Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU mit CAM auf Kinox.to

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.12.2012, 17:11   #1
cwalk
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



Hi,

war am surfen als plötzlich sich ne Seite öffnete mit "Ihr Computer ist gesperrt", Strafverfolgungen nach mehreren Paragraphen und einem Countdown für nen "Paysafekonto" von 100 € einschließlich meiner aktitvierten Cam und IP-Adresse, sowie Standort etc. laut GVU.

Da ich kein Plan von PC`s hab, dachte ich mir machste mal per Taskmanager das Ding weg, und gut ist. War natürlich nicht der Fall.

Nach ner misslungenden Systemwiederherstellung und aktiven Internetverbindung kam die Seite von alleine wieder und das gleiche war der Fall.

Hab das mal gegoogelt, wobei mir laut den gegoogelten Bildern schon klar war, dass nicht meiner dabei ist. Anscheind nen sehr neuer.

Bin als erstes nach

hxxp://www.chip.de/news/Bundespolizei-Virus-entfernen-PC-entsperren_50761972.html

vorgegangen und nach dem scan des gebooteten Sticks wars immer noch nicht behoben.


Hab dann mal weiter gegoogelt und bin auf

hxxp://www.evild3ad.com/1875/reveton-c-gvu-trojaner-mit-webcam-entfernen-win7/

gestoßen. Bin so vorgegangen, hab die Dateien gelöscht und sieh an, der Mozilla firefox funktioniert wieder.

Nen Kollege hat mir empfolen, das alles hier nochmal zu beschreiben nur um auf Nr. sicher zu gehen.

Danke schonmal.

Alt 20.12.2012, 17:17   #2
markusg
/// Malware-holic
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



Hi
wann lernt ihrs denn endlich, kinox.to und konsorten bieten illegalen Inhalt an, das tun die nicht, weil sie euch mögen, die wollen Geld verdienen, und, wenn man schon illegalen Inhalt anbietet, kann man ja auch gleich mit Autoren von Malware zusammenarbeiten um den Gewinn zu mehren...
also, Finger weg von solchen Schrottseiten.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 20.12.2012, 19:51   #3
cwalk
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.12.2012 17:35:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alice\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 76,71% Memory free
7,50 Gb Paging File | 6,45 Gb Available in Paging File | 85,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 256,99 Gb Total Space | 149,43 Gb Free Space | 58,15% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 26,19 Gb Free Space | 65,47% Space Free | Partition Type: NTFS
 
Computer Name: BUNSE | User Name: Alice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.20 17:33:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe
PRC - [2012.11.06 11:46:42 | 002,611,328 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.08 21:35:42 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.11 12:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012.05.08 21:00:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:00:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:00:51 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.07 15:55:40 | 001,797,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.06.22 14:07:46 | 002,478,080 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2010.06.08 21:52:30 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.06.08 16:19:14 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009.05.11 16:35:30 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibtmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.08 00:12:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 12:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.05.08 21:00:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:00:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Disabled | Stopped] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.12.20 15:10:38 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012.05.08 21:00:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:00:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.03.05 15:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.09 00:53:34 | 005,551,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.06.08 21:19:18 | 000,176,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.05.26 16:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010.05.06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.01 09:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.12.02 14:01:06 | 000,168,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {84965E3F-D633-47BA-B913-9A0B223490E8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{84965E3F-D633-47BA-B913-9A0B223490E8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: engine%40plasmoo.com:1.0.0.32
FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Alice\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.20 20:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.08 00:12:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 19:28:50 | 000,000,000 | ---D | M]
 
[2010.08.03 13:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\Extensions
[2012.11.06 18:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions
[2012.07.25 08:26:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.11.06 18:17:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.26 02:59:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@conduit.com
[2011.07.07 12:44:06 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@plasmoo.com
[2010.10.17 12:59:56 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\vshare@toolbar
[2011.08.14 17:01:25 | 000,090,118 | ---- | M] () (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2011.03.05 15:04:57 | 000,000,873 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\conduit.xml
[2012.12.18 11:05:05 | 000,001,056 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\icqplugin.xml
[2011.04.28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\plasmoo.xml
[2012.10.12 19:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.08 00:12:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.12 17:58:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 20:47:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 17:58:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 17:58:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 17:58:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 17:58:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3419D85-E322-4433-9B6A-C9BB26D39093}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Alice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip -  - File not found
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.20 17:33:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe
[2012.12.20 16:31:49 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.20 15:57:19 | 000,000,000 | ---D | C] -- C:\Users\Alice\Desktop\SARDU_2.0.6.2
[2012.12.20 15:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.12.20 15:10:38 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.12.20 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Roaming\DAEMON Tools Lite
[2012.12.20 15:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012.12.20 15:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.12.20 15:09:47 | 014,682,176 | ---- | C] (DT Soft Ltd) -- C:\Users\Alice\Desktop\DTLite4461-0327.exe
[2012.12.15 16:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2012.12.15 16:54:59 | 000,000,000 | ---D | C] -- C:\Star Wars-The Old Republic
[2012.12.13 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Local\{0713CD0A-E4E0-4A94-8286-FEBC7F98148C}
[2012.01.01 18:42:16 | 000,021,504 | ---- | C] (deepxw) -- C:\Users\Alice\AppData\Local\Wtrmrk.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.20 17:33:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe
[2012.12.20 16:26:01 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 16:26:01 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 16:22:22 | 000,680,058 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.20 16:22:22 | 000,629,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.20 16:22:22 | 000,139,880 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.20 16:22:22 | 000,115,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.20 16:18:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.20 16:18:05 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.20 15:56:16 | 013,479,174 | ---- | M] () -- C:\Users\Alice\Desktop\SARDU_2.0.6.2.zip
[2012.12.20 15:11:38 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.12.20 15:10:38 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.12.20 15:09:06 | 014,682,176 | ---- | M] (DT Soft Ltd) -- C:\Users\Alice\Desktop\DTLite4461-0327.exe
[2012.12.20 14:50:14 | 381,210,453 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.15 16:55:02 | 000,000,736 | ---- | M] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk
[2012.12.13 00:18:15 | 000,333,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.20 15:57:13 | 013,479,174 | ---- | C] () -- C:\Users\Alice\Desktop\SARDU_2.0.6.2.zip
[2012.12.20 15:11:38 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.12.15 16:55:02 | 000,000,736 | ---- | C] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk
[2012.09.05 09:41:32 | 000,000,224 | ---- | C] () -- C:\Users\Alice\AppData\Roaming\wklnhst.dat
[2012.09.02 09:20:55 | 000,000,908 | ---- | C] () -- C:\Users\Alice\World of Warcraft.lnk
[2012.07.23 09:24:59 | 000,001,993 | ---- | C] () -- C:\Users\Alice\Adobe Reader X.lnk
[2012.06.11 12:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.05.14 17:52:46 | 000,000,941 | ---- | C] () -- C:\Users\Alice\Diablo III.lnk
[2012.04.14 11:54:47 | 000,000,366 | ---- | C] () -- C:\Users\Alice\WoW.lnk
[2012.04.08 12:27:50 | 000,002,187 | ---- | C] () -- C:\Users\Alice\AION.lnk
[2012.03.09 05:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.03.09 05:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.17 21:59:32 | 000,000,093 | ---- | C] () -- C:\Users\Alice\AppData\Local\fusioncache.dat
[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.14 19:59:13 | 000,001,055 | ---- | C] () -- C:\Users\Alice\PokerStars.net.lnk
[2012.01.01 18:42:16 | 002,076,309 | ---- | C] () -- C:\Users\Alice\AppData\Local\ntkrlICE.exe
[2012.01.01 18:42:16 | 000,570,073 | ---- | C] () -- C:\Users\Alice\AppData\Local\gui.exe
[2012.01.01 18:42:16 | 000,397,900 | ---- | C] () -- C:\Users\Alice\AppData\Local\4GB_GER.exe
[2012.01.01 18:42:16 | 000,397,900 | ---- | C] () -- C:\Users\Alice\AppData\Local\4GB_EN.exe
[2012.01.01 18:42:16 | 000,000,518 | ---- | C] () -- C:\Users\Alice\AppData\Local\UNAWAVE_EN.url
[2012.01.01 18:42:16 | 000,000,240 | ---- | C] () -- C:\Users\Alice\AppData\Local\UPDATE.url
[2012.01.01 18:42:16 | 000,000,216 | ---- | C] () -- C:\Users\Alice\AppData\Local\UNAWAVE_GER.url
[2012.01.01 17:52:31 | 000,007,597 | ---- | C] () -- C:\Users\Alice\AppData\Local\Resmon.ResmonCfg
[2011.12.25 03:21:52 | 000,001,586 | ---- | C] () -- C:\Users\Alice\DivX Movies.lnk
[2011.12.25 03:21:37 | 000,001,086 | ---- | C] () -- C:\Users\Alice\DivX Plus Player.lnk
[2011.10.18 18:02:10 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.10.06 20:35:16 | 000,411,744 | ---- | C] () -- C:\Users\Alice\Dok1.odt
[2011.10.03 14:28:23 | 000,001,586 | ---- | C] () -- C:\Users\Alice\DivX Movies (2).lnk
[2011.08.13 11:03:20 | 000,001,360 | ---- | C] () -- C:\Users\Alice\Free YouTube to MP3 Converter.lnk
[2011.08.13 11:03:20 | 000,001,257 | ---- | C] () -- C:\Users\Alice\Free Audio CD Burner.lnk
[2011.08.13 11:03:20 | 000,001,201 | ---- | C] () -- C:\Users\Alice\DVDVideoSoft Free Studio.lnk
[2011.08.13 10:57:52 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.06.10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.05 13:36:29 | 000,002,066 | ---- | C] () -- C:\Users\Alice\DivX Plus Converter.lnk
[2011.01.28 21:45:56 | 000,001,085 | ---- | C] () -- C:\Users\Alice\Audiograbber.lnk
[2011.01.15 16:53:50 | 000,000,550 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.08.28 16:10:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.23 03:04:00 | 000,002,690 | ---- | C] () -- C:\Users\Alice\Medion MediaPack.lnk
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.20 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\DAEMON Tools Lite
[2012.10.05 17:43:55 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Dropbox
[2012.11.03 13:18:35 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\DVDVideoSoft
[2010.10.02 10:57:35 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Electronic Arts
[2012.10.19 21:35:55 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\ICQ
[2011.11.15 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Mumble
[2012.10.20 12:22:11 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\SoftGrid Client
[2012.09.05 09:41:34 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Template
[2011.05.17 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\TP
[2012.11.06 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.05.15 04:59:33 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.04.22 10:28:19 | 000,000,000 | ---D | M] -- C:\AMD
[2012.05.14 18:15:20 | 000,000,000 | ---D | M] -- C:\Diablo 3
[2010.08.03 10:25:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.12.20 16:41:42 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.20 15:10:33 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.20 16:15:01 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.08.03 10:25:53 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.08.03 10:25:53 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.15 17:19:24 | 000,000,000 | ---D | M] -- C:\Star Wars-The Old Republic
[2012.12.20 17:40:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.15 16:54:08 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.20 14:50:14 | 000,000,000 | ---D | M] -- C:\Windows
[2012.11.01 15:05:59 | 000,000,000 | ---D | M] -- C:\World of Warcraft
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2012.01.01 18:51:28 | 000,397,900 | ---- | M] () -- C:\Users\Alice\AppData\Local\4GB_EN.exe
[2012.01.01 18:51:28 | 000,397,900 | ---- | M] () -- C:\Users\Alice\AppData\Local\4GB_GER.exe
[2012.01.01 18:51:28 | 000,570,073 | ---- | M] () -- C:\Users\Alice\AppData\Local\gui.exe
[2012.01.01 18:51:28 | 002,076,309 | ---- | M] () -- C:\Users\Alice\AppData\Local\ntkrlICE.exe
[2012.01.01 18:51:28 | 000,021,504 | ---- | M] (deepxw) -- C:\Users\Alice\AppData\Local\Wtrmrk.exe
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
< %USERPROFILE%\*.* >
[2012.07.23 09:24:59 | 000,001,993 | ---- | M] () -- C:\Users\Alice\Adobe Reader X.lnk
[2012.04.08 12:27:50 | 000,002,187 | ---- | M] () -- C:\Users\Alice\AION.lnk
[2012.02.27 16:49:40 | 000,000,016 | ---- | M] () -- C:\Users\Alice\andre.txt
[2011.01.28 21:45:56 | 000,001,085 | ---- | M] () -- C:\Users\Alice\Audiograbber.lnk
[2012.05.14 18:15:23 | 000,000,941 | ---- | M] () -- C:\Users\Alice\Diablo III.lnk
[2011.10.03 14:28:23 | 000,001,586 | ---- | M] () -- C:\Users\Alice\DivX Movies (2).lnk
[2011.12.25 03:21:52 | 000,001,586 | ---- | M] () -- C:\Users\Alice\DivX Movies.lnk
[2011.04.05 13:36:29 | 000,002,066 | ---- | M] () -- C:\Users\Alice\DivX Plus Converter.lnk
[2011.12.25 03:21:37 | 000,001,086 | ---- | M] () -- C:\Users\Alice\DivX Plus Player.lnk
[2011.10.06 20:35:23 | 000,411,744 | ---- | M] () -- C:\Users\Alice\Dok1.odt
[2011.08.13 11:03:20 | 000,001,201 | ---- | M] () -- C:\Users\Alice\DVDVideoSoft Free Studio.lnk
[2011.08.13 11:03:20 | 000,001,257 | ---- | M] () -- C:\Users\Alice\Free Audio CD Burner.lnk
[2011.08.13 11:03:20 | 000,001,360 | ---- | M] () -- C:\Users\Alice\Free YouTube to MP3 Converter.lnk
[2010.06.23 03:05:13 | 000,002,690 | ---- | M] () -- C:\Users\Alice\Medion MediaPack.lnk
[2012.12.20 17:57:09 | 002,359,296 | -HS- | M] () -- C:\Users\Alice\ntuser.dat
[2012.12.20 17:57:09 | 000,262,144 | -HS- | M] () -- C:\Users\Alice\ntuser.dat.LOG1
[2012.11.19 17:15:59 | 000,262,144 | -HS- | M] () -- C:\Users\Alice\ntuser.dat.LOG2
[2010.08.03 10:26:32 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.08.03 10:26:32 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.08.03 10:26:32 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.08.29 18:10:34 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TM.blf
[2012.08.29 18:10:34 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TMContainer00000000000000000001.regtrans-ms
[2012.08.29 18:10:34 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TMContainer00000000000000000002.regtrans-ms
[2011.04.11 16:15:05 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TM.blf
[2011.04.11 16:15:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TMContainer00000000000000000001.regtrans-ms
[2011.04.11 16:15:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TMContainer00000000000000000002.regtrans-ms
[2012.09.05 16:10:05 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TM.blf
[2012.09.05 16:10:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TMContainer00000000000000000001.regtrans-ms
[2012.09.05 16:10:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TMContainer00000000000000000002.regtrans-ms
[2011.11.03 16:37:13 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TM.blf
[2011.11.03 16:37:13 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TMContainer00000000000000000001.regtrans-ms
[2011.11.03 16:37:13 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TMContainer00000000000000000002.regtrans-ms
[2010.08.03 10:26:33 | 000,000,020 | -HS- | M] () -- C:\Users\Alice\ntuser.ini
[2012.01.14 19:59:13 | 000,001,055 | ---- | M] () -- C:\Users\Alice\PokerStars.net.lnk
[2012.12.15 16:55:02 | 000,000,736 | ---- | M] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk
[2012.04.21 18:20:47 | 000,035,328 | -HS- | M] () -- C:\Users\Alice\Thumbs.db
[2012.09.02 09:21:25 | 000,000,908 | ---- | M] () -- C:\Users\Alice\World of Warcraft.lnk
[2012.04.14 11:54:47 | 000,000,366 | ---- | M] () -- C:\Users\Alice\WoW.lnk
[2012.04.14 16:47:14 | 000,000,016 | ---- | M] () -- C:\Users\Alice\Zuhause.txt
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.12.2012 17:35:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alice\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 76,71% Memory free
7,50 Gb Paging File | 6,45 Gb Available in Paging File | 85,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 256,99 Gb Total Space | 149,43 Gb Free Space | 58,15% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 26,19 Gb Free Space | 65,47% Space Free | Partition Type: NTFS
 
