2012 12:28:20]

########## EOF - C:\AdwCleaner[S2].txt - [893 octets] ##########
         
Jetzt ist also seit dem ersten OLT-Scan gelaufen:

Antivir (nochmal Sorry)

Nicht-abgesichert:
OLT-Fix gescheitert
OLT-Fix funktioniert
Malwarebytes (up to date) funktioniert
Adware funktioniert

Abgesichert:
OLT-Fix funktioniert
Malwarebytes (up to date) funktioniert
Adware funktioniert


Alt 24.11.2012, 21:42   #6
t'john
/// Helfer-Team
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Gut, Rechner normal starten

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> Ukash Bundespolizei Infektion - Logs anbei

Alt 25.11.2012, 02:32   #7
zellerli
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Das kam dabei raus:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.11.2012 02:13:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zellerli\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 81,31% Memory free
15,99 Gb Paging File | 14,30 Gb Available in Paging File | 89,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,54 Gb Total Space | 136,33 Gb Free Space | 14,79% Space Free | Partition Type: NTFS
 
Computer Name: LAEMMERSPIEL | User Name: Zellerli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zellerli\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\xamppDaten\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\xamppDaten\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe (Razer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Zellerli\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Zellerli\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
MOD - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (MySQL) -- C:\xamppDaten\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xamppDaten\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 81 8B 16 AC 86 CD 01  [binary data]
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{606ADCDA-32A4-4BC9-AB42-CEA943C2C9F0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3993BC9E-58B3-43CA-8C8E-ED25C2215BBF&apn_sauid=9BF59E63-0C7C-41C0-8F22-F2870D58D302
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.19 10:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 17:46:48 | 000,000,000 | ---D | M]
 
[2012.11.19 10:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zellerli\AppData\Roaming\mozilla\Extensions
[2012.11.19 10:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000..\Run: [Spotify Web Helper] C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51035B1-B4D9-4B2B-A388-C30EB39FD8AC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell - "" = AutoRun
O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.24 00:20:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.23 23:58:18 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Malwarebytes
[2012.11.23 23:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.23 23:57:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.23 23:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.23 23:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.23 11:12:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe
[2012.11.19 10:46:44 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Mozilla
[2012.11.16 03:38:05 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.16 03:38:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.16 03:33:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.16 03:30:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.16 03:30:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.16 03:30:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.16 03:30:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.16 03:30:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.16 03:30:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.16 03:30:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.16 03:30:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.16 03:30:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.16 03:30:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.16 03:30:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.16 03:30:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.16 03:30:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 03:30:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.16 03:30:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.16 03:27:15 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.16 03:27:14 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.16 03:27:14 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.16 03:27:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.15 09:19:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.15 09:19:47 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.15 09:19:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.15 09:19:43 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2012.11.15 09:19:42 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2012.11.15 09:19:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2012.11.15 09:19:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2012.11.15 09:19:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2012.11.15 09:19:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2012.11.15 09:19:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2012.11.15 09:19:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2012.11.15 09:19:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2012.11.15 09:19:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2012.11.15 09:19:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2012.11.15 09:19:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2012.11.15 09:19:39 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.15 09:19:39 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.15 09:19:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.15 09:19:39 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.15 09:19:24 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.15 09:19:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.10.27 19:50:23 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\xm1
[2012.10.27 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab
[2012.10.27 19:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin86Sr0SetupFiles
[2012.10.27 19:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.10.27 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.10.27 19:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker
[2012.10.27 17:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.06.04 10:31:59 | 001,663,664 | ---- | C] (Blizzard Entertainment) -- C:\Users\Zellerli\InstallWoW.exe
[1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.25 02:18:19 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.25 02:17:07 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 02:17:07 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 02:13:08 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.25 02:09:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.25 02:09:30 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.23 10:56:40 | 000,543,531 | ---- | M] () -- C:\Users\Zellerli\Desktop\adwcleaner.exe
[2012.11.23 10:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe
[2012.11.20 02:39:46 | 001,796,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 02:39:46 | 000,770,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 02:39:46 | 000,712,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 02:39:46 | 000,173,294 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 02:39:46 | 000,141,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 10:46:41 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 17:45:29 | 000,080,936 | ---- | M] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf
[2012.11.16 10:04:23 | 000,605,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.27 19:04:25 | 000,000,999 | ---- | M] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk
[1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.24 10:19:29 | 000,543,531 | ---- | C] () -- C:\Users\Zellerli\Desktop\adwcleaner.exe
[2012.11.19 10:46:41 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.19 10:46:41 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 17:45:29 | 000,080,936 | ---- | C] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf
[2012.11.16 03:38:09 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 03:27:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.10.27 19:04:25 | 000,000,999 | ---- | C] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk
[2012.05.12 16:30:50 | 000,001,984 | ---- | C] () -- C:\Users\Zellerli\.recently-used.xbel
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.03 16:03:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.04.01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.04.01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.04.01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.03.07 23:51:00 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16_zurCore.rar
[2011.03.07 23:50:41 | 000,176,962 | ---- | C] () -- C:\Users\Zellerli\Ravenshield_core_160.rar
[2011.03.07 23:49:57 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16.rar
[2011.03.07 23:45:24 | 000,640,707 | ---- | C] () -- C:\Users\Zellerli\jmt-MiniRS3.rar
[2011.03.07 23:44:16 | 000,454,809 | ---- | C] () -- C:\Users\Zellerli\RS-mi_SuperK.rar
[2010.12.06 00:22:02 | 000,007,608 | ---- | C] () -- C:\Users\Zellerli\AppData\Local\Resmon.ResmonCfg
[2010.10.18 14:15:29 | 000,000,035 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\Opusbext.dat
[2010.10.06 23:52:54 | 003,121,971 | ---- | C] () -- C:\Users\Zellerli\17_gesamt_003_087_klein.pdf
[2010.07.24 16:14:08 | 000,001,155 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\SAS7_000.DAT
[2010.05.13 18:28:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.26 21:41:51 | 001,024,270 | ---- | C] () -- C:\Users\Zellerli\strahlungsfelder_11.pdf
[2010.04.19 19:18:55 | 002,699,555 | ---- | C] () -- C:\Users\Zellerli\theo-vorbereitung.zip
[2010.04.15 23:12:24 | 203,279,596 | ---- | C] () -- C:\Users\Zellerli\Queen.rar
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.03.11 21:42:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\.minecraft
[2011.04.25 20:27:51 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ahnenblatt
[2012.10.20 00:52:56 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Audacity
[2012.07.21 12:58:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\calibre
[2010.11.06 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DAEMON Tools Lite
[2010.05.19 19:56:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DeepBurner
[2012.10.24 09:51:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Dropbox
[2011.04.28 09:54:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\FileZilla
[2011.01.14 14:15:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Foxit Software
[2012.05.12 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\gtk-2.0
[2012.02.27 00:05:27 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\inkscape
[2012.03.21 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Itwye
[2011.03.22 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\JonDo
[2011.05.21 23:08:48 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Leadertech
[2010.09.01 21:23:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient
[2012.06.17 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient2
[2011.08.17 23:27:22 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Mael
[2010.10.02 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Miranda
[2011.11.12 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Red Alert 3
[2011.12.10 11:43:43 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\SmartTools
[2012.09.15 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Spotify
[2012.11.22 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StarOffice8
[2011.03.07 23:39:00 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StatSoft
[2010.12.22 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Stellarium
[2011.07.26 11:44:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Texas Instruments
[2011.07.26 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\TI-Nspire
[2012.01.23 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ubisoft
[2011.09.29 16:59:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\uTorrent
[2011.08.29 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\wargaming.net
[2012.10.27 19:50:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\xm1
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 25.11.2012, 08:46   #8
t'john
/// Helfer-Team
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:
ATTFilter
:OTL
MOD - C:\Users\Zellerli\AppData\Local\Temp\sfamcc00001.dll () 
MOD - C:\Users\Zellerli\AppData\Local\Temp\sfareca00001.dll () 
 
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Zellerli\*.tmp
C:\Users\Zellerli\AppData\Local\Temp\*.exe
C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
TDSSKiller von Kaspersky
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.
Hier findest Du eine ausführlichere TDSSKiller Anleitung.
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.11.2012, 15:51   #9
zellerli
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Der OLT-Fix hat beim Scan wieder den kritischen Fehler generiert (System startet in 1min neu), aber war lange vor dem Zwangsneustart fertig. Das Log sah auch so "fertig" aus wie die obigen, korrekt gelaufenen Fixes:
Code:
ATTFilter
All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Zellerli\*.tmp not found.
File\Folder C:\Users\Zellerli\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Zellerli\Desktop\cmd.bat deleted successfully.
C:\Users\Zellerli\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Zellerli
->Temp folder emptied: 569859 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11252012_151821

Files\Folders moved on Reboot...
C:\Users\Zellerli\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Zellerli\AppData\Local\Temp\Plan Auftritte.doc   not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Ich habe deshalb weiter gemacht.

Malwarebytes Anti-Rootkit hat mir gratuliert und nichts gefunden:
Code:
ATTFilter
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zellerli :: LAEMMERSPIEL [administrator]

25.11.2012 15:36:58
mbar-log-2012-11-25 (15-36-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27805
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Und Kaspersky läuft seit 15min im Kreis:
Ich drücke Scan, es scannt und findet eine verdächtige, verschlüsselte Datei mit mittlerem Risiko. Die C:\Windows\system32\Drivers\sptd.sys
Ich wähle "copy to quarantine" und drücke "continue".
Es erscheint der Bericht (1474 objects, 1 threat, 1 quarantined) und wieder der Startbildschirm mit dem Button "Start scan" und "close".
Scanne ich wieder, findet er wieder diese Datei (obwohl sie doch in Quarantäne ist... ?).
Drücke ich "close", kommt keinerlei weitere Aufforderung (z.B. zum Neustart). Auch nach einem manuellen Neustart, geht dieser Kreislauf weiter (wieder der gleiche Fund).

edit: Habe diesmal "delete" gewählt und er will neu starten. Nach dem Neustart ist die File weg und der Scan ist ganz clean.

Log-Files gibt es dazu mehrere. Das hier ist das erste (wo ich nur quarantäniert habe), brauchst du andere Logs, sag bescheid!:
Code:
ATTFilter
15:38:39.0792 5396  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:38:39.0807 5396  ============================================================
15:38:39.0807 5396  Current date / time: 2012/11/25 15:38:39.0807
15:38:39.0807 5396  SystemInfo:
15:38:39.0807 5396  
15:38:39.0807 5396  OS Version: 6.1.7601 ServicePack: 1.0
15:38:39.0807 5396  Product type: Workstation
15:38:39.0807 5396  ComputerName: LAEMMERSPIEL
15:38:39.0807 5396  UserName: Zellerli
15:38:39.0807 5396  Windows directory: C:\Windows
15:38:39.0807 5396  System windows directory: C:\Windows
15:38:39.0807 5396  Running under WOW64
15:38:39.0807 5396  Processor architecture: Intel x64
15:38:39.0807 5396  Number of processors: 4
15:38:39.0807 5396  Page size: 0x1000
15:38:39.0807 5396  Boot type: Normal boot
15:38:39.0807 5396  ============================================================
15:38:40.0728 5396  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:38:40.0728 5396  Drive \Device\Harddisk1\DR1 - Size: 0x74000000 (1.81 Gb), SectorSize: 0x200, Cylinders: 0xEC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:38:40.0759 5396  ============================================================
15:38:40.0759 5396  \Device\Harddisk0\DR0:
15:38:40.0759 5396  MBR partitions:
15:38:40.0759 5396  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:38:40.0759 5396  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73313AB0
15:38:40.0790 5396  \Device\Harddisk1\DR1:
15:38:40.0790 5396  MBR partitions:
15:38:40.0790 5396  ============================================================
15:38:40.0853 5396  C: <-> \Device\Harddisk0\DR0\Partition2
15:38:40.0853 5396  ============================================================
15:38:40.0853 5396  Initialize success
15:38:40.0853 5396  ============================================================
15:38:51.0289 5012  ============================================================
15:38:51.0289 5012  Scan started
15:38:51.0289 5012  Mode: Manual; 
15:38:51.0289 5012  ============================================================
15:38:51.0695 5012  ================ Scan system memory ========================
15:38:51.0695 5012  System memory - ok
15:38:51.0695 5012  ================ Scan services =============================
15:38:51.0897 5012  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:38:51.0897 5012  1394ohci - ok
15:38:51.0960 5012  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:38:51.0960 5012  ACPI - ok
15:38:52.0022 5012  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:38:52.0022 5012  AcpiPmi - ok
15:38:52.0241 5012  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:38:52.0241 5012  AdobeARMservice - ok
15:38:52.0303 5012  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:38:52.0303 5012  adp94xx - ok

...
[Skript gekürzt wegen Zeichenüberschreitung: Hier standen diverse Files aus dem Ordner, alle mit "ok" - brauchst du das volle Skript, werde ich es als Anhang hochladen!]
...