Computer Name: BUNSE | User Name: Alice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000BBA56-A75A-4C38-8ABD-F7DF13E1DAA0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{032DF29F-B567-404A-99EE-526D1918F386}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{05171F89-EAF5-418B-8427-D5112EF50861}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{08E17A8E-AD70-4CCD-8C8B-D8ECE9F1F6EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{0B342F8F-BC64-483F-A137-3F5606542D2B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{10383BDE-F838-4F06-8B76-503C9AC6A036}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1A7B8E4C-8092-4D2F-BFF8-C515BB8797A6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1E788448-D236-437B-A68F-AD0320603435}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{22D7CFE4-EB65-495D-B1C5-4972263933AD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{23A42691-89A8-498E-B6A9-B005DBCBAFD0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2488882C-7BF0-44AB-97C1-2E130ED8B693}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{250909EB-9F48-4202-9BB7-F1B9B226A8C6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2A90946D-DBFA-4A74-8935-94937AF992D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2C5DCF18-6B09-47BD-BD13-36953F810A32}" = rport=139 | protocol=6 | dir=out | app=system | 
"{344FCD98-9BCF-4760-BB0E-294B33FF56AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3E3E9E8C-263B-44A4-8C03-46E687788E43}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{472C205E-833E-48E1-A828-EC0EB27A6BD2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4A0B0D5C-BB57-4D26-BBEF-024B1D07300B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{53EB3596-0EDA-40C0-8027-DF6FBF81F492}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{58E44565-67F1-44EC-A003-8962197C58D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5BC3A91E-C7E9-4277-992C-B69881665434}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5BFA859A-25EE-4CC8-AFA5-271649CCA713}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{60BBB308-89AB-4F9D-96B8-060540B9195E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{78E43A6F-8C00-4B0F-8028-22377986796E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7CB14377-FD78-4223-9D06-E8825607FA89}" = lport=139 | protocol=6 | dir=in | app=system | 
"{84E2DC43-12F0-41A3-AFDF-8B9669E27FAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{87E9F6DA-9982-47F1-AC0B-EDC1C50EDA3E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A3EC12F-6555-4AF8-8E0C-3FF9E004FA6F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{95234416-0EAF-4242-AD3A-B085F374FBD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A6B700F4-9912-4DC6-A993-4584B10DEE53}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A7B070A2-BC08-4DC2-9AEE-076A6D9D88CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AEF7F456-B339-412E-BCBA-1CE7C1FC33B5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AFD5AC08-5077-4120-A6B6-C4635D1541D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B28DC406-8484-4AD8-87BC-B22D9EA52719}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC5FBC3F-D46A-48C3-ABFB-09A62B5D9310}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BF318625-3D24-495F-9824-9DFCCA727EB4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BF342F57-5F7B-460E-AAFF-A7ACFCF72124}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C2F75073-F3EB-4E24-B4FB-BDCD7CB1E39A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CB6FE9C3-42EB-4D56-B39C-E70808F99C59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E251257A-D7D0-4696-87BE-B7671E393741}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E8FC85BB-521B-489F-A5F3-75D695FD4BEB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E9C2DD56-E564-413C-AC5E-F648CEA23B8F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FDC24C2C-9077-4625-A683-6FE29FFF5260}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8599B-758E-4761-A49F-974F50462CD7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{05890410-49A7-460E-AAF9-4662D5F98D07}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{076E37A9-1489-4F88-8252-79126C6178D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{07CCE69B-1A4D-4E1B-8F31-27640EF7A016}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{0DF6327B-F168-4A63-B411-F1A29BEFE336}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{0E0BE800-57DC-46A0-B4FF-21AB5143B80D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{19D3CD51-ABC9-49B9-86E3-0F3684CBF344}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{28F11474-2117-410E-9E03-67FBFBF47386}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{2989FB79-A6D6-4E15-B80F-F7A49EF3712D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B772306-583D-42E2-8A46-C8EBE466D055}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{2C28377C-4976-4DE0-A54D-FFF9FE6F10AA}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{2D5E5FB0-BCBD-4B7F-A85A-E88273CA13DC}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{2F0169E5-8BC0-4E84-A006-C5D69030EC43}" = protocol=6 | dir=in | app=c:\star wars-the old republic\launcher.exe | 
"{2F38012C-F4FD-4F9D-9922-4F5373123B8B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{31DDA071-2660-41FA-9755-257CB6318B9E}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | 
"{3B2123F9-C90A-4A43-A1E7-C170EEC1E697}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{404D4394-1F79-4EB9-A7DB-C3115D0083BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{423FB6BE-C247-4C0E-93E8-2CDDF8ABF9AB}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | 
"{434F297A-0882-4A51-85B8-09503CDD481A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{43E855B8-7256-410E-AE49-B7735FCF3348}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{498DDF9A-1948-4AD6-939C-2F598AF0C67B}" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{499C9CD9-28E1-4518-B2A1-B356B91A9E19}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4BABEA70-9F41-4D34-A44F-589FA035C288}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{4ECF2C20-9FFE-4CBE-8128-63CA33B3B1DF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{505F75B6-0DF4-4FA7-9E8A-F0843A4FDB98}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{52D29D5F-E709-4443-ADD8-B1BFD78B6265}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{53B5D205-F94D-4F7B-9164-6951FAF6EAC6}" = protocol=17 | dir=in | app=c:\diablo 3\diablo iii\diablo iii.exe | 
"{559375B6-1FB0-4D87-8B1F-06451A0D17F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{55BF6CC1-68E9-4010-BDC0-81FADF17D1B3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{578BC725-B1EC-48E5-BDEA-5F7E5DD35BBA}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{5D14DD7A-B000-4353-8A9E-EDBC8E6681C6}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{61B059D8-F145-4CFC-B0EA-0146AA31E283}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{62A1652A-CBDE-47D3-BD31-49DA5B2B0F07}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{63C176CF-256E-4B72-8DE9-568176CFC064}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{63C35551-A45C-4CFA-8DA9-56DEDF349290}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{761BBEAC-CA44-44CD-9893-4683E48D9768}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{778FC48E-90DC-44BE-B97A-CF7AA5D26129}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7B874C27-5131-458A-B6EC-7FAB69602A73}" = protocol=17 | dir=in | app=c:\star wars-the old republic\launcher.exe | 
"{7B8F5D01-9071-4005-B044-79444DB66941}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{80D7695E-E6EB-448B-A9F2-0C621FE355CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{86B1ADB3-7418-42A7-9919-41174F952B3E}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 
"{87E51C75-1608-4371-8994-6E66849447E5}" = protocol=6 | dir=in | app=c:\diablo 3\diablo iii\diablo iii.exe | 
"{896E12D0-5356-4613-8910-B6F60EE9E9D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{89BF43A9-5B92-453B-ACFD-8C4BBE412B5D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{8AE7D4D8-BE73-4CA3-B750-D7113D748474}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{9486E511-1DE2-4EB4-A420-4E8D7A167BBC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{960101DC-051D-464B-9DDC-555AA99C0760}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{966765C5-F8B0-4890-9258-57B42622AAC2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{968F302E-82AB-4F76-B923-ABE793752B81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{97786589-06D3-45FD-A19A-21B521A5EF91}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{9A515C14-7C2A-4EA5-80AB-3A444D67D726}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{9C83C18D-C3CA-44E3-87A4-DBEC98A57E79}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9DDFF6F5-143C-48D2-A3AA-C91DF0983161}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{9E037D9C-8088-469B-9EB9-34DF12B94B32}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{A01FEE12-7DD5-46DE-9BEA-D01767E8CB8B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{A29CA614-527A-4AA6-9232-E10F635DE85C}" = protocol=6 | dir=out | app=system | 
"{A6023236-47CF-42DC-9CD1-703C1200C864}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{AF369903-3F43-4205-B688-28B1A5F2E108}" = protocol=6 | dir=in | app=c:\star wars-the old republic\launcher.exe | 
"{B18D957B-7F0D-4B95-B123-FA2178335E08}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B1CD8363-DAF8-408B-8C76-F32F7F0A0488}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B5A54266-C545-43E5-9E20-954E29724866}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C04D3088-F2D4-4A4C-A35D-708F2C956ED0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C0D2141B-5501-4884-BE65-09BF743232F1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{C15F9BC7-E325-4F19-8CC1-826718EE5923}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{C175AEF0-9A17-4F4A-B522-88FBDBDF157D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{C2D147CC-BB0F-4682-861F-35E6F20566D9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{C378FB0A-D84D-46D9-878F-653733165BFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C940A863-B6E5-4AE7-92BF-449D97657A87}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{CD7AFC79-B3FC-4D78-A7F0-040DF4F503AC}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 
"{CF011444-F01B-4F89-A331-ED33014819EC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{D03F2DA8-C06A-4684-AE42-E6B1CA788856}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{D27D00B3-083E-47EA-9B3C-45614084C2F1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{D36C5F63-A59C-4D07-91C4-24DEC5B484FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DBC17997-DFB7-40F1-81F1-2EBE7EBE01B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{DF9FE081-EAF6-4592-8A76-31444429AD2C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DFC54914-750B-4832-9DFB-BA68806C27AD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E17EAC0E-58EC-4C1E-B37F-7067454A937C}" = protocol=17 | dir=in | app=c:\star wars-the old republic\launcher.exe | 
"{E2305DDB-D0E2-4FF2-886C-5A20C51F57D0}" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{F05A0424-B995-4D96-B416-3765ACA915DC}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F7951146-E55D-4477-ACB3-E1F7C08DB309}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{FBEB2D15-CF0E-43CA-A61C-9148623A2D35}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FD436FDD-482F-42F4-89FA-BDD88689AAB5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{FE8C6353-D0D5-4556-A752-3AB1EE296EAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{0677F68D-F8D3-45C4-AAFD-DD9883945407}C:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\blizzard downloader.exe | 
"TCP Query User{1B567286-E53E-4D0A-8055-7FE460604017}C:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"TCP Query User{1C54D7D4-AB77-4B33-B10D-3BB874B62EC8}C:\program files\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"TCP Query User{202A0F5C-1AB3-47E3-9A39-3591869E436F}C:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"TCP Query User{2BBB5999-9FE9-4612-ABD6-BE201E57FE21}C:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{2FD30378-9295-47AE-BCE1-3DA068314594}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{2FFFBDA2-F605-483E-AAB9-A7B6E2B3D8DF}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{30C1762F-A6BC-4BCF-B7EC-AC5C1BCFFBE1}C:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{3677523C-1B75-4E55-BA22-6FC269A6A11B}C:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 
"TCP Query User{371C5694-AB63-4574-8F74-CB63394FC177}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{4354E0B6-A6EF-4524-8459-05D90AA22A79}C:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{4971FA06-A26E-4243-8A19-515571D7BE4D}C:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"TCP Query User{5080CE8F-B956-46B5-A69A-85FC00E027A7}D:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe" = protocol=6 | dir=in | app=d:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe | 
"TCP Query User{542B54AD-AC05-4E8D-94C9-B41DCB2EF252}C:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{56E3B3A5-3137-4FF3-ABF3-5CEEFA9B235C}C:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{5F0B5B5A-01BA-4A18-A343-7C9386A048C5}C:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{64F8FD31-5590-4305-AB06-A94E8ABCD776}C:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{6A954AEA-A00F-470F-A114-490E0D140670}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | 
"TCP Query User{6FC879B6-5D21-48B0-80AA-8AF01FBDAEAF}C:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 
"TCP Query User{73A3B25C-A719-45E7-B5E3-4FFD7D8D29F9}C:\diablo 3\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\diablo 3\diablo iii\diablo iii.exe | 
"TCP Query User{7F485943-329A-422B-B45B-A307928E1465}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{9D308879-A2E5-4FCE-9D57-A1A26E5DCCF4}C:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{A475232B-1FAE-4B51-9645-CB0EBEFEEC6D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{ADDAA587-B38C-45AF-833D-85F194BE8026}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{C15B588E-EBB5-406C-A045-D90016B5DD3E}C:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{C3946789-0372-4F5A-BA70-517D02BE5227}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{C58E15E1-8FD9-4CFA-BFB6-FDDDFA71977D}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{DF6111B5-0508-4FA7-BA0B-2C57DB5851B0}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{E12D4D1E-DBA5-4035-905A-B6E4391289FC}C:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"TCP Query User{E6EFE641-FDC3-470D-8487-6BBC1E268100}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E74C45A2-2933-4009-BBE9-28E1EEE465EF}C:\program files\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\der herr der ringe online\lotroclient.exe | 
"TCP Query User{E820A056-A2DE-484E-A24E-B474C55C5EC5}C:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{E954CAF1-B143-470B-8695-D562DBC79CF3}C:\users\alice\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=6 | dir=in | app=c:\users\alice\appdata\local\temp\rarsfx0\medionfinder.exe | 
"TCP Query User{FA883158-E00B-4B96-8209-9DBD43C06E02}D:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe" = protocol=6 | dir=in | app=d:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe | 
"TCP Query User{FF8E3D57-2E8E-4DC6-B7FE-ED6F0B3718D5}C:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\blizzard downloader.exe | 
"UDP Query User{0056783F-0286-48C6-A2E1-81B3A4AF5053}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{1E5C677C-EDCD-4878-90AE-FE3879512635}C:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{1E692C5F-FA51-4189-A065-F6B0355F95A5}C:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{227C6A82-74D2-4FE0-A44A-4F788C99F086}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{376A9C6B-8D72-4249-B50F-35D95018EB8B}C:\diablo 3\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\diablo 3\diablo iii\diablo iii.exe | 
"UDP Query User{3849FDB0-C3DE-4A36-9936-BCF31A66E7DE}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{42E4BC09-2E5F-4937-A031-F788A2CD61B7}C:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\blizzard downloader.exe | 
"UDP Query User{4DDF033B-A2A5-4405-9BD3-E4094C1BA35B}C:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\blizzard downloader.exe | 
"UDP Query User{4E1C8789-7655-4BD0-8EA1-66429FBCF01C}D:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe" = protocol=17 | dir=in | app=d:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe | 
"UDP Query User{57CDBA0A-BA4A-4475-9C86-4980AAF488E7}C:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 
"UDP Query User{5E0E8180-8BB1-457D-B59E-A9A80205B8BE}C:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"UDP Query User{5F0E0AE4-C2E2-451C-A06C-A00CF041715F}C:\program files\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"UDP Query User{67D5DE74-9D7B-4651-A647-446DD1491821}C:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"UDP Query User{7B0F17FA-D101-4372-B3CD-4669E05AD599}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{7BDEDE15-29A4-4FEE-9E09-2AFC6FA0E372}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{7E1A9463-9EE6-4490-B4A7-77723EFEF628}C:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"UDP Query User{943DB850-6FDF-4478-97F5-B0898DE4C519}C:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\alice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 
"UDP Query User{95153EB9-933F-4823-89A7-02AECF3C4CEA}C:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{A14209C9-13E4-459E-988A-58C9D0F60121}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{A168F898-3A36-4712-B601-AFB5582285D5}C:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{A3BD498C-1CA2-40E6-BC1F-E2F2D3600019}C:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{A4C7F28B-4154-41C2-BDF6-9B82D171A5D7}C:\program files\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\der herr der ringe online\lotroclient.exe | 
"UDP Query User{A5391F01-AFE9-4877-8563-ED5E4277ED3D}D:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe" = protocol=17 | dir=in | app=d:\supreme\supreme.commander.forged.alliance.full-rip.skullptura\supcom - forged alliance\bin\forgedalliance.exe | 
"UDP Query User{AA271BCF-A636-426B-9FD2-A0478744F45C}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{B5E2E7A8-6966-45A9-BB89-CD5A72655656}C:\users\alice\appdata\local\temp\rarsfx0\medionfinder.exe" = protocol=17 | dir=in | app=c:\users\alice\appdata\local\temp\rarsfx0\medionfinder.exe | 
"UDP Query User{B98CA27D-026F-4F7C-8A10-DB77E0DB18BE}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{BEBE7044-4B79-4356-A0AF-8AC7C1EB84CD}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{BF83A4ED-C983-4E69-8F5E-285C1A132DA9}C:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{C402C1EC-3717-49E5-B1E9-7274B7066B40}C:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{C4C5DF37-1C11-4D6B-87F4-2BD7A77C44CA}C:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{C90F588B-0732-403B-B439-EAC78D39A2CC}C:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{CEF1FA9C-5B11-4C6E-A3A4-B0834367C38D}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | 
"UDP Query User{E4098D2C-DCF3-4924-99FF-46342573B865}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{F1EFC08E-FDF3-40AE-9967-89595F34BCB3}C:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"UDP Query User{F6F976ED-3845-4F60-A24F-CB1F47C459F6}C:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A93F317E-722A-A1C9-0781-4128BFEF7A54}" = AMD Drag and Drop Transcoding
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B5239BF0-3547-E82B-1D1B-754F17EBBDC5}" = AMD Accelerated Video Transcoding
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C028F57F-603A-AB6E-F2D0-1374EA538F8A}" = ccc-utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C725719D-AEEA-61C8-E732-E29513201D59}" = AMD Fuel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF45E5AA-4F5D-1188-CAA6-C2DE5ABBB389}" = Catalyst Control Center InstallProxy
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EA75A269-0206-A2AA-D125-3F959E7EB72E}" = AMD Media Foundation Decoders
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB11AC97-E48F-13E8-812E-1EAD76AF3146}" = AMD Catalyst Install Manager
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"7-Zip" = 7-Zip 9.20
"97CEB8209F0BC014131F0864966F5B9C9345570E" = Windows Driver Package - Broadcom Bluetooth  (05/27/2009 6.1.7100.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PokerStars.net" = PokerStars.net
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.2
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.3.0
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.11.2012 09:14:22 | Computer Name = Bunse | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc225  Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.279,
 Zeitstempel: 0x4c0f00e7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001dbe31  ID des fehlerhaften
 Prozesses: 0xc24  Startzeit der fehlerhaften Anwendung: 0x01cdc97c72703a47  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\atidxx32.dll  Berichtskennung: b1f676fe-356f-11e2-8430-406186af99e2
 