15:39:08.0121 5012  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:39:08.0137 5012  Spooler - ok
15:39:08.0324 5012  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:39:08.0355 5012  sppsvc - ok
15:39:08.0387 5012  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:39:08.0387 5012  sppuinotify - ok
15:39:08.0418 5012  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
15:39:08.0418 5012  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
15:39:08.0418 5012  sptd ( LockedFile.Multi.Generic ) - warning
15:39:08.0418 5012  sptd - detected LockedFile.Multi.Generic (1)
15:39:08.0511 5012  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:39:08.0511 5012  srv - ok
15:39:08.0699 5012  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:39:08.0699 5012  srv2 - ok
15:39:08.0714 5012  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:39:08.0714 5012  srvnet - ok
15:39:08.0761 5012  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:39:08.0761 5012  SSDPSRV - ok
15:39:08.0761 5012  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:39:08.0761 5012  SstpSvc - ok
15:39:08.0823 5012  Steam Client Service - ok
15:39:08.0855 5012  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:39:08.0855 5012  stexstor - ok
15:39:09.0011 5012  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:39:09.0011 5012  stisvc - ok
15:39:09.0073 5012  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:39:09.0073 5012  storflt - ok
15:39:09.0120 5012  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
15:39:09.0120 5012  StorSvc - ok
15:39:09.0213 5012  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:39:09.0213 5012  storvsc - ok
15:39:09.0276 5012  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:39:09.0276 5012  swenum - ok
15:39:09.0323 5012  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:39:09.0323 5012  swprv - ok
15:39:09.0416 5012  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:39:09.0432 5012  SysMain - ok
15:39:09.0525 5012  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:39:09.0525 5012  TabletInputService - ok
15:39:09.0635 5012  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:39:09.0635 5012  TapiSrv - ok
15:39:09.0681 5012  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:39:09.0681 5012  TBS - ok
15:39:09.0900 5012  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:39:09.0931 5012  Tcpip - ok
15:39:10.0025 5012  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:39:10.0040 5012  TCPIP6 - ok
15:39:10.0118 5012  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:39:10.0118 5012  tcpipreg - ok
15:39:10.0165 5012  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:39:10.0165 5012  TDPIPE - ok
15:39:10.0368 5012  [ 1226A953D4FDBDFD570DA5CEE66EAA55 ] TDslMgrService  C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe
15:39:10.0493 5012  TDslMgrService - ok
15:39:10.0555 5012  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:39:10.0555 5012  TDTCP - ok
15:39:10.0664 5012  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:39:10.0664 5012  tdx - ok
15:39:10.0680 5012  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:39:10.0680 5012  TermDD - ok
15:39:10.0836 5012  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:39:10.0836 5012  TermService - ok
15:39:10.0851 5012  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:39:10.0867 5012  Themes - ok
15:39:10.0883 5012  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:39:10.0883 5012  THREADORDER - ok
15:39:10.0898 5012  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:39:10.0914 5012  TrkWks - ok
15:39:11.0007 5012  [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
15:39:11.0007 5012  truecrypt - ok
15:39:11.0101 5012  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:39:11.0101 5012  TrustedInstaller - ok
15:39:11.0163 5012  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:39:11.0163 5012  tssecsrv - ok
15:39:11.0241 5012  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:39:11.0241 5012  TsUsbFlt - ok
15:39:11.0304 5012  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:39:11.0304 5012  tunnel - ok
15:39:11.0319 5012  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:39:11.0319 5012  uagp35 - ok
15:39:11.0382 5012  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:39:11.0382 5012  udfs - ok
15:39:11.0413 5012  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:39:11.0413 5012  UI0Detect - ok
15:39:11.0444 5012  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:39:11.0444 5012  uliagpkx - ok
15:39:11.0507 5012  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
15:39:11.0507 5012  umbus - ok
15:39:11.0538 5012  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:39:11.0538 5012  UmPass - ok
15:39:11.0600 5012  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
15:39:11.0616 5012  UmRdpService - ok
15:39:11.0694 5012  [ 8B802B483CBDE06F62DBC04DC7AFAF8E ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:39:11.0694 5012  UMVPFSrv - ok
15:39:11.0709 5012  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:39:11.0725 5012  upnphost - ok
15:39:11.0741 5012  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:39:11.0741 5012  usbaudio - ok
15:39:11.0819 5012  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:39:11.0819 5012  usbccgp - ok
15:39:11.0881 5012  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:39:11.0881 5012  usbcir - ok
15:39:11.0943 5012  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:39:11.0943 5012  usbehci - ok
15:39:12.0006 5012  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:39:12.0006 5012  usbhub - ok
15:39:12.0037 5012  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:39:12.0037 5012  usbohci - ok
15:39:12.0084 5012  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:39:12.0084 5012  usbprint - ok
15:39:12.0099 5012  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:39:12.0099 5012  USBSTOR - ok
15:39:12.0162 5012  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:39:12.0162 5012  usbuhci - ok
15:39:12.0224 5012  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
15:39:12.0224 5012  usb_rndisx - ok
15:39:12.0240 5012  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:39:12.0240 5012  UxSms - ok
15:39:12.0271 5012  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:39:12.0271 5012  VaultSvc - ok
15:39:12.0333 5012  [ 6922612DCD53E825CDEB59227E2FB8E4 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
15:39:12.0333 5012  VBoxDrv - ok
15:39:12.0380 5012  [ 560BA2FB23485907C9D46AA4AFF6888A ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
15:39:12.0380 5012  VBoxUSB - ok
15:39:12.0443 5012  [ 955C497F1DFDBC2808F2700145EA918C ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
15:39:12.0443 5012  VBoxUSBMon - ok
15:39:12.0458 5012  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:39:12.0458 5012  vdrvroot - ok
15:39:12.0521 5012  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:39:12.0536 5012  vds - ok
15:39:12.0552 5012  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:39:12.0552 5012  vga - ok
15:39:12.0567 5012  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:39:12.0567 5012  VgaSave - ok
15:39:12.0645 5012  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:39:12.0645 5012  vhdmp - ok
15:39:12.0770 5012  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:39:12.0770 5012  viaide - ok
15:39:12.0833 5012  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:39:12.0833 5012  vmbus - ok
15:39:12.0895 5012  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:39:12.0895 5012  VMBusHID - ok
15:39:12.0973 5012  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:39:12.0973 5012  volmgr - ok
15:39:13.0051 5012  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:39:13.0051 5012  volmgrx - ok
15:39:13.0067 5012  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:39:13.0067 5012  volsnap - ok
15:39:13.0223 5012  [ 4F4125C8E7FB75FED141316E0DFEBE4F ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
15:39:13.0223 5012  vpnagent - ok
15:39:13.0301 5012  [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
15:39:13.0301 5012  vpnva - ok
15:39:13.0332 5012  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:39:13.0347 5012  vsmraid - ok
15:39:13.0425 5012  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:39:13.0441 5012  VSS - ok
15:39:13.0457 5012  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:39:13.0457 5012  vwifibus - ok
15:39:13.0488 5012  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:39:13.0488 5012  W32Time - ok
15:39:13.0581 5012  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
15:39:13.0597 5012  W3SVC - ok
15:39:13.0613 5012  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:39:13.0613 5012  WacomPen - ok
15:39:13.0628 5012  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:39:13.0628 5012  WANARP - ok
15:39:13.0628 5012  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:39:13.0628 5012  Wanarpv6 - ok
15:39:13.0659 5012  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
15:39:13.0659 5012  WAS - ok
15:39:13.0737 5012  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:39:13.0753 5012  wbengine - ok
15:39:13.0769 5012  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:39:13.0769 5012  WbioSrvc - ok
15:39:13.0800 5012  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
15:39:13.0800 5012  WcesComm - ok
15:39:13.0862 5012  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:39:13.0862 5012  wcncsvc - ok
15:39:13.0878 5012  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:39:13.0878 5012  WcsPlugInService - ok
15:39:13.0893 5012  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:39:13.0893 5012  Wd - ok
15:39:13.0956 5012  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:39:13.0971 5012  Wdf01000 - ok
15:39:13.0987 5012  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:39:13.0987 5012  WdiServiceHost - ok
15:39:13.0987 5012  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:39:14.0003 5012  WdiSystemHost - ok
15:39:14.0065 5012  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:39:14.0081 5012  WebClient - ok
15:39:14.0096 5012  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:39:14.0096 5012  Wecsvc - ok
15:39:14.0112 5012  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:39:14.0112 5012  wercplsupport - ok
15:39:14.0143 5012  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:39:14.0143 5012  WerSvc - ok
15:39:14.0159 5012  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:39:14.0159 5012  WfpLwf - ok
15:39:14.0174 5012  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:39:14.0174 5012  WIMMount - ok
15:39:14.0174 5012  WinDefend - ok
15:39:14.0190 5012  WinHttpAutoProxySvc - ok
15:39:14.0237 5012  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:39:14.0237 5012  Winmgmt - ok
15:39:14.0330 5012  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:39:14.0361 5012  WinRM - ok
15:39:14.0439 5012  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:39:14.0439 5012  WinUsb - ok
15:39:14.0471 5012  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:39:14.0486 5012  Wlansvc - ok
15:39:14.0642 5012  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:39:14.0658 5012  wlidsvc - ok
15:39:14.0705 5012  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:39:14.0705 5012  WmiAcpi - ok
15:39:14.0720 5012  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:39:14.0736 5012  wmiApSrv - ok
15:39:14.0736 5012  WMPNetworkSvc - ok
15:39:14.0751 5012  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:39:14.0751 5012  WPCSvc - ok
15:39:14.0814 5012  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:39:14.0814 5012  WPDBusEnum - ok
15:39:14.0845 5012  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:39:14.0845 5012  ws2ifsl - ok
15:39:14.0861 5012  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:39:14.0861 5012  wscsvc - ok
15:39:14.0861 5012  WSearch - ok
15:39:14.0970 5012  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:39:14.0985 5012  wuauserv - ok
15:39:15.0032 5012  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:39:15.0032 5012  WudfPf - ok
15:39:15.0063 5012  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:39:15.0063 5012  WUDFRd - ok
15:39:15.0126 5012  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:39:15.0141 5012  wudfsvc - ok
15:39:15.0157 5012  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:39:15.0157 5012  WwanSvc - ok
15:39:15.0188 5012  ================ Scan global ===============================
15:39:15.0204 5012  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:39:15.0266 5012  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:39:15.0282 5012  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:39:15.0297 5012  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:39:15.0329 5012  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:39:15.0329 5012  [Global] - ok
15:39:15.0329 5012  ================ Scan MBR ==================================
15:39:15.0344 5012  [ A3095E5B8060D0D6B97E87EC1BB50C3C ] \Device\Harddisk0\DR0
15:39:15.0422 5012  \Device\Harddisk0\DR0 - ok
15:39:15.0438 5012  [ BB51795341398A02FBB2FAB12C9A32E1 ] \Device\Harddisk1\DR1
15:39:15.0500 5012  \Device\Harddisk1\DR1 - ok
15:39:15.0500 5012  ================ Scan VBR ==================================
15:39:15.0500 5012  [ 0BD4D2F48AB403B4B7C748D7AE8CA845 ] \Device\Harddisk0\DR0\Partition1
15:39:15.0500 5012  \Device\Harddisk0\DR0\Partition1 - ok
15:39:15.0500 5012  [ 8C22E1A68D07F4139D4DE3E73E63A73D ] \Device\Harddisk0\DR0\Partition2
15:39:15.0500 5012  \Device\Harddisk0\DR0\Partition2 - ok
15:39:15.0500 5012  ============================================================
15:39:15.0500 5012  Scan finished
15:39:15.0500 5012  ============================================================
15:39:15.0516 5372  Detected object count: 1
15:39:15.0516 5372  Actual detected object count: 1
15:40:02.0113 5372  C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
15:40:02.0113 5372  sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 
15:40:21.0457 5668  ============================================================
15:40:21.0457 5668  Scan started
15:40:21.0457 5668  Mode: Manual; 
15:40:21.0457 5668  ============================================================
15:40:21.0722 5668  ================ Scan system memory ========================
15:40:21.0722 5668  System memory - ok
15:40:21.0722 5668  ================ Scan services =============================
15:40:21.0910 5668  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:40:21.0910 5668  1394ohci - ok
15:40:21.0972 5668  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:40:21.0972 5668  ACPI - ok
15:40:22.0034 5668  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:40:22.0034 5668  AcpiPmi - ok
15:40:22.0206 5668  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:40:22.0206 5668  AdobeARMservice - ok
15:40:22.0237 5668  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:40:22.0253 5668  adp94xx - ok
15:40:22.0268 5668  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:40:22.0268 5668  adpahci - ok
15:40:22.0284 5668  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:40:22.0284 5668  adpu320 - ok
15:40:22.0315 5668  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:40:22.0315 5668  AeLookupSvc - ok
15:40:22.0378 5668  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:40:22.0393 5668  AFD - ok
15:40:22.0440 5668  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:40:22.0440 5668  agp440 - ok
15:40:22.0456 5668  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:40:22.0456 5668  ALG - ok
15:40:22.0487 5668  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:40:22.0487 5668  aliide - ok
15:40:22.0534 5668  [ B4143CB1DD16AE73C6177C72F33450A6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:40:22.0534 5668  AMD External Events Utility - ok
15:40:22.0549 5668  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:40:22.0549 5668  amdide - ok
15:40:22.0565 5668  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:40:22.0565 5668  AmdK8 - ok
15:40:22.0705 5668  [ D1D06810BF7E21F5763EB06CB7E7262B ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
15:40:22.0721 5668  amdkmdag - ok
15:40:22.0752 5668  [ 6BA71D6616B56816E57394D77DD1BB6F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:40:22.0752 5668  amdkmdap - ok
15:40:22.0768 5668  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:40:22.0768 5668  AmdPPM - ok
15:40:22.0830 5668  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:40:22.0830 5668  amdsata - ok
15:40:22.0846 5668  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:40:22.0846 5668  amdsbs - ok
15:40:22.0861 5668  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:40:22.0861 5668  amdxata - ok
15:40:22.0986 5668  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:40:22.0986 5668  AntiVirSchedulerService - ok
15:40:23.0064 5668  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:40:23.0064 5668  AntiVirService - ok
15:40:23.0314 5668  [ FB32F046A2578755FA0DA5052C6A9CD3 ] Apache2.2       C:\xamppDaten\xampp\apache\bin\httpd.exe
15:40:23.0314 5668  Apache2.2 - ok
15:40:23.0407 5668  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
15:40:23.0407 5668  AppHostSvc - ok
15:40:23.0454 5668  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:40:23.0454 5668  AppID - ok
15:40:23.0485 5668  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:40:23.0485 5668  AppIDSvc - ok
15:40:23.0548 5668  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:40:23.0548 5668  Appinfo - ok
15:40:23.0579 5668  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:40:23.0579 5668  AppMgmt - ok
15:40:23.0579 5668  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:40:23.0594 5668  arc - ok
15:40:23.0610 5668  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:40:23.0610 5668  arcsas - ok
15:40:23.0766 5668  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:40:23.0766 5668  aspnet_state - ok
15:40:23.0797 5668  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:23.0797 5668  AsyncMac - ok
15:40:23.0860 5668  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:40:23.0860 5668  atapi - ok
15:40:23.0891 5668  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
15:40:23.0891 5668  AtiHdmiService - ok
15:40:24.0062 5668  [ D1D06810BF7E21F5763EB06CB7E7262B ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:40:24.0078 5668  atikmdag - ok
15:40:24.0156 5668  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:40:24.0156 5668  AudioEndpointBuilder - ok
15:40:24.0172 5668  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:40:24.0172 5668  AudioSrv - ok
15:40:24.0234 5668  [ B1224E6B086CD6548315B04AB575A23E ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:40:24.0234 5668  avgntflt - ok
15:40:24.0250 5668  [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:40:24.0250 5668  avipbb - ok
15:40:24.0312 5668  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:40:24.0312 5668  AxInstSV - ok
15:40:24.0328 5668  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:40:24.0328 5668  b06bdrv - ok
15:40:24.0343 5668  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:40:24.0359 5668  b57nd60a - ok
15:40:24.0390 5668  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:40:24.0390 5668  BDESVC - ok
15:40:24.0406 5668  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:40:24.0406 5668  Beep - ok
15:40:24.0437 5668  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:40:24.0452 5668  BFE - ok
15:40:24.0499 5668  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:40:24.0499 5668  BITS - ok
15:40:24.0515 5668  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:40:24.0530 5668  blbdrive - ok
15:40:24.0593 5668  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:40:24.0593 5668  bowser - ok
15:40:24.0608 5668  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:40:24.0608 5668  BrFiltLo - ok
15:40:24.0624 5668  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:40:24.0624 5668  BrFiltUp - ok
15:40:24.0686 5668  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:40:24.0686 5668  Browser - ok
15:40:24.0702 5668  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:40:24.0702 5668  Brserid - ok
15:40:24.0718 5668  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:40:24.0718 5668  BrSerWdm - ok
15:40:24.0733 5668  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:40:24.0733 5668  BrUsbMdm - ok
15:40:24.0749 5668  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:40:24.0749 5668  BrUsbSer - ok
15:40:24.0764 5668  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:40:24.0764 5668  BTHMODEM - ok
15:40:24.0780 5668  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:40:24.0780 5668  bthserv - ok
15:40:24.0796 5668  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:40:24.0796 5668  cdfs - ok
15:40:24.0858 5668  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:40:24.0874 5668  cdrom - ok
15:40:24.0920 5668  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:40:24.0936 5668  CertPropSvc - ok
15:40:24.0936 5668  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:40:24.0936 5668  circlass - ok
15:40:24.0967 5668  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:40:24.0967 5668  CLFS - ok
15:40:25.0030 5668  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:40:25.0045 5668  clr_optimization_v2.0.50727_32 - ok
15:40:25.0076 5668  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:40:25.0076 5668  clr_optimization_v2.0.50727_64 - ok
15:40:25.0201 5668  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:40:25.0201 5668  clr_optimization_v4.0.30319_32 - ok
15:40:25.0217 5668  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:40:25.0232 5668  clr_optimization_v4.0.30319_64 - ok
15:40:25.0248 5668  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:40:25.0248 5668  CmBatt - ok
15:40:25.0264 5668  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:40:25.0264 5668  cmdide - ok
15:40:25.0326 5668  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:40:25.0326 5668  CNG - ok
15:40:25.0342 5668  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:40:25.0342 5668  Compbatt - ok
15:40:25.0357 5668  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:40:25.0357 5668  CompositeBus - ok
15:40:25.0373 5668  COMSysApp - ok
15:40:25.0388 5668  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:40:25.0388 5668  crcdisk - ok
15:40:25.0451 5668  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:40:25.0451 5668  CryptSvc - ok
15:40:25.0529 5668  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
15:40:25.0529 5668  CSC - ok
15:40:25.0607 5668  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
15:40:25.0607 5668  CscService - ok
15:40:25.0685 5668  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:40:25.0685 5668  DcomLaunch - ok
15:40:25.0716 5668  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:40:25.0716 5668  defragsvc - ok
15:40:25.0778 5668  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:40:25.0778 5668  DfsC - ok
15:40:25.0856 5668  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:40:25.0856 5668  Dhcp - ok
15:40:25.0872 5668  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:40:25.0872 5668  discache - ok
15:40:25.0872 5668  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:40:25.0872 5668  Disk - ok
15:40:25.0934 5668  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:40:25.0934 5668  Dnscache - ok
15:40:25.0997 5668  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:40:26.0012 5668  dot3svc - ok
15:40:26.0075 5668  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:40:26.0075 5668  DPS - ok
15:40:26.0106 5668  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:40:26.0106 5668  drmkaud - ok
15:40:26.0168 5668  [ D52EEB224DF107AAD9059597F0EB95CC ] DslMNLwf        C:\Windows\system32\DRIVERS\dslmnlwf.sys
15:40:26.0168 5668  DslMNLwf - ok
15:40:26.0200 5668  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:40:26.0200 5668  DXGKrnl - ok
15:40:26.0215 5668  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:40:26.0231 5668  EapHost - ok
15:40:26.0293 5668  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:40:26.0309 5668  ebdrv - ok
15:40:26.0371 5668  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:40:26.0371 5668  EFS - ok
15:40:26.0418 5668  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:40:26.0434 5668  ehRecvr - ok
15:40:26.0449 5668  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:40:26.0449 5668  ehSched - ok
15:40:26.0480 5668  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:40:26.0480 5668  elxstor - ok
15:40:26.0543 5668  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:40:26.0543 5668  ErrDev - ok
15:40:26.0605 5668  [ 84486624268E078255BC7AA47F0960BC ] etdrv           C:\Windows\etdrv.sys
15:40:26.0605 5668  etdrv - ok
15:40:26.0621 5668  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:40:26.0636 5668  EventSystem - ok
15:40:26.0636 5668  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:40:26.0652 5668  exfat - ok