Error - 09.12.2012 09:56:02 | Computer Name = Bunse | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ad0    Startzeit: 
01cdd614c1619cf9    Endzeit: 88    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 2801435c-4208-11e2-8af4-406186af99e2  
 
Error - 11.12.2012 15:29:16 | Computer Name = Bunse | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: HTTP-Status 400: Der Server kann die Anforderung aufgrund
 der ungültigen Syntax nicht verarbeiten.  
 
Error - 20.12.2012 07:03:30 | Computer Name = Bunse | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 20.12.2012 07:37:10 | Computer Name = Bunse | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 20.12.2012 09:50:53 | Computer Name = Bunse | Source = System Restore | ID = 8204
Description = 
 
Error - 20.12.2012 10:00:22 | Computer Name = Bunse | Source = System Restore | ID = 8204
Description = 
 
Error - 20.12.2012 10:10:04 | Computer Name = Bunse | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 20.12.2012 10:53:24 | Computer Name = Bunse | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 20.12.2012 11:04:59 | Computer Name = Bunse | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
[ System Events ]
Error - 20.12.2012 11:08:02 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.12.2012 11:08:02 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.12.2012 11:08:02 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.12.2012 11:08:02 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.12.2012 11:08:02 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.12.2012 11:10:36 | Computer Name = Bunse | Source = DCOM | ID = 10005
Description = 
 
Error - 20.12.2012 11:10:36 | Computer Name = Bunse | Source = DCOM | ID = 10005
Description = 
 
Error - 20.12.2012 11:10:36 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.12.2012 11:15:45 | Computer Name = Bunse | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.12.2012 13:26:31 | Computer Name = Bunse | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
 
< End of report >
         
--- --- ---
__________________

Alt 20.12.2012, 20:11   #4
markusg
/// Malware-holic
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.12.2012, 21:43   #5
cwalk
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