15:40:26.0668 5668  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:40:26.0668 5668  fastfat - ok
15:40:26.0730 5668  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:40:26.0746 5668  Fax - ok
15:40:26.0761 5668  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:40:26.0761 5668  fdc - ok
15:40:26.0777 5668  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:40:26.0777 5668  fdPHost - ok
15:40:26.0792 5668  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:40:26.0792 5668  FDResPub - ok
15:40:26.0792 5668  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:40:26.0808 5668  FileInfo - ok
15:40:26.0808 5668  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:40:26.0808 5668  Filetrace - ok
15:40:26.0824 5668  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:40:26.0824 5668  flpydisk - ok
15:40:26.0886 5668  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:40:26.0886 5668  FltMgr - ok
15:40:26.0964 5668  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:40:26.0980 5668  FontCache - ok
15:40:27.0089 5668  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:40:27.0089 5668  FontCache3.0.0.0 - ok
15:40:27.0120 5668  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:40:27.0120 5668  FsDepends - ok
15:40:27.0167 5668  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:40:27.0167 5668  Fs_Rec - ok
15:40:27.0229 5668  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:40:27.0245 5668  fvevol - ok
15:40:27.0245 5668  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:40:27.0245 5668  gagp30kx - ok
15:40:27.0307 5668  [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv            C:\Windows\gdrv.sys
15:40:27.0307 5668  gdrv - ok
15:40:27.0385 5668  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:40:27.0385 5668  gpsvc - ok
15:40:27.0494 5668  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:40:27.0510 5668  gupdate - ok
15:40:27.0510 5668  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:40:27.0510 5668  gupdatem - ok
15:40:27.0572 5668  [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64        C:\Windows\GVTDrv64.sys
15:40:27.0572 5668  GVTDrv64 - ok
15:40:27.0588 5668  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:40:27.0588 5668  hcw85cir - ok
15:40:27.0666 5668  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:40:27.0666 5668  HdAudAddService - ok
15:40:27.0744 5668  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:40:27.0744 5668  HDAudBus - ok
15:40:27.0760 5668  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:40:27.0760 5668  HidBatt - ok
15:40:27.0775 5668  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:40:27.0775 5668  HidBth - ok
15:40:27.0791 5668  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:40:27.0806 5668  HidIr - ok
15:40:27.0838 5668  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:40:27.0838 5668  hidserv - ok
15:40:27.0900 5668  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:40:27.0900 5668  HidUsb - ok
15:40:27.0962 5668  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:40:27.0962 5668  hkmsvc - ok
15:40:28.0025 5668  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:40:28.0025 5668  HomeGroupListener - ok
15:40:28.0056 5668  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:40:28.0072 5668  HomeGroupProvider - ok
15:40:28.0103 5668  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:40:28.0103 5668  HpSAMD - ok
15:40:28.0181 5668  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:40:28.0181 5668  HTTP - ok
15:40:28.0243 5668  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:40:28.0243 5668  hwpolicy - ok
15:40:28.0306 5668  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:40:28.0306 5668  i8042prt - ok
15:40:28.0368 5668  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:40:28.0368 5668  iaStorV - ok
15:40:28.0430 5668  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:40:28.0430 5668  IDriverT - ok
15:40:28.0477 5668  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:40:28.0493 5668  idsvc - ok
15:40:28.0508 5668  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:40:28.0524 5668  iirsp - ok
15:40:28.0602 5668  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:40:28.0602 5668  IKEEXT - ok
15:40:28.0758 5668  [ A4A57A57020849117EF7B1D905F2A16A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:40:28.0774 5668  IntcAzAudAddService - ok
15:40:28.0774 5668  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:40:28.0774 5668  intelide - ok
15:40:28.0789 5668  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:40:28.0789 5668  intelppm - ok
15:40:28.0805 5668  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:40:28.0805 5668  IPBusEnum - ok
15:40:28.0852 5668  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:40:28.0852 5668  IpFilterDriver - ok
15:40:28.0914 5668  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:40:28.0914 5668  iphlpsvc - ok
15:40:28.0976 5668  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:40:28.0976 5668  IPMIDRV - ok
15:40:28.0992 5668  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:40:28.0992 5668  IPNAT - ok
15:40:28.0992 5668  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:40:28.0992 5668  IRENUM - ok
15:40:29.0054 5668  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:40:29.0054 5668  isapnp - ok
15:40:29.0117 5668  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:40:29.0117 5668  iScsiPrt - ok
15:40:29.0132 5668  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:40:29.0132 5668  kbdclass - ok
15:40:29.0210 5668  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:40:29.0210 5668  kbdhid - ok
15:40:29.0210 5668  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:40:29.0226 5668  KeyIso - ok
15:40:29.0273 5668  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:40:29.0288 5668  KSecDD - ok
15:40:29.0335 5668  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:40:29.0335 5668  KSecPkg - ok
15:40:29.0351 5668  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:40:29.0351 5668  ksthunk - ok
15:40:29.0366 5668  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:40:29.0382 5668  KtmRm - ok
15:40:29.0444 5668  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:40:29.0444 5668  LanmanServer - ok
15:40:29.0507 5668  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:40:29.0507 5668  LanmanWorkstation - ok
15:40:29.0694 5668  [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:40:29.0694 5668  LBTServ - ok
15:40:29.0756 5668  [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:40:29.0756 5668  LHidFilt - ok
15:40:29.0788 5668  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:40:29.0788 5668  lltdio - ok
15:40:29.0803 5668  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:40:29.0803 5668  lltdsvc - ok
15:40:29.0834 5668  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:40:29.0834 5668  lmhosts - ok
15:40:29.0850 5668  [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:40:29.0850 5668  LMouFilt - ok
15:40:29.0881 5668  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:40:29.0881 5668  LSI_FC - ok
15:40:29.0897 5668  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:40:29.0897 5668  LSI_SAS - ok
15:40:29.0912 5668  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:40:29.0912 5668  LSI_SAS2 - ok
15:40:29.0928 5668  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:40:29.0928 5668  LSI_SCSI - ok
15:40:29.0944 5668  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:40:29.0944 5668  luafv - ok
15:40:30.0006 5668  [ B8BE35421B9E8DC1AB4B0CB7B9B0328B ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
15:40:30.0006 5668  LUsbFilt - ok
15:40:30.0037 5668  [ EF586B959F747E74C76603FF16AE417B ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
15:40:30.0037 5668  LVRS64 - ok
15:40:30.0178 5668  [ EDF73BFA1BD24D74D1D64DC0ED28A7CD ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
15:40:30.0193 5668  LVUVC64 - ok
15:40:30.0256 5668  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:40:30.0271 5668  Mcx2Svc - ok
15:40:30.0334 5668  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:40:30.0334 5668  MDM - ok
15:40:30.0349 5668  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:40:30.0349 5668  megasas - ok
15:40:30.0380 5668  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:40:30.0380 5668  MegaSR - ok
15:40:30.0396 5668  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:40:30.0396 5668  MMCSS - ok
15:40:30.0412 5668  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:40:30.0412 5668  Modem - ok
15:40:30.0427 5668  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:40:30.0443 5668  monitor - ok
15:40:30.0458 5668  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:40:30.0458 5668  mouclass - ok
15:40:30.0474 5668  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:40:30.0474 5668  mouhid - ok
15:40:30.0536 5668  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:40:30.0536 5668  mountmgr - ok
15:40:30.0599 5668  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:40:30.0599 5668  mpio - ok
15:40:30.0599 5668  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:40:30.0599 5668  mpsdrv - ok
15:40:30.0677 5668  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:40:30.0692 5668  MpsSvc - ok
15:40:30.0739 5668  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:40:30.0739 5668  MRxDAV - ok
15:40:30.0802 5668  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:40:30.0802 5668  mrxsmb - ok
15:40:30.0864 5668  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:40:30.0864 5668  mrxsmb10 - ok
15:40:30.0942 5668  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:40:30.0942 5668  mrxsmb20 - ok
15:40:30.0942 5668  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:40:30.0958 5668  msahci - ok
15:40:31.0004 5668  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:40:31.0004 5668  msdsm - ok
15:40:31.0020 5668  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:40:31.0020 5668  MSDTC - ok
15:40:31.0051 5668  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:40:31.0051 5668  Msfs - ok
15:40:31.0067 5668  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:40:31.0067 5668  mshidkmdf - ok
15:40:31.0114 5668  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:40:31.0114 5668  msisadrv - ok
15:40:31.0160 5668  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:40:31.0160 5668  MSiSCSI - ok
15:40:31.0160 5668  msiserver - ok
15:40:31.0192 5668  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:40:31.0192 5668  MSKSSRV - ok
15:40:31.0223 5668  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:40:31.0223 5668  MSPCLOCK - ok
15:40:31.0223 5668  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:40:31.0223 5668  MSPQM - ok
15:40:31.0301 5668  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:40:31.0301 5668  MsRPC - ok
15:40:31.0348 5668  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:40:31.0348 5668  mssmbios - ok
15:40:31.0363 5668  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:40:31.0363 5668  MSTEE - ok
15:40:31.0379 5668  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:40:31.0379 5668  MTConfig - ok
15:40:31.0394 5668  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:40:31.0394 5668  Mup - ok
15:40:31.0644 5668  [ 21EEF976D53A0BCB603ABFF4AB6E4C88 ] MySQL           C:\xamppDaten\xampp\mysql\bin\mysqld.exe
15:40:31.0660 5668  MySQL - ok
15:40:31.0722 5668  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:40:31.0738 5668  napagent - ok
15:40:31.0753 5668  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:40:31.0769 5668  NativeWifiP - ok
15:40:31.0831 5668  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:40:31.0847 5668  NDIS - ok
15:40:31.0847 5668  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:40:31.0847 5668  NdisCap - ok
15:40:31.0862 5668  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:40:31.0862 5668  NdisTapi - ok
15:40:31.0909 5668  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:40:31.0909 5668  Ndisuio - ok
15:40:31.0972 5668  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:40:31.0972 5668  NdisWan - ok
15:40:32.0034 5668  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:40:32.0034 5668  NDProxy - ok
15:40:32.0050 5668  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:40:32.0050 5668  NetBIOS - ok
15:40:32.0112 5668  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:40:32.0128 5668  NetBT - ok
15:40:32.0143 5668  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:40:32.0143 5668  Netlogon - ok
15:40:32.0174 5668  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:40:32.0174 5668  Netman - ok
15:40:32.0237 5668  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:32.0237 5668  NetMsmqActivator - ok
15:40:32.0252 5668  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:32.0252 5668  NetPipeActivator - ok
15:40:32.0284 5668  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:40:32.0284 5668  netprofm - ok
15:40:32.0284 5668  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:32.0284 5668  NetTcpActivator - ok
15:40:32.0299 5668  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:32.0299 5668  NetTcpPortSharing - ok
15:40:32.0315 5668  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:40:32.0315 5668  nfrd960 - ok
15:40:32.0330 5668  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:40:32.0330 5668  NlaSvc - ok
15:40:32.0346 5668  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:40:32.0346 5668  Npfs - ok
15:40:32.0362 5668  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:40:32.0362 5668  nsi - ok
15:40:32.0377 5668  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:40:32.0377 5668  nsiproxy - ok
15:40:32.0455 5668  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:40:32.0471 5668  Ntfs - ok
15:40:32.0486 5668  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:40:32.0486 5668  Null - ok
15:40:32.0549 5668  [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
15:40:32.0549 5668  nusb3hub - ok
15:40:32.0611 5668  [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:40:32.0611 5668  nusb3xhc - ok
15:40:32.0674 5668  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:40:32.0689 5668  nvraid - ok
15:40:32.0689 5668  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:40:32.0705 5668  nvstor - ok
15:40:32.0752 5668  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:40:32.0752 5668  nv_agp - ok
15:40:32.0814 5668  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:40:32.0814 5668  ohci1394 - ok
15:40:32.0876 5668  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:40:32.0876 5668  ose - ok
15:40:32.0908 5668  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:40:32.0923 5668  p2pimsvc - ok
15:40:32.0939 5668  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:40:32.0939 5668  p2psvc - ok
15:40:32.0954 5668  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:40:32.0954 5668  Parport - ok
15:40:33.0017 5668  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:40:33.0017 5668  partmgr - ok
15:40:33.0032 5668  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:40:33.0048 5668  PcaSvc - ok
15:40:33.0095 5668  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:40:33.0110 5668  pci - ok
15:40:33.0110 5668  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:40:33.0110 5668  pciide - ok
15:40:33.0126 5668  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:40:33.0126 5668  pcmcia - ok
15:40:33.0142 5668  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:40:33.0142 5668  pcw - ok
15:40:33.0173 5668  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:40:33.0173 5668  PEAUTH - ok
15:40:33.0235 5668  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:40:33.0235 5668  PeerDistSvc - ok
15:40:33.0329 5668  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:40:33.0329 5668  PerfHost - ok
15:40:33.0407 5668  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:40:33.0422 5668  pla - ok
15:40:33.0500 5668  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:40:33.0500 5668  PlugPlay - ok
15:40:33.0500 5668  PnkBstrA - ok
15:40:33.0516 5668  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:40:33.0516 5668  PNRPAutoReg - ok
15:40:33.0532 5668  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:40:33.0547 5668  PNRPsvc - ok
15:40:33.0610 5668  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:40:33.0625 5668  PolicyAgent - ok
15:40:33.0641 5668  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:40:33.0656 5668  Power - ok
15:40:33.0703 5668  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:40:33.0703 5668  PptpMiniport - ok
15:40:33.0734 5668  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:40:33.0734 5668  Processor - ok
15:40:33.0797 5668  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:40:33.0812 5668  ProfSvc - ok
15:40:33.0812 5668  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:40:33.0812 5668  ProtectedStorage - ok
15:40:33.0890 5668  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:40:33.0890 5668  Psched - ok
15:40:33.0953 5668  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:40:33.0968 5668  PSI_SVC_2 - ok
15:40:34.0000 5668  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:40:34.0015 5668  ql2300 - ok
15:40:34.0031 5668  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:40:34.0031 5668  ql40xx - ok
15:40:34.0046 5668  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:40:34.0046 5668  QWAVE - ok
15:40:34.0062 5668  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:40:34.0062 5668  QWAVEdrv - ok
15:40:34.0187 5668  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
15:40:34.0187 5668  RapiMgr - ok
15:40:34.0202 5668  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:40:34.0202 5668  RasAcd - ok
15:40:34.0218 5668  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:40:34.0234 5668  RasAgileVpn - ok
15:40:34.0234 5668  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:40:34.0249 5668  RasAuto - ok
15:40:34.0312 5668  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:40:34.0312 5668  Rasl2tp - ok
15:40:34.0374 5668  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:40:34.0374 5668  RasMan - ok
15:40:34.0390 5668  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:40:34.0390 5668  RasPppoe - ok
15:40:34.0405 5668  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:40:34.0421 5668  RasSstp - ok
15:40:34.0468 5668  [ 81DDBF4FE998EF1F4BA230F7E8D8C67E ] Razerlow        C:\Windows\system32\drivers\DB3G.sys
15:40:34.0468 5668  Razerlow - ok
15:40:34.0530 5668  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:40:34.0530 5668  rdbss - ok
15:40:34.0546 5668  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:40:34.0561 5668  rdpbus - ok
15:40:34.0561 5668  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:40:34.0577 5668  RDPCDD - ok
15:40:34.0639 5668  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:40:34.0639 5668  RDPDR - ok
15:40:34.0639 5668  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:40:34.0639 5668  RDPENCDD - ok
15:40:34.0639 5668  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:40:34.0655 5668  RDPREFMP - ok
15:40:34.0702 5668  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:40:34.0702 5668  RDPWD - ok
15:40:34.0764 5668  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:40:34.0764 5668  rdyboost - ok
15:40:34.0795 5668  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:40:34.0795 5668  RemoteAccess - ok
15:40:34.0811 5668  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:40:34.0826 5668  RemoteRegistry - ok
15:40:34.0936 5668  [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64     C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
15:40:34.0936 5668  RivaTuner64 - ok
15:40:34.0951 5668  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:40:34.0951 5668  RpcEptMapper - ok
15:40:34.0967 5668  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:40:34.0967 5668  RpcLocator - ok
15:40:35.0029 5668  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:40:35.0045 5668  RpcSs - ok
15:40:35.0045 5668  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:40:35.0045 5668  rspndr - ok
15:40:35.0107 5668  [ C20F64FCD5E2B40310A1774495877ACD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
15:40:35.0107 5668  RTHDMIAzAudService - ok
15:40:35.0185 5668  [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:40:35.0185 5668  RTL8167 - ok
15:40:35.0248 5668  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:40:35.0248 5668  s3cap - ok
15:40:35.0263 5668  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:40:35.0263 5668  SamSs - ok
15:40:35.0326 5668  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:40:35.0326 5668  sbp2port - ok
15:40:35.0326 5668  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:40:35.0341 5668  SCardSvr - ok
15:40:35.0372 5668  [ 07237C66E05DA6778E9F3CB67FA00736 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
15:40:35.0372 5668  SCDEmu - ok
15:40:35.0435 5668  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:40:35.0435 5668  scfilter - ok
15:40:35.0497 5668  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:40:35.0513 5668  Schedule - ok
15:40:35.0591 5668  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:40:35.0591 5668  SCPolicySvc - ok
15:40:35.0638 5668  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:40:35.0653 5668  SDRSVC - ok
15:40:35.0653 5668  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:40:35.0653 5668  secdrv - ok
15:40:35.0731 5668  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:40:35.0731 5668  seclogon - ok
15:40:35.0747 5668  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:40:35.0747 5668  SENS - ok
15:40:35.0778 5668  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:40:35.0778 5668  SensrSvc - ok
15:40:35.0794 5668  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:40:35.0794 5668  Serenum - ok
15:40:35.0809 5668  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:40:35.0809 5668  Serial - ok
15:40:35.0856 5668  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:40:35.0856 5668  sermouse - ok
15:40:35.0934 5668  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:40:35.0934 5668  SessionEnv - ok
15:40:35.0996 5668  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:40:35.0996 5668  sffdisk - ok
15:40:36.0012 5668  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:40:36.0012 5668  sffp_mmc - ok
15:40:36.0028 5668  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:40:36.0028 5668  sffp_sd - ok
15:40:36.0043 5668  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:40:36.0043 5668  sfloppy - ok
15:40:36.0074 5668  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:40:36.0090 5668  SharedAccess - ok
15:40:36.0152 5668  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:40:36.0152 5668  ShellHWDetection - ok
15:40:36.0168 5668  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:40:36.0168 5668  SiSRaid2 - ok
15:40:36.0184 5668  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:40:36.0184 5668  SiSRaid4 - ok
15:40:36.0199 5668  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:40:36.0199 5668  Smb - ok
15:40:36.0215 5668  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:40:36.0215 5668  SNMPTRAP - ok
15:40:36.0277 5668  [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan        C:\Windows\syswow64\speedfan.sys
15:40:36.0277 5668  speedfan - ok
15:40:36.0308 5668  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:40:36.0308 5668  spldr - ok
15:40:36.0371 5668  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:40:36.0386 5668  Spooler - ok
15:40:36.0511 5668  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:40:36.0527 5668  sppsvc - ok
15:40:36.0542 5668  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:40:36.0542 5668  sppuinotify - ok
15:40:36.0574 5668  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
15:40:36.0574 5668  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
15:40:36.0574 5668  sptd ( LockedFile.Multi.Generic ) - warning
15:40:36.0574 5668  sptd - detected LockedFile.Multi.Generic (1)
15:40:36.0636 5668  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:40:36.0652 5668  srv - ok
15:40:36.0714 5668  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:40:36.0714 5668  srv2 - ok
15:40:36.0745 5668  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:40:36.0745 5668  srvnet - ok
15:40:36.0761 5668  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:40:36.0776 5668  SSDPSRV - ok
15:40:36.0792 5668  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:40:36.0792 5668  SstpSvc - ok
15:40:36.0823 5668  Steam Client Service - ok
15:40:36.0870 5668  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:40:36.0870 5668  stexstor - ok
15:40:36.0932 5668  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:40:36.0932 5668  stisvc - ok
15:40:36.0995 5668  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:40:36.0995 5668  storflt - ok
15:40:37.0026 5668  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
15:40:37.0026 5668  StorSvc - ok