21:39:19.0292 3504 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:39:19.0900 3504 ============================================================
21:39:19.0900 3504 Current date / time: 2012/12/20 21:39:19.0900
21:39:19.0900 3504 SystemInfo:
21:39:19.0900 3504
21:39:19.0900 3504 OS Version: 6.1.7600 ServicePack: 1.0
21:39:19.0900 3504 Product type: Workstation
21:39:19.0900 3504 ComputerName: BUNSE
21:39:19.0900 3504 UserName: Alice
21:39:19.0900 3504 Windows directory: C:\Windows
21:39:19.0900 3504 System windows directory: C:\Windows
21:39:19.0900 3504 Processor architecture: Intel x86
21:39:19.0900 3504 Number of processors: 2
21:39:19.0900 3504 Page size: 0x1000
21:39:19.0900 3504 Boot type: Normal boot
21:39:19.0900 3504 ============================================================
21:39:20.0961 3504 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:39:20.0961 3504 ============================================================
21:39:20.0961 3504 \Device\Harddisk0\DR0:
21:39:20.0961 3504 MBR partitions:
21:39:20.0961 3504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:39:20.0961 3504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x201FA800
21:39:20.0961 3504 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2022D000, BlocksNum 0x5000000
21:39:20.0961 3504 ============================================================
21:39:20.0976 3504 C: <-> \Device\Harddisk0\DR0\Partition2
21:39:21.0023 3504 D: <-> \Device\Harddisk0\DR0\Partition3
21:39:21.0023 3504 ============================================================
21:39:21.0023 3504 Initialize success
21:39:21.0023 3504 ============================================================
21:39:37.0263 1392 ============================================================
21:39:37.0263 1392 Scan started
21:39:37.0263 1392 Mode: Manual; SigCheck; TDLFS;
21:39:37.0263 1392 ============================================================
21:39:38.0058 1392 ================ Scan system memory ========================
21:39:38.0058 1392 System memory - ok
21:39:38.0058 1392 ================ Scan services =============================
21:39:38.0214 1392 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:39:38.0667 1392 1394ohci - ok
21:39:38.0682 1392 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:39:38.0714 1392 ACPI - ok
21:39:38.0729 1392 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:39:38.0979 1392 AcpiPmi - ok
21:39:39.0104 1392 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:39:39.0119 1392 AdobeARMservice - ok
21:39:39.0150 1392 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:39:39.0182 1392 adp94xx - ok
21:39:39.0197 1392 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:39:39.0213 1392 adpahci - ok
21:39:39.0228 1392 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:39:39.0244 1392 adpu320 - ok
21:39:39.0260 1392 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:39:39.0275 1392 AeLookupSvc - ok
21:39:39.0322 1392 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:39:39.0338 1392 AFD - ok
21:39:39.0369 1392 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:39:39.0384 1392 agp440 - ok
21:39:39.0416 1392 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:39:39.0431 1392 aic78xx - ok
21:39:39.0462 1392 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:39:39.0603 1392 ALG - ok
21:39:39.0618 1392 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:39:39.0634 1392 aliide - ok
21:39:39.0665 1392 [ A7406A311896BDDA7E382D206FD19DC7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:39:39.0681 1392 AMD External Events Utility - ok
21:39:39.0743 1392 AMD FUEL Service - ok
21:39:39.0759 1392 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:39:39.0774 1392 amdagp - ok
21:39:39.0806 1392 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:39:39.0821 1392 amdide - ok
21:39:39.0852 1392 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
21:39:39.0884 1392 amdiox86 - ok
21:39:39.0915 1392 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:39:39.0930 1392 AmdK8 - ok
21:39:40.0071 1392 [ 88E064F0DDD48394EFE9368DC54A679B ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:39:40.0149 1392 amdkmdag - ok
21:39:40.0196 1392 [ 744E88CDA1E8C46D2EE37319456405CB ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:39:40.0211 1392 amdkmdap - ok
21:39:40.0274 1392 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:39:40.0289 1392 AmdPPM - ok
21:39:40.0336 1392 [ AF8E6573058C7B88651E76B4426F9E05 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
21:39:40.0383 1392 amdsata - ok
21:39:40.0398 1392 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:39:40.0445 1392 amdsbs - ok
21:39:40.0461 1392 [ 1FB960FB68C75AAE203C50D6B8004C16 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
21:39:40.0493 1392 amdxata - ok
21:39:40.0555 1392 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:39:40.0571 1392 AntiVirSchedulerService - ok
21:39:40.0618 1392 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:39:40.0618 1392 AntiVirService - ok
21:39:40.0665 1392 [ 40C15CE1B832B78CC2A2F61807058763 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
21:39:40.0711 1392 AODDriver4.1 - ok
21:39:40.0743 1392 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:39:40.0758 1392 AppID - ok
21:39:40.0789 1392 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:39:40.0821 1392 AppIDSvc - ok
21:39:40.0852 1392 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:39:40.0883 1392 Appinfo - ok
21:39:40.0961 1392 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:39:40.0977 1392 Apple Mobile Device - ok
21:39:40.0992 1392 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:39:41.0008 1392 arc - ok
21:39:41.0039 1392 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:39:41.0055 1392 arcsas - ok
21:39:41.0101 1392 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:39:41.0117 1392 aspnet_state - ok
21:39:41.0133 1392 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:39:41.0164 1392 AsyncMac - ok
21:39:41.0195 1392 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:39:41.0211 1392 atapi - ok
21:39:41.0257 1392 [ 434192D027A6A11E32E1C74C7C43E1ED ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
21:39:41.0320 1392 AtiHDAudioService - ok
21:39:41.0351 1392 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:39:41.0367 1392 AtiHdmiService - ok
21:39:41.0382 1392 [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
21:39:41.0413 1392 AtiPcie - ok
21:39:41.0460 1392 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:39:41.0523 1392 AudioEndpointBuilder - ok
21:39:41.0523 1392 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:39:41.0569 1392 Audiosrv - ok
21:39:41.0632 1392 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:39:41.0679 1392 avgntflt - ok
21:39:41.0710 1392 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:39:41.0757 1392 avipbb - ok
21:39:41.0772 1392 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:39:41.0803 1392 avkmgr - ok
21:39:41.0850 1392 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:39:41.0897 1392 AxInstSV - ok
21:39:41.0928 1392 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:39:41.0944 1392 b06bdrv - ok
21:39:41.0975 1392 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:39:41.0991 1392 b57nd60x - ok
21:39:42.0006 1392 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:39:42.0022 1392 BDESVC - ok
21:39:42.0037 1392 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:39:42.0069 1392 Beep - ok
21:39:42.0115 1392 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:39:42.0162 1392 BFE - ok
21:39:42.0209 1392 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:39:42.0240 1392 BITS - ok
21:39:42.0271 1392 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:39:42.0287 1392 blbdrive - ok
21:39:42.0365 1392 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:39:42.0381 1392 Bonjour Service - ok
21:39:42.0412 1392 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:39:42.0427 1392 bowser - ok
21:39:42.0427 1392 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:39:42.0443 1392 BrFiltLo - ok
21:39:42.0459 1392 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:39:42.0474 1392 BrFiltUp - ok
21:39:42.0505 1392 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:39:42.0521 1392 Browser - ok
21:39:42.0537 1392 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:39:42.0552 1392 Brserid - ok
21:39:42.0568 1392 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:39:42.0583 1392 BrSerWdm - ok
21:39:42.0615 1392 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:39:42.0630 1392 BrUsbMdm - ok
21:39:42.0630 1392 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:39:42.0646 1392 BrUsbSer - ok
21:39:42.0677 1392 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:39:42.0693 1392 BTHMODEM - ok
21:39:42.0724 1392 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:39:42.0739 1392 bthserv - ok
21:39:42.0771 1392 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:39:42.0802 1392 cdfs - ok
21:39:42.0849 1392 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:39:42.0864 1392 cdrom - ok
21:39:42.0911 1392 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:39:42.0927 1392 CertPropSvc - ok
21:39:42.0942 1392 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:39:42.0958 1392 circlass - ok
21:39:42.0989 1392 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:39:43.0005 1392 CLFS - ok
21:39:43.0020 1392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:39:43.0036 1392 clr_optimization_v2.0.50727_32 - ok
21:39:43.0114 1392 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:39:43.0129 1392 clr_optimization_v4.0.30319_32 - ok
21:39:43.0145 1392 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:39:43.0161 1392 CmBatt - ok
21:39:43.0192 1392 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:39:43.0207 1392 cmdide - ok
21:39:43.0239 1392 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:39:43.0270 1392 CNG - ok
21:39:43.0285 1392 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:39:43.0301 1392 Compbatt - ok
21:39:43.0332 1392 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:39:43.0348 1392 CompositeBus - ok
21:39:43.0363 1392 COMSysApp - ok
21:39:43.0379 1392 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:39:43.0395 1392 crcdisk - ok
21:39:43.0441 1392 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:39:43.0457 1392 CryptSvc - ok
21:39:43.0536 1392 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:39:43.0598 1392 cvhsvc - ok
21:39:43.0645 1392 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:39:43.0676 1392 DcomLaunch - ok
21:39:43.0692 1392 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:39:43.0723 1392 defragsvc - ok
21:39:43.0770 1392 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:39:43.0786 1392 DfsC - ok
21:39:43.0817 1392 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:39:43.0848 1392 Dhcp - ok
21:39:43.0879 1392 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:39:43.0895 1392 discache - ok
21:39:43.0942 1392 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:39:43.0957 1392 Disk - ok
21:39:43.0988 1392 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:39:44.0004 1392 Dnscache - ok
21:39:44.0051 1392 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:39:44.0066 1392 dot3svc - ok
21:39:44.0113 1392 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:39:44.0144 1392 DPS - ok
21:39:44.0160 1392 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:39:44.0176 1392 drmkaud - ok
21:39:44.0222 1392 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:39:44.0254 1392 dtsoftbus01 - ok
21:39:44.0300 1392 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:39:44.0332 1392 DXGKrnl - ok
21:39:44.0363 1392 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:39:44.0394 1392 EapHost - ok
21:39:44.0456 1392 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:39:44.0520 1392 ebdrv - ok
21:39:44.0567 1392 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:39:44.0567 1392 EFS - ok
21:39:44.0629 1392 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:39:44.0645 1392 ehRecvr - ok
21:39:44.0676 1392 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:39:44.0691 1392 ehSched - ok
21:39:44.0723 1392 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:39:44.0738 1392 elxstor - ok
21:39:44.0754 1392 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:39:44.0769 1392 ErrDev - ok
21:39:44.0801 1392 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:39:44.0832 1392 EventSystem - ok
21:39:44.0847 1392 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:39:44.0894 1392 exfat - ok
21:39:44.0910 1392 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:39:44.0941 1392 fastfat - ok
21:39:44.0988 1392 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:39:45.0019 1392 Fax - ok
21:39:45.0050 1392 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:39:45.0066 1392 fdc - ok
21:39:45.0081 1392 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:39:45.0113 1392 fdPHost - ok
21:39:45.0113 1392 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:39:45.0144 1392 FDResPub - ok
21:39:45.0175 1392 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:39:45.0191 1392 FileInfo - ok
21:39:45.0206 1392 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:39:45.0237 1392 Filetrace - ok
21:39:45.0253 1392 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:39:45.0253 1392 flpydisk - ok
21:39:45.0284 1392 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:39:45.0300 1392 FltMgr - ok
21:39:45.0347 1392 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:39:45.0362 1392 FontCache - ok
21:39:45.0409 1392 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:39:45.0425 1392 FontCache3.0.0.0 - ok
21:39:45.0425 1392 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:39:45.0440 1392 FsDepends - ok
21:39:45.0471 1392 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:39:45.0518 1392 Fs_Rec - ok
21:39:45.0565 1392 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:39:45.0612 1392 fvevol - ok
21:39:45.0643 1392 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:39:45.0643 1392 gagp30kx - ok
21:39:45.0705 1392 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:39:45.0705 1392 GEARAspiWDM - ok
21:39:45.0752 1392 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:39:45.0815 1392 gpsvc - ok
21:39:45.0830 1392 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:39:45.0846 1392 hcw85cir - ok
21:39:45.0908 1392 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:39:46.0002 1392 HdAudAddService - ok
21:39:46.0017 1392 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:39:46.0049 1392 HDAudBus - ok
21:39:46.0064 1392 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:39:46.0080 1392 HidBatt - ok
21:39:46.0095 1392 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:39:46.0111 1392 HidBth - ok
21:39:46.0127 1392 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:39:46.0142 1392 HidIr - ok
21:39:46.0173 1392 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:39:46.0220 1392 hidserv - ok
21:39:46.0236 1392 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:39:46.0251 1392 HidUsb - ok
21:39:46.0283 1392 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:39:46.0298 1392 hkmsvc - ok
21:39:46.0345 1392 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:39:46.0361 1392 HomeGroupListener - ok
21:39:46.0392 1392 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:39:46.0407 1392 HomeGroupProvider - ok
21:39:46.0439 1392 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:39:46.0454 1392 HpSAMD - ok