15:40:37.0088 5668  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:40:37.0088 5668  storvsc - ok
15:40:37.0166 5668  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:40:37.0166 5668  swenum - ok
15:40:37.0182 5668  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:40:37.0198 5668  swprv - ok
15:40:37.0276 5668  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:40:37.0307 5668  SysMain - ok
15:40:37.0354 5668  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:40:37.0369 5668  TabletInputService - ok
15:40:37.0432 5668  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:40:37.0432 5668  TapiSrv - ok
15:40:37.0447 5668  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:40:37.0447 5668  TBS - ok
15:40:37.0541 5668  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:40:37.0556 5668  Tcpip - ok
15:40:37.0619 5668  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:40:37.0634 5668  TCPIP6 - ok
15:40:37.0681 5668  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:40:37.0681 5668  tcpipreg - ok
15:40:37.0697 5668  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:40:37.0697 5668  TDPIPE - ok
15:40:37.0775 5668  [ 1226A953D4FDBDFD570DA5CEE66EAA55 ] TDslMgrService  C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe
15:40:37.0775 5668  TDslMgrService - ok
15:40:37.0837 5668  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:40:37.0837 5668  TDTCP - ok
15:40:37.0900 5668  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:40:37.0900 5668  tdx - ok
15:40:37.0915 5668  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:40:37.0915 5668  TermDD - ok
15:40:37.0993 5668  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:40:37.0993 5668  TermService - ok
15:40:38.0009 5668  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:40:38.0024 5668  Themes - ok
15:40:38.0040 5668  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:40:38.0040 5668  THREADORDER - ok
15:40:38.0056 5668  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:40:38.0071 5668  TrkWks - ok
15:40:38.0134 5668  [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
15:40:38.0134 5668  truecrypt - ok
15:40:38.0227 5668  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:40:38.0227 5668  TrustedInstaller - ok
15:40:38.0290 5668  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:40:38.0290 5668  tssecsrv - ok
15:40:38.0352 5668  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:40:38.0352 5668  TsUsbFlt - ok
15:40:38.0414 5668  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:40:38.0414 5668  tunnel - ok
15:40:38.0430 5668  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:40:38.0430 5668  uagp35 - ok
15:40:38.0492 5668  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:40:38.0492 5668  udfs - ok
15:40:38.0524 5668  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:40:38.0524 5668  UI0Detect - ok
15:40:38.0539 5668  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:40:38.0539 5668  uliagpkx - ok
15:40:38.0602 5668  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
15:40:38.0602 5668  umbus - ok
15:40:38.0617 5668  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:40:38.0617 5668  UmPass - ok
15:40:38.0633 5668  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
15:40:38.0648 5668  UmRdpService - ok
15:40:38.0711 5668  [ 8B802B483CBDE06F62DBC04DC7AFAF8E ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:40:38.0726 5668  UMVPFSrv - ok
15:40:38.0742 5668  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:40:38.0742 5668  upnphost - ok
15:40:38.0758 5668  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:40:38.0758 5668  usbaudio - ok
15:40:38.0820 5668  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:40:38.0820 5668  usbccgp - ok
15:40:38.0882 5668  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:40:38.0882 5668  usbcir - ok
15:40:38.0945 5668  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:40:38.0945 5668  usbehci - ok
15:40:38.0992 5668  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:40:39.0007 5668  usbhub - ok
15:40:39.0038 5668  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:40:39.0038 5668  usbohci - ok
15:40:39.0054 5668  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:40:39.0054 5668  usbprint - ok
15:40:39.0070 5668  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:40:39.0070 5668  USBSTOR - ok
15:40:39.0132 5668  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:40:39.0132 5668  usbuhci - ok
15:40:39.0179 5668  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
15:40:39.0179 5668  usb_rndisx - ok
15:40:39.0194 5668  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:40:39.0194 5668  UxSms - ok
15:40:39.0210 5668  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:40:39.0226 5668  VaultSvc - ok
15:40:39.0288 5668  [ 6922612DCD53E825CDEB59227E2FB8E4 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
15:40:39.0288 5668  VBoxDrv - ok
15:40:39.0335 5668  [ 560BA2FB23485907C9D46AA4AFF6888A ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
15:40:39.0335 5668  VBoxUSB - ok
15:40:39.0382 5668  [ 955C497F1DFDBC2808F2700145EA918C ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
15:40:39.0382 5668  VBoxUSBMon - ok
15:40:39.0413 5668  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:40:39.0413 5668  vdrvroot - ok
15:40:39.0444 5668  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:40:39.0460 5668  vds - ok
15:40:39.0491 5668  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:40:39.0491 5668  vga - ok
15:40:39.0506 5668  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:40:39.0506 5668  VgaSave - ok
15:40:39.0538 5668  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:40:39.0538 5668  vhdmp - ok
15:40:39.0569 5668  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:40:39.0569 5668  viaide - ok
15:40:39.0600 5668  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:40:39.0600 5668  vmbus - ok
15:40:39.0616 5668  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:40:39.0616 5668  VMBusHID - ok
15:40:39.0631 5668  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:40:39.0631 5668  volmgr - ok
15:40:39.0694 5668  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:40:39.0694 5668  volmgrx - ok
15:40:39.0709 5668  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:40:39.0709 5668  volsnap - ok
15:40:39.0787 5668  [ 4F4125C8E7FB75FED141316E0DFEBE4F ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
15:40:39.0787 5668  vpnagent - ok
15:40:39.0818 5668  [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
15:40:39.0818 5668  vpnva - ok
15:40:39.0834 5668  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:40:39.0834 5668  vsmraid - ok
15:40:39.0881 5668  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:40:39.0896 5668  VSS - ok
15:40:39.0912 5668  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:40:39.0912 5668  vwifibus - ok
15:40:39.0943 5668  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:40:39.0943 5668  W32Time - ok
15:40:39.0990 5668  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
15:40:39.0990 5668  W3SVC - ok
15:40:40.0006 5668  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:40:40.0006 5668  WacomPen - ok
15:40:40.0021 5668  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:40:40.0021 5668  WANARP - ok
15:40:40.0021 5668  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:40:40.0021 5668  Wanarpv6 - ok
15:40:40.0037 5668  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
15:40:40.0037 5668  WAS - ok
15:40:40.0068 5668  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:40:40.0068 5668  wbengine - ok
15:40:40.0084 5668  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:40:40.0099 5668  WbioSrvc - ok
15:40:40.0115 5668  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
15:40:40.0115 5668  WcesComm - ok
15:40:40.0177 5668  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:40:40.0193 5668  wcncsvc - ok
15:40:40.0208 5668  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:40:40.0208 5668  WcsPlugInService - ok
15:40:40.0208 5668  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:40:40.0208 5668  Wd - ok
15:40:40.0286 5668  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:40:40.0286 5668  Wdf01000 - ok
15:40:40.0318 5668  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:40:40.0318 5668  WdiServiceHost - ok
15:40:40.0318 5668  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:40:40.0318 5668  WdiSystemHost - ok
15:40:40.0333 5668  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:40:40.0333 5668  WebClient - ok
15:40:40.0349 5668  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:40:40.0349 5668  Wecsvc - ok
15:40:40.0364 5668  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:40:40.0364 5668  wercplsupport - ok
15:40:40.0380 5668  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:40:40.0380 5668  WerSvc - ok
15:40:40.0396 5668  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:40:40.0396 5668  WfpLwf - ok
15:40:40.0411 5668  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:40:40.0411 5668  WIMMount - ok
15:40:40.0411 5668  WinDefend - ok
15:40:40.0427 5668  WinHttpAutoProxySvc - ok
15:40:40.0474 5668  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:40:40.0474 5668  Winmgmt - ok
15:40:40.0520 5668  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:40:40.0536 5668  WinRM - ok
15:40:40.0583 5668  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:40:40.0583 5668  WinUsb - ok
15:40:40.0630 5668  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:40:40.0645 5668  Wlansvc - ok
15:40:40.0770 5668  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:40:40.0786 5668  wlidsvc - ok
15:40:40.0817 5668  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:40:40.0817 5668  WmiAcpi - ok
15:40:40.0832 5668  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:40:40.0832 5668  wmiApSrv - ok
15:40:40.0848 5668  WMPNetworkSvc - ok
15:40:40.0848 5668  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:40:40.0848 5668  WPCSvc - ok
15:40:40.0926 5668  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:40:40.0926 5668  WPDBusEnum - ok
15:40:40.0942 5668  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:40:40.0942 5668  ws2ifsl - ok
15:40:40.0957 5668  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:40:40.0957 5668  wscsvc - ok
15:40:40.0957 5668  WSearch - ok
15:40:41.0066 5668  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:40:41.0098 5668  wuauserv - ok
15:40:41.0144 5668  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:40:41.0160 5668  WudfPf - ok
15:40:41.0176 5668  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:40:41.0176 5668  WUDFRd - ok
15:40:41.0238 5668  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:40:41.0254 5668  wudfsvc - ok
15:40:41.0269 5668  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:40:41.0269 5668  WwanSvc - ok
15:40:41.0285 5668  ================ Scan global ===============================
15:40:41.0316 5668  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:40:41.0363 5668  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:40:41.0378 5668  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:40:41.0394 5668  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:40:41.0425 5668  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:40:41.0425 5668  [Global] - ok
15:40:41.0425 5668  ================ Scan MBR ==================================
15:40:41.0425 5668  [ A3095E5B8060D0D6B97E87EC1BB50C3C ] \Device\Harddisk0\DR0
15:40:41.0519 5668  \Device\Harddisk0\DR0 - ok
15:40:41.0519 5668  [ BB51795341398A02FBB2FAB12C9A32E1 ] \Device\Harddisk1\DR1
15:40:41.0566 5668  \Device\Harddisk1\DR1 - ok
15:40:41.0566 5668  ================ Scan VBR ==================================
15:40:41.0566 5668  [ 0BD4D2F48AB403B4B7C748D7AE8CA845 ] \Device\Harddisk0\DR0\Partition1
15:40:41.0566 5668  \Device\Harddisk0\DR0\Partition1 - ok
15:40:41.0581 5668  [ 8C22E1A68D07F4139D4DE3E73E63A73D ] \Device\Harddisk0\DR0\Partition2
15:40:41.0581 5668  \Device\Harddisk0\DR0\Partition2 - ok
15:40:41.0581 5668  ============================================================
15:40:41.0581 5668  Scan finished
15:40:41.0581 5668  ============================================================
15:40:41.0597 4392  Detected object count: 1
15:40:41.0597 4392  Actual detected object count: 1
15:40:56.0666 4392  C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
15:40:56.0666 4392  sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 
15:41:21.0455 4640  Deinitialize success
         
Was nun?

Geändert von zellerli (25.11.2012 um 16:08 Uhr)

Alt 26.11.2012, 03:21   #10
t'john
/// Helfer-Team
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.11.2012, 10:49   #11
zellerli
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Das habe ich alles gemacht. Mich hat aber
Zitat:
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
verwirrt.

Bei dem als Admin ausgeführten Programm vor dessen Start ich Firewall, Antivir und sonstige Programme deaktiviert habe, kam folgendes raus:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c47cdbb21fb6449ad26f274b7de5414
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-26 09:40:17
# local_time=2012-11-26 10:40:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 650885 90463273 406787 0
# compatibility_mode=5893 16776573 100 94 48927 105552667 0 0
# compatibility_mode=8192 67108863 100 0 3635 3635 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
         

Alt 27.11.2012, 11:12   #12
zellerli
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Sorry für den Doppelpost. Bin ich schon clean?

Alt 27.11.2012, 12:11   #13
t'john
/// Helfer-Team
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 9 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.11.2012, 15:27   #14
zellerli
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Ich habe die neueste Version gemäß deiner Anleitung installiert.
Danach habe ich in meiner Softwareliste einmal die neueste Java-Version gefunden und ein anderen Java-Eintrag (glaube irgendwas mit FX), der schon 4 Monate alt war. Den hab ich deinstalliert und neu gestartet.

Bei Software in den Systemsteuerungen geht das Java-Symbol (hinter dem übrigens 32 Bit steht) nicht. Es kommt ein Fehler (siehe Anhang).
Hat das was mit dem Deinstallieren des FX-Eintrags zu tun?

Ich habe danach nochmal Java installiert (dachte mir, wenn es daran hängt, müsste es ja mitinstalliert werden), aber es geht immernoch nicht.
Angehängte Grafiken
Dateityp: png Screenshot_Java.png (97,4 KB, 124x aufgerufen)

Alt 29.11.2012, 05:10   #15
t'john
/// Helfer-Team
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Du kannst versuchen alles von Java mit JavaRa Download - JavaRa 2.0 zu entfernen.


Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Ukash Bundespolizei Infektion - Logs anbei
7-zip, adobe reader xi, antivir, autorun, avira, bho, computer, error, excel, fehler, flash player, helper, iexplore.exe, install.exe, jdownloader, league of legends, logfile, object, pando media booster, plug-in, poweriso, realtek, registry, rundll, scan, security, server, software, spotify web helper, storm, svchost.exe, teamspeak, trojaner, usb 3.0, virtualbox, visual studio, wgsdgsdgdsgsd.exe, windows




Ähnliche Themen: Ukash Bundespolizei Infektion - Logs anbei


  1. Bundespolizei-Trojaner. Win xp 32. OTL-Logs
    Log-Analyse und Auswertung - 08.02.2014 (6)
  2. Tagelang ohne Firewall - Logs anbei
    Log-Analyse und Auswertung - 04.09.2013 (11)
  3. Computerverhalten; verdacht auf ZBot (Logs anbei)
    Log-Analyse und Auswertung - 13.12.2012 (25)
  4. Bundespolizeitrojaner entdeckt - Logs anbei
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (6)
  5. "Live Security Platinum" vollständig entfernt? Logs anbei.
    Log-Analyse und Auswertung - 03.08.2012 (33)
  6. erbitte Hilfe: Bundespolizei Trojaner -0.9930813233754422.exe (Exploit.Drop.UR.2)-LOGFILES anbei
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (7)
  7. Infektion von XP-Rechner Ende Juli 2012, mit neuem GVU-Bundespolizei Ukash & Paysafe & Webcam
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (1)
  8. Laptop (Vista) versendet Spam - Logs anbei
    Log-Analyse und Auswertung - 29.07.2012 (12)
  9. Bundespolizei-Trojaner, OTL-Logs angehängt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (5)
  10. http://searchqu.com/410 als Startseite – gut oder bösartig? Logs anbei.
    Log-Analyse und Auswertung - 15.07.2012 (11)
  11. Virus Bundespolizei eingefangen, OTL und Malware Scan anbei
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  12. ANTIVIR meldet tr/sirefef.gc.1 und ATRAPS Gen2 - Was kann ich tun? Anbei Logs
    Log-Analyse und Auswertung - 13.06.2012 (1)
  13. Analyse der OTL-Logs. Befürchtung einer Infektion.
    Log-Analyse und Auswertung - 22.01.2012 (39)
  14. Bundespolizei/ukash-Trojaner entfernt, mag jemand die Logs prüfen?
    Log-Analyse und Auswertung - 05.09.2011 (23)
  15. Trojaner Katusha kann nicht gelöscht werden: Logs der Entfernungsversuche sind anbei
    Plagegeister aller Art und deren Bekämpfung - 14.06.2011 (14)
  16. Alle Programme starten sehr langsam - Logs anbei
    Log-Analyse und Auswertung - 19.12.2010 (6)
  17. verdacht auf infektion, office fehler +logs
    Log-Analyse und Auswertung - 14.11.2008 (9)

Zum Thema Ukash Bundespolizei Infektion - Logs anbei - Hallo, seit gestern habe ich besagten Trojaner (Computer gesperrt, 100€ zahlen). Meine bisherige Recherche hat ergeben, dass ich wohl OTL-Logs posten muss und dann Anweisungen abwarten sollte. Ich danke schon - Ukash Bundespolizei Infektion - Logs anbei...
Archiv
Du betrachtest: Ukash Bundespolizei Infektion - Logs anbei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.