21:39:46.0517 1392 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:39:46.0549 1392 HTTP - ok
21:39:46.0580 1392 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:39:46.0596 1392 hwpolicy - ok
21:39:46.0627 1392 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:39:46.0642 1392 i8042prt - ok
21:39:46.0689 1392 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:39:46.0705 1392 iaStorV - ok
21:39:46.0767 1392 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:39:46.0798 1392 idsvc - ok
21:39:46.0830 1392 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:39:46.0845 1392 iirsp - ok
21:39:46.0892 1392 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:39:46.0923 1392 IKEEXT - ok
21:39:47.0017 1392 [ 5A4AAD2240CB8B50FFEAEDB2BF747ABD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:39:47.0126 1392 IntcAzAudAddService - ok
21:39:47.0142 1392 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:39:47.0157 1392 intelide - ok
21:39:47.0188 1392 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:39:47.0204 1392 intelppm - ok
21:39:47.0220 1392 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:39:47.0251 1392 IPBusEnum - ok
21:39:47.0266 1392 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:39:47.0298 1392 IpFilterDriver - ok
21:39:47.0344 1392 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:39:47.0376 1392 iphlpsvc - ok
21:39:47.0391 1392 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:39:47.0407 1392 IPMIDRV - ok
21:39:47.0422 1392 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:39:47.0469 1392 IPNAT - ok
21:39:47.0532 1392 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:39:47.0563 1392 iPod Service - ok
21:39:47.0578 1392 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:39:47.0594 1392 IRENUM - ok
21:39:47.0641 1392 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:39:47.0641 1392 isapnp - ok
21:39:47.0672 1392 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:39:47.0688 1392 iScsiPrt - ok
21:39:47.0719 1392 [ 858CE8CCD0FA4845AEB1A9C89EC3A0F2 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
21:39:47.0734 1392 JMCR - ok
21:39:47.0750 1392 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:39:47.0766 1392 kbdclass - ok
21:39:47.0781 1392 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:39:47.0797 1392 kbdhid - ok
21:39:47.0812 1392 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:39:47.0828 1392 KeyIso - ok
21:39:47.0859 1392 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:39:47.0875 1392 KSecDD - ok
21:39:47.0906 1392 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:39:47.0953 1392 KSecPkg - ok
21:39:47.0984 1392 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:39:48.0015 1392 KtmRm - ok
21:39:48.0062 1392 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:39:48.0109 1392 LanmanServer - ok
21:39:48.0265 1392 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:39:48.0327 1392 LanmanWorkstation - ok
21:39:48.0358 1392 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:39:48.0390 1392 lltdio - ok
21:39:48.0421 1392 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:39:48.0452 1392 lltdsvc - ok
21:39:48.0468 1392 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:39:48.0499 1392 lmhosts - ok
21:39:48.0530 1392 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:39:48.0546 1392 LSI_FC - ok
21:39:48.0546 1392 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:39:48.0561 1392 LSI_SAS - ok
21:39:48.0592 1392 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:39:48.0608 1392 LSI_SAS2 - ok
21:39:48.0624 1392 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:39:48.0639 1392 LSI_SCSI - ok
21:39:48.0670 1392 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:39:48.0686 1392 luafv - ok
21:39:48.0733 1392 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:39:48.0748 1392 Mcx2Svc - ok
21:39:48.0748 1392 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:39:48.0764 1392 megasas - ok
21:39:48.0795 1392 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:39:48.0811 1392 MegaSR - ok
21:39:48.0873 1392 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files\System Control Manager\MSIService.exe
21:39:48.0920 1392 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
21:39:48.0920 1392 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
21:39:48.0936 1392 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:39:48.0967 1392 MMCSS - ok
21:39:48.0998 1392 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:39:49.0014 1392 Modem - ok
21:39:49.0045 1392 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:39:49.0060 1392 monitor - ok
21:39:49.0107 1392 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:39:49.0107 1392 mouclass - ok
21:39:49.0154 1392 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:39:49.0154 1392 mouhid - ok
21:39:49.0201 1392 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:39:49.0201 1392 mountmgr - ok
21:39:49.0279 1392 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:39:49.0294 1392 MozillaMaintenance - ok
21:39:49.0310 1392 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:39:49.0326 1392 mpio - ok
21:39:49.0357 1392 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:39:49.0372 1392 mpsdrv - ok
21:39:49.0419 1392 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:39:49.0450 1392 MpsSvc - ok
21:39:49.0482 1392 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:39:49.0513 1392 MRxDAV - ok
21:39:49.0544 1392 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:39:49.0560 1392 mrxsmb - ok
21:39:49.0591 1392 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:39:49.0606 1392 mrxsmb10 - ok
21:39:49.0622 1392 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:39:49.0638 1392 mrxsmb20 - ok
21:39:49.0669 1392 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:39:49.0684 1392 msahci - ok
21:39:49.0700 1392 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:39:49.0716 1392 msdsm - ok
21:39:49.0731 1392 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:39:49.0747 1392 MSDTC - ok
21:39:49.0778 1392 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:39:49.0809 1392 Msfs - ok
21:39:49.0825 1392 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:39:49.0856 1392 mshidkmdf - ok
21:39:49.0872 1392 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:39:49.0887 1392 msisadrv - ok
21:39:49.0903 1392 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:39:49.0950 1392 MSiSCSI - ok
21:39:49.0950 1392 msiserver - ok
21:39:49.0981 1392 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:39:49.0996 1392 MSKSSRV - ok
21:39:50.0012 1392 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:39:50.0074 1392 MSPCLOCK - ok
21:39:50.0090 1392 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:39:50.0121 1392 MSPQM - ok
21:39:50.0137 1392 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:39:50.0152 1392 MsRPC - ok
21:39:50.0168 1392 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:39:50.0184 1392 mssmbios - ok
21:39:50.0184 1392 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:39:50.0230 1392 MSTEE - ok
21:39:50.0262 1392 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:39:50.0277 1392 MTConfig - ok
21:39:50.0293 1392 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:39:50.0308 1392 Mup - ok
21:39:50.0340 1392 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:39:50.0371 1392 napagent - ok
21:39:50.0402 1392 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:39:50.0418 1392 NativeWifiP - ok
21:39:50.0480 1392 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:39:50.0511 1392 NDIS - ok
21:39:50.0527 1392 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:39:50.0558 1392 NdisCap - ok
21:39:50.0589 1392 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:39:50.0605 1392 NdisTapi - ok
21:39:50.0636 1392 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:39:50.0698 1392 Ndisuio - ok
21:39:50.0730 1392 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:39:50.0761 1392 NdisWan - ok
21:39:50.0792 1392 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:39:50.0808 1392 NDProxy - ok
21:39:50.0823 1392 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:39:50.0854 1392 NetBIOS - ok
21:39:50.0901 1392 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:39:50.0948 1392 NetBT - ok
21:39:50.0964 1392 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:39:50.0979 1392 Netlogon - ok
21:39:51.0010 1392 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:39:51.0042 1392 Netman - ok
21:39:51.0057 1392 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:39:51.0135 1392 netprofm - ok
21:39:51.0151 1392 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:39:51.0166 1392 NetTcpPortSharing - ok
21:39:51.0198 1392 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:39:51.0213 1392 nfrd960 - ok
21:39:51.0244 1392 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:39:51.0276 1392 NlaSvc - ok
21:39:51.0291 1392 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:39:51.0338 1392 Npfs - ok
21:39:51.0354 1392 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:39:51.0369 1392 nsi - ok
21:39:51.0385 1392 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:39:51.0416 1392 nsiproxy - ok
21:39:51.0478 1392 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:39:51.0541 1392 Ntfs - ok
21:39:51.0556 1392 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:39:51.0589 1392 Null - ok
21:39:51.0604 1392 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:39:51.0620 1392 nvraid - ok
21:39:51.0667 1392 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:39:51.0682 1392 nvstor - ok
21:39:51.0713 1392 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:39:51.0729 1392 nv_agp - ok
21:39:51.0745 1392 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:39:51.0776 1392 ohci1394 - ok
21:39:51.0823 1392 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:39:51.0838 1392 ose - ok
21:39:51.0947 1392 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:39:52.0057 1392 osppsvc - ok
21:39:52.0088 1392 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:39:52.0103 1392 p2pimsvc - ok
21:39:52.0135 1392 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:39:52.0150 1392 p2psvc - ok
21:39:52.0166 1392 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:39:52.0181 1392 Parport - ok
21:39:52.0213 1392 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:39:52.0228 1392 partmgr - ok
21:39:52.0259 1392 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:39:52.0275 1392 Parvdm - ok
21:39:52.0306 1392 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:39:52.0353 1392 PcaSvc - ok
21:39:52.0384 1392 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:39:52.0400 1392 pci - ok
21:39:52.0431 1392 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:39:52.0447 1392 pciide - ok
21:39:52.0478 1392 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:39:52.0478 1392 pcmcia - ok
21:39:52.0509 1392 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:39:52.0525 1392 pcw - ok
21:39:52.0556 1392 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:39:52.0587 1392 PEAUTH - ok
21:39:52.0666 1392 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:39:52.0713 1392 pla - ok
21:39:52.0728 1392 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:39:52.0760 1392 PlugPlay - ok
21:39:52.0775 1392 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:39:52.0791 1392 PNRPAutoReg - ok
21:39:52.0822 1392 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:39:52.0853 1392 PNRPsvc - ok
21:39:52.0884 1392 [ 420336F91EB745811CF130C80EDE0653 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
21:39:52.0900 1392 Point32 - ok
21:39:52.0947 1392 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:39:53.0009 1392 PolicyAgent - ok
21:39:53.0025 1392 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:39:53.0056 1392 Power - ok
21:39:53.0087 1392 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:39:53.0118 1392 PptpMiniport - ok
21:39:53.0134 1392 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:39:53.0134 1392 Processor - ok
21:39:53.0165 1392 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:39:53.0181 1392 ProfSvc - ok
21:39:53.0181 1392 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:39:53.0228 1392 ProtectedStorage - ok
21:39:53.0290 1392 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:39:53.0337 1392 Psched - ok
21:39:53.0368 1392 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:39:53.0368 1392 PSI_SVC_2 - ok
21:39:53.0415 1392 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:39:53.0446 1392 ql2300 - ok
21:39:53.0477 1392 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:39:53.0493 1392 ql40xx - ok
21:39:53.0540 1392 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:39:53.0571 1392 QWAVE - ok
21:39:53.0586 1392 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:39:53.0602 1392 QWAVEdrv - ok
21:39:53.0618 1392 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:39:53.0649 1392 RasAcd - ok
21:39:53.0664 1392 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:39:53.0696 1392 RasAgileVpn - ok
21:39:53.0711 1392 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:39:53.0742 1392 RasAuto - ok
21:39:53.0758 1392 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:39:53.0789 1392 Rasl2tp - ok
21:39:53.0836 1392 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:39:53.0867 1392 RasMan - ok
21:39:53.0883 1392 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:39:53.0898 1392 RasPppoe - ok
21:39:53.0914 1392 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:39:54.0008 1392 RasSstp - ok
21:39:54.0023 1392 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:39:54.0039 1392 rdbss - ok
21:39:54.0070 1392 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:39:54.0086 1392 rdpbus - ok
21:39:54.0117 1392 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:54.0164 1392 RDPCDD - ok
21:39:54.0195 1392 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:39:54.0210 1392 RDPENCDD - ok
21:39:54.0226 1392 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:39:54.0242 1392 RDPREFMP - ok
21:39:54.0288 1392 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:39:54.0304 1392 RDPWD - ok
21:39:54.0351 1392 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:39:54.0366 1392 rdyboost - ok
21:39:54.0398 1392 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:39:54.0491 1392 RemoteAccess - ok
21:39:54.0507 1392 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:39:54.0538 1392 RemoteRegistry - ok
21:39:54.0554 1392 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:39:54.0585 1392 RpcEptMapper - ok
21:39:54.0600 1392 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:39:54.0616 1392 RpcLocator - ok
21:39:54.0632 1392 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:39:54.0710 1392 RpcSs - ok
21:39:54.0725 1392 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:39:54.0756 1392 rspndr - ok
21:39:54.0788 1392 [ E38B785802C666782D2880738D01AC10 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
21:39:54.0788 1392 RTHDMIAzAudService - ok
21:39:54.0834 1392 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
21:39:54.0850 1392 RTL8167 - ok
21:39:54.0912 1392 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
21:39:54.0959 1392 rtl8192se - ok
21:39:54.0975 1392 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:39:54.0975 1392 SamSs - ok
21:39:55.0022 1392 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:39:55.0037 1392 sbp2port - ok
21:39:55.0068 1392 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:39:55.0100 1392 SCardSvr - ok
21:39:55.0115 1392 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:39:55.0224 1392 scfilter - ok
21:39:55.0271 1392 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:39:55.0334 1392 Schedule - ok
21:39:55.0349 1392 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:39:55.0380 1392 SCPolicySvc - ok
21:39:55.0396 1392 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:39:55.0412 1392 sdbus - ok
21:39:55.0443 1392 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:39:55.0474 1392 SDRSVC - ok
21:39:55.0505 1392 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:39:55.0536 1392 secdrv - ok
21:39:55.0568 1392 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:39:55.0599 1392 seclogon - ok
21:39:55.0614 1392 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:39:55.0646 1392 SENS - ok
21:39:55.0661 1392 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:39:55.0677 1392 SensrSvc - ok
21:39:55.0708 1392 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:39:55.0724 1392 Serenum - ok
21:39:55.0739 1392 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:39:55.0739 1392 Serial - ok
21:39:55.0755 1392 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:39:55.0770 1392 sermouse - ok
21:39:55.0817 1392 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:39:55.0848 1392 SessionEnv - ok
21:39:55.0880 1392 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:39:55.0911 1392 sffdisk - ok
21:39:55.0911 1392 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:39:55.0926 1392 sffp_mmc - ok
21:39:55.0942 1392 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:39:55.0958 1392 sffp_sd - ok
21:39:55.0989 1392 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:39:56.0004 1392 sfloppy - ok
21:39:56.0051 1392 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:39:56.0082 1392 Sftfs - ok
21:39:56.0160 1392 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
21:39:56.0176 1392 sftlist - ok
21:39:56.0223 1392 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:39:56.0238 1392 Sftplay - ok
21:39:56.0254 1392 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:39:56.0270 1392 Sftredir - ok
21:39:56.0285 1392 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:39:56.0301 1392 Sftvol - ok
21:39:56.0316 1392 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
21:39:56.0332 1392 sftvsa - ok
21:39:56.0363 1392 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:39:56.0394 1392 SharedAccess - ok
21:39:56.0426 1392 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:39:56.0457 1392 ShellHWDetection - ok
21:39:56.0488 1392 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:39:56.0488 1392 sisagp - ok
21:39:56.0535 1392 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:39:56.0535 1392 SiSRaid2 - ok
21:39:56.0566 1392 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:39:56.0582 1392 SiSRaid4 - ok
21:39:56.0628 1392 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:39:56.0644 1392 SkypeUpdate - ok
21:39:56.0675 1392 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:39:56.0706 1392 Smb - ok
21:39:56.0738 1392 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:39:56.0769 1392 SNMPTRAP - ok
21:39:56.0769 1392 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:39:56.0784 1392 spldr - ok
21:39:56.0831 1392 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:39:56.0847 1392 Spooler - ok
21:39:56.0940 1392 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:39:57.0003 1392 sppsvc - ok
21:39:57.0050 1392 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:39:57.0065 1392 sppuinotify - ok
21:39:57.0112 1392 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:39:57.0143 1392 srv - ok
21:39:57.0159 1392 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:39:57.0174 1392 srv2 - ok
21:39:57.0190 1392 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:39:57.0206 1392 srvnet - ok
21:39:57.0237 1392 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:39:57.0268 1392 SSDPSRV - ok
21:39:57.0299 1392 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:39:57.0315 1392 ssmdrv - ok
21:39:57.0330 1392 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:39:57.0346 1392 SstpSvc - ok
21:39:57.0377 1392 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:39:57.0393 1392 stexstor - ok
21:39:57.0440 1392 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:39:57.0455 1392 StiSvc - ok
21:39:57.0486 1392 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:39:57.0502 1392 swenum - ok
21:39:57.0533 1392 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:39:57.0580 1392 swprv - ok
21:39:57.0627 1392 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:39:57.0674 1392 SynTP - ok
21:39:57.0720 1392 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:39:57.0752 1392 SysMain - ok
21:39:57.0798 1392 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:39:57.0814 1392 TabletInputService - ok
21:39:57.0861 1392 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:39:57.0908 1392 TapiSrv - ok
21:39:57.0939 1392 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:39:57.0970 1392 TBS - ok
21:39:58.0017 1392 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:39:58.0048 1392 Tcpip - ok
21:39:58.0079 1392 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:39:58.0110 1392 TCPIP6 - ok
21:39:58.0142 1392 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:39:58.0173 1392 tcpipreg - ok
21:39:58.0204 1392 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:39:58.0220 1392 TDPIPE - ok
21:39:58.0266 1392 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:39:58.0266 1392 TDTCP - ok
21:39:58.0298 1392 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:39:58.0360 1392 tdx - ok
21:39:58.0376 1392 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:39:58.0391 1392 TermDD - ok
21:39:58.0438 1392 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:39:58.0469 1392 TermService - ok
21:39:58.0485 1392 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:39:58.0500 1392 Themes - ok
21:39:58.0516 1392 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:39:58.0547 1392 THREADORDER - ok
21:39:58.0563 1392 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:39:58.0594 1392 TrkWks - ok
21:39:58.0641 1392 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:39:58.0656 1392 TrustedInstaller - ok
21:39:58.0689 1392 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:58.0720 1392 tssecsrv - ok
21:39:58.0782 1392 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:39:58.0782 1392 TsUsbFlt - ok
21:39:58.0845 1392 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:39:58.0907 1392 tunnel - ok
21:39:58.0923 1392 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:39:58.0938 1392 uagp35 - ok
21:39:58.0969 1392 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:39:59.0063 1392 udfs - ok
21:39:59.0157 1392 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:39:59.0172 1392 UI0Detect - ok
21:39:59.0235 1392 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:39:59.0250 1392 uliagpkx - ok
21:39:59.0266 1392 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:39:59.0281 1392 umbus - ok
21:39:59.0328 1392 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:39:59.0328 1392 UmPass - ok
21:39:59.0359 1392 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:39:59.0391 1392 upnphost - ok
21:39:59.0437 1392 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:39:59.0453 1392 USBAAPL - ok
21:39:59.0531 1392 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:59.0531 1392 usbccgp - ok
21:39:59.0547 1392 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:39:59.0578 1392 usbcir - ok
21:39:59.0609 1392 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:39:59.0625 1392 usbehci - ok
21:39:59.0656 1392 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:39:59.0671 1392 usbhub - ok
21:39:59.0687 1392 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:39:59.0687 1392 usbohci - ok
21:39:59.0718 1392 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:39:59.0734 1392 usbprint - ok
21:39:59.0765 1392 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:59.0781 1392 USBSTOR - ok
21:39:59.0796 1392 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:39:59.0812 1392 usbuhci - ok
21:39:59.0859 1392 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:39:59.0874 1392 usbvideo - ok
21:39:59.0890 1392 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:39:59.0921 1392 UxSms - ok
21:39:59.0937 1392 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:39:59.0952 1392 VaultSvc - ok
21:39:59.0968 1392 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:39:59.0968 1392 vdrvroot - ok
21:40:00.0030 1392 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:40:00.0061 1392 vds - ok
21:40:00.0093 1392 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:40:00.0108 1392 vga - ok
21:40:00.0124 1392 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:40:00.0139 1392 VgaSave - ok
21:40:00.0186 1392 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:40:00.0202 1392 vhdmp - ok
21:40:00.0217 1392 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:40:00.0233 1392 viaagp - ok
21:40:00.0249 1392 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:40:00.0264 1392 ViaC7 - ok
21:40:00.0280 1392 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:40:00.0295 1392 viaide - ok
21:40:00.0311 1392 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:40:00.0327 1392 volmgr - ok
21:40:00.0358 1392 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:40:00.0389 1392 volmgrx - ok
21:40:00.0389 1392 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:40:00.0405 1392 volsnap - ok
21:40:00.0436 1392 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:40:00.0451 1392 vsmraid - ok
21:40:00.0514 1392 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:40:00.0545 1392 VSS - ok
21:40:00.0561 1392 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:40:00.0576 1392 vwifibus - ok
21:40:00.0607 1392 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:40:00.0623 1392 vwififlt - ok
21:40:00.0654 1392 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:40:00.0670 1392 vwifimp - ok
21:40:00.0685 1392 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:40:00.0732 1392 W32Time - ok
21:40:00.0748 1392 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:40:00.0763 1392 WacomPen - ok
21:40:00.0810 1392 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:40:00.0857 1392 WANARP - ok
21:40:00.0857 1392 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:40:00.0919 1392 Wanarpv6 - ok
21:40:00.0935 1392 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:40:00.0966 1392 wbengine - ok
21:40:00.0982 1392 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:40:00.0997 1392 WbioSrvc - ok
21:40:01.0044 1392 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:40:01.0075 1392 wcncsvc - ok
21:40:01.0091 1392 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:40:01.0107 1392 WcsPlugInService - ok
21:40:01.0122 1392 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:40:01.0138 1392 Wd - ok
21:40:01.0169 1392 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:40:01.0200 1392 Wdf01000 - ok
21:40:01.0216 1392 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:40:01.0231 1392 WdiServiceHost - ok
21:40:01.0231 1392 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:40:01.0263 1392 WdiSystemHost - ok
21:40:01.0294 1392 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:40:01.0325 1392 WebClient - ok
21:40:01.0341 1392 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:40:01.0372 1392 Wecsvc - ok
21:40:01.0387 1392 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:40:01.0419 1392 wercplsupport - ok
21:40:01.0434 1392 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:40:01.0497 1392 WerSvc - ok
21:40:01.0528 1392 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:40:01.0559 1392 WfpLwf - ok
21:40:01.0575 1392 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:40:01.0590 1392 WIMMount - ok
21:40:01.0653 1392 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:40:01.0668 1392 WinDefend - ok
21:40:01.0684 1392 WinHttpAutoProxySvc - ok
21:40:01.0732 1392 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:40:01.0778 1392 Winmgmt - ok
21:40:01.0825 1392 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:40:01.0903 1392 WinRM - ok
21:40:01.0950 1392 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:40:01.0997 1392 WinUsb - ok
21:40:02.0028 1392 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:40:02.0075 1392 Wlansvc - ok
21:40:02.0184 1392 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:40:02.0215 1392 wlidsvc - ok
21:40:02.0262 1392 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:40:02.0293 1392 WmiAcpi - ok
21:40:02.0340 1392 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:40:02.0356 1392 wmiApSrv - ok
21:40:02.0465 1392 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:40:02.0496 1392 WMPNetworkSvc - ok
21:40:02.0512 1392 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:40:02.0527 1392 WPCSvc - ok
21:40:02.0574 1392 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:40:02.0590 1392 WPDBusEnum - ok
21:40:02.0605 1392 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:40:02.0636 1392 ws2ifsl - ok
21:40:02.0652 1392 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:40:02.0668 1392 wscsvc - ok
21:40:02.0668 1392 WSearch - ok
21:40:02.0747 1392 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:40:02.0793 1392 wuauserv - ok
21:40:02.0825 1392 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:40:02.0840 1392 WudfPf - ok
21:40:02.0856 1392 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:40:02.0871 1392 WUDFRd - ok
21:40:02.0887 1392 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:40:02.0918 1392 wudfsvc - ok
21:40:02.0949 1392 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:40:02.0965 1392 WwanSvc - ok
21:40:02.0996 1392 ================ Scan global ===============================
21:40:03.0027 1392 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:40:03.0059 1392 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:40:03.0074 1392 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:40:03.0105 1392 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:40:03.0105 1392 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:40:03.0121 1392 [Global] - ok
21:40:03.0121 1392 ================ Scan MBR ==================================
21:40:03.0137 1392 [ 2E0FE7FC299470E30383716B164CF901 ] \Device\Harddisk0\DR0
21:40:07.0381 1392 \Device\Harddisk0\DR0 - ok
21:40:07.0381 1392 ================ Scan VBR ==================================
21:40:07.0396 1392 [ D51E3885486D3F793FC796685F9AFC79 ] \Device\Harddisk0\DR0\Partition1
21:40:07.0396 1392 \Device\Harddisk0\DR0\Partition1 - ok
21:40:07.0412 1392 [ 15C1F1574BA8C96D6717B9AB4AABB176 ] \Device\Harddisk0\DR0\Partition2
21:40:07.0412 1392 \Device\Harddisk0\DR0\Partition2 - ok
21:40:07.0443 1392 [ 61375CEDF3F16A0F785B2177108CDCAE ] \Device\Harddisk0\DR0\Partition3
21:40:07.0443 1392 \Device\Harddisk0\DR0\Partition3 - ok
21:40:07.0443 1392 ============================================================
21:40:07.0443 1392 Scan finished
21:40:07.0443 1392 ============================================================
21:40:07.0459 2264 Detected object count: 1
21:40:07.0459 2264 Actual detected object count: 1
21:41:09.0641 2264 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
21:41:09.0641 2264 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip


Alt 21.12.2012, 15:25   #6
markusg
/// Malware-holic
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> GVU mit CAM auf Kinox.to

Alt 23.12.2012, 15:50   #7
cwalk
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-22.02 - Alice 23.12.2012  15:04:53.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.1.1252.49.1031.18.3839.2698 [GMT 1:00]
ausgeführt von:: c:\users\Alice\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alice\AppData\Local\4GB_EN.exe
c:\users\Alice\AppData\Local\4GB_GER.exe
c:\users\Alice\AppData\Local\gui.exe
c:\users\Alice\AppData\Local\ntkrlICE.exe
c:\users\Alice\AppData\Local\Wtrmrk.exe
c:\windows\system32\ntkrlICE.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-23 bis 2012-12-23  ))))))))))))))))))))))))))))))
.
.
2012-12-23 14:28 . 2012-12-23 14:29	--------	d-----w-	c:\users\Alice\AppData\Local\temp
2012-12-23 14:28 . 2012-12-23 14:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-23 14:07 . 2012-12-23 14:07	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A3EE6DA-E753-43C1-9554-4F2C0AD4D8FC}\offreg.dll
2012-12-22 02:53 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A3EE6DA-E753-43C1-9554-4F2C0AD4D8FC}\mpengine.dll
2012-12-21 18:51 . 2012-12-21 18:53	--------	d-----w-	c:\program files\OpenVPN
2012-12-21 09:02 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 09:02 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-20 22:31 . 2012-12-20 22:31	--------	d-----w-	c:\program files\CCleaner
2012-12-20 15:31 . 2012-12-20 15:41	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-12-20 14:10 . 2012-12-20 14:10	242240	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-12-20 14:10 . 2012-12-20 14:12	--------	d-----w-	c:\users\Alice\AppData\Roaming\DAEMON Tools Lite
2012-12-20 14:10 . 2012-12-20 14:10	--------	d-----w-	c:\program files\DAEMON Tools Lite
2012-12-20 14:10 . 2012-12-20 14:12	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2012-12-15 15:54 . 2012-12-15 16:19	--------	d-----w-	C:\Star Wars-The Old Republic
2012-12-15 15:54 . 2012-12-15 15:54	--------	d-----w-	c:\users\hedev
2012-12-11 19:29 . 2012-11-02 05:11	376832	----a-w-	c:\windows\system32\dpnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 07:39 . 2012-11-27 19:31	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-09-25 22:47 . 2012-11-15 18:01	78336	----a-w-	c:\windows\system32\synceng.dll
2012-09-24 21:16 . 2012-10-20 19:35	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-12-07 23:12 . 2012-10-12 18:28	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54	175912	----a-w-	c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-08 1481320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-06-22 2478080]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Alice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-11-02 12:21	103720	------w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-11-02 16:50	127040	----a-w-	c:\program files\ICQ7.6\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50	4280184	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-06-11 13:00	641704	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\5ekj4yop.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1877026290-1340578905-802739823-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1877026290-1340578905-802739823-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-23  15:36:28
ComboFix-quarantined-files.txt  2012-12-23 14:36
.
Vor Suchlauf: 9 Verzeichnis(se), 162.035.388.416 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 165.672.513.536 Bytes frei
.
- - End Of File - - CC329792D0F1D88B379F9DD903F373D5
         
--- --- ---

Alt 27.12.2012, 01:09   #8
cwalk
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



die page ist zwischenzeitig wieder aufgetaucht und bin wieder nach

Reveton.C (GVU-Trojaner mit Webcam) entfernen (Vista/Win7) | Evild3ad

vorgegangen...

Reveton.C (GVU-Trojaner mit Webcam) entfernen (Vista/Win7) | Evild3ad

keine ahnung warum ich hier nicht den link einfach posten kann, aber hatte den ja auch im ersten beitrag angegeben...

seit dem geht das inet wieder...

hoffe auf eine baldige lösung

Alt 27.12.2012, 16:55   #9
markusg
/// Malware-holic
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



Surfe nicht im Netz, außer auf von mir genannten seiten.
Finger weg von illegalem mist, wie kinox.to das sind Malwareschläudern.

Poste bitte ein neues otl log
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.12.2012, 15:18   #10
cwalk
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.12.2012 15:00:32 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alice\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,37% Memory free
6,00 Gb Paging File | 4,85 Gb Available in Paging File | 80,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 256,99 Gb Total Space | 151,09 Gb Free Space | 58,79% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 26,19 Gb Free Space | 65,47% Space Free | Partition Type: NTFS
 
Computer Name: BUNSE | User Name: Alice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.20 17:33:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.08 21:35:42 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.11 12:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012.05.08 21:00:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:00:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:00:51 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.07 15:55:40 | 001,797,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.06.22 14:07:46 | 002,478,080 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2010.06.08 21:52:30 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.06.08 16:19:14 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.08 00:12:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 12:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.05.08 21:00:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:00:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Disabled | Stopped] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.12.20 15:10:38 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012.05.08 21:00:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:00:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.03.05 15:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.09 00:53:34 | 005,551,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.06.08 21:19:18 | 000,176,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.05.26 16:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010.05.06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.01 09:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.12.02 14:01:06 | 000,168,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {84965E3F-D633-47BA-B913-9A0B223490E8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{84965E3F-D633-47BA-B913-9A0B223490E8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: engine%40plasmoo.com:1.0.0.32
FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Alice\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.20 20:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.25 12:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.25 12:51:11 | 000,000,000 | ---D | M]
 
[2010.08.03 13:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\Extensions
[2012.11.06 18:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions
[2012.07.25 08:26:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.11.06 18:17:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.26 02:59:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@conduit.com
[2011.07.07 12:44:06 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\engine@plasmoo.com
[2010.10.17 12:59:56 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Alice\AppData\Roaming\mozilla\Firefox\Profiles\5ekj4yop.default\extensions\vshare@toolbar
[2011.08.14 17:01:25 | 000,090,118 | ---- | M] () (No name found) -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2011.03.05 15:04:57 | 000,000,873 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\conduit.xml
[2012.12.25 16:17:27 | 000,001,056 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\icqplugin.xml
[2011.04.28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\5ekj4yop.default\searchplugins\plasmoo.xml
[2012.10.12 19:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.08 00:12:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.12 17:58:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 20:47:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 17:58:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 17:58:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 17:58:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 17:58:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3419D85-E322-4433-9B6A-C9BB26D39093}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Alice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip -  - File not found
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.28 14:54:23 | 000,000,000 | ---D | C] -- C:\Users\Alice\Desktop\alt
[2012.12.25 13:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.25 13:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.25 13:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.25 13:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.12.25 12:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.12.25 12:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.12.25 12:42:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.23 15:36:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.23 15:01:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 15:00:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.21 19:52:15 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012.12.21 19:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012.12.21 19:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2012.12.20 23:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.20 23:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.20 17:33:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe
[2012.12.20 16:31:49 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.20 15:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.12.20 15:10:38 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.12.20 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Roaming\DAEMON Tools Lite
[2012.12.20 15:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012.12.20 15:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.12.15 16:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2012.12.15 16:54:59 | 000,000,000 | ---D | C] -- C:\Star Wars-The Old Republic
[2012.12.13 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\Alice\AppData\Local\{0713CD0A-E4E0-4A94-8286-FEBC7F98148C}
[2012.01.01 18:42:16 | 000,021,504 | ---- | C] (deepxw) -- C:\Users\Alice\AppData\Local\Wtrmrk.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.28 15:04:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 15:04:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 15:02:08 | 000,680,058 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.28 15:02:08 | 000,629,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.28 15:02:08 | 000,115,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.28 15:02:07 | 000,139,880 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.28 14:56:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.28 14:56:45 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.25 13:24:01 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.21 19:52:16 | 000,001,071 | ---- | M] () -- C:\Users\Alice\Desktop\OpenVPN GUI.lnk
[2012.12.21 19:40:25 | 000,333,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.20 17:33:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alice\Desktop\OTL.exe
[2012.12.20 15:11:38 | 000,001,900 | ---- | M] () -- C:\Users\Alice\DAEMON Tools Lite.lnk
[2012.12.20 15:10:38 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.12.20 14:50:14 | 381,210,453 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.15 16:55:02 | 000,000,736 | ---- | M] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.25 13:24:01 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.21 19:52:16 | 000,001,071 | ---- | C] () -- C:\Users\Alice\Desktop\OpenVPN GUI.lnk
[2012.12.20 15:11:38 | 000,001,900 | ---- | C] () -- C:\Users\Alice\DAEMON Tools Lite.lnk
[2012.12.15 16:55:02 | 000,000,736 | ---- | C] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk
[2012.09.05 09:41:32 | 000,000,224 | ---- | C] () -- C:\Users\Alice\AppData\Roaming\wklnhst.dat
[2012.09.02 09:20:55 | 000,000,908 | ---- | C] () -- C:\Users\Alice\World of Warcraft.lnk
[2012.07.23 09:24:59 | 000,001,993 | ---- | C] () -- C:\Users\Alice\Adobe Reader X.lnk
[2012.06.11 12:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.05.14 17:52:46 | 000,000,941 | ---- | C] () -- C:\Users\Alice\Diablo III.lnk
[2012.04.14 11:54:47 | 000,000,366 | ---- | C] () -- C:\Users\Alice\WoW.lnk
[2012.04.08 12:27:50 | 000,002,187 | ---- | C] () -- C:\Users\Alice\AION.lnk
[2012.03.09 05:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.03.09 05:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.17 21:59:32 | 000,000,093 | ---- | C] () -- C:\Users\Alice\AppData\Local\fusioncache.dat
[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.14 19:59:13 | 000,001,055 | ---- | C] () -- C:\Users\Alice\PokerStars.net.lnk
[2012.01.01 18:42:16 | 002,076,309 | ---- | C] () -- C:\Users\Alice\AppData\Local\ntkrlICE.exe
[2012.01.01 18:42:16 | 000,570,073 | ---- | C] () -- C:\Users\Alice\AppData\Local\gui.exe
[2012.01.01 18:42:16 | 000,397,900 | ---- | C] () -- C:\Users\Alice\AppData\Local\4GB_GER.exe
[2012.01.01 18:42:16 | 000,397,900 | ---- | C] () -- C:\Users\Alice\AppData\Local\4GB_EN.exe
[2012.01.01 18:42:16 | 000,000,518 | ---- | C] () -- C:\Users\Alice\AppData\Local\UNAWAVE_EN.url
[2012.01.01 18:42:16 | 000,000,240 | ---- | C] () -- C:\Users\Alice\AppData\Local\UPDATE.url
[2012.01.01 18:42:16 | 000,000,216 | ---- | C] () -- C:\Users\Alice\AppData\Local\UNAWAVE_GER.url
[2012.01.01 17:52:31 | 000,007,597 | ---- | C] () -- C:\Users\Alice\AppData\Local\Resmon.ResmonCfg
[2011.12.25 03:21:52 | 000,001,586 | ---- | C] () -- C:\Users\Alice\DivX Movies.lnk
[2011.12.25 03:21:37 | 000,001,086 | ---- | C] () -- C:\Users\Alice\DivX Plus Player.lnk
[2011.10.18 18:02:10 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.10.06 20:35:16 | 000,411,744 | ---- | C] () -- C:\Users\Alice\Dok1.odt
[2011.10.03 14:28:23 | 000,001,586 | ---- | C] () -- C:\Users\Alice\DivX Movies (2).lnk
[2011.08.13 11:03:20 | 000,001,360 | ---- | C] () -- C:\Users\Alice\Free YouTube to MP3 Converter.lnk
[2011.08.13 11:03:20 | 000,001,257 | ---- | C] () -- C:\Users\Alice\Free Audio CD Burner.lnk
[2011.08.13 11:03:20 | 000,001,201 | ---- | C] () -- C:\Users\Alice\DVDVideoSoft Free Studio.lnk
[2011.08.13 10:57:52 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.06.10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.05 13:36:29 | 000,002,066 | ---- | C] () -- C:\Users\Alice\DivX Plus Converter.lnk
[2011.01.28 21:45:56 | 000,001,085 | ---- | C] () -- C:\Users\Alice\Audiograbber.lnk
[2011.01.15 16:53:50 | 000,000,550 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.08.28 16:10:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.23 03:04:00 | 000,002,690 | ---- | C] () -- C:\Users\Alice\Medion MediaPack.lnk
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.20 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\DAEMON Tools Lite
[2012.10.05 17:43:55 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Dropbox
[2012.11.03 13:18:35 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\DVDVideoSoft
[2010.10.02 10:57:35 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Electronic Arts
[2012.10.19 21:35:55 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\ICQ
[2011.11.15 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Mumble
[2012.10.20 12:22:11 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\SoftGrid Client
[2012.09.05 09:41:34 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\Template
[2011.05.17 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\TP
[2012.11.06 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Alice\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.12.23 16:02:07 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.04.22 10:28:19 | 000,000,000 | ---D | M] -- C:\AMD
[2012.12.25 13:53:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.05.14 18:15:20 | 000,000,000 | ---D | M] -- C:\Diablo 3
[2010.08.03 10:25:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.12.20 16:41:42 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.25 13:20:22 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.27 01:03:56 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.08.03 10:25:53 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.23 15:36:44 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.08.03 10:25:53 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.12.15 17:19:24 | 000,000,000 | ---D | M] -- C:\Star Wars-The Old Republic
[2012.12.28 15:03:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.23 16:01:58 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.25 14:07:22 | 000,000,000 | ---D | M] -- C:\Windows
[2012.11.01 15:05:59 | 000,000,000 | ---D | M] -- C:\World of Warcraft
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2012.01.01 18:51:28 | 000,397,900 | ---- | M] () -- C:\Users\Alice\AppData\Local\4GB_EN.exe
[2012.01.01 18:51:28 | 000,397,900 | ---- | M] () -- C:\Users\Alice\AppData\Local\4GB_GER.exe
[2012.01.01 18:51:28 | 000,570,073 | ---- | M] () -- C:\Users\Alice\AppData\Local\gui.exe
[2012.01.01 18:51:28 | 002,076,309 | ---- | M] () -- C:\Users\Alice\AppData\Local\ntkrlICE.exe
[2012.01.01 18:51:28 | 000,021,504 | ---- | M] (deepxw) -- C:\Users\Alice\AppData\Local\Wtrmrk.exe
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
< %USERPROFILE%\*.* >
[2012.07.23 09:24:59 | 000,001,993 | ---- | M] () -- C:\Users\Alice\Adobe Reader X.lnk
[2012.04.08 12:27:50 | 000,002,187 | ---- | M] () -- C:\Users\Alice\AION.lnk
[2012.02.27 16:49:40 | 000,000,016 | ---- | M] () -- C:\Users\Alice\andre.txt
[2011.01.28 21:45:56 | 000,001,085 | ---- | M] () -- C:\Users\Alice\Audiograbber.lnk
[2012.12.20 15:11:38 | 000,001,900 | ---- | M] () -- C:\Users\Alice\DAEMON Tools Lite.lnk
[2012.05.14 18:15:23 | 000,000,941 | ---- | M] () -- C:\Users\Alice\Diablo III.lnk
[2011.10.03 14:28:23 | 000,001,586 | ---- | M] () -- C:\Users\Alice\DivX Movies (2).lnk
[2011.12.25 03:21:52 | 000,001,586 | ---- | M] () -- C:\Users\Alice\DivX Movies.lnk
[2011.04.05 13:36:29 | 000,002,066 | ---- | M] () -- C:\Users\Alice\DivX Plus Converter.lnk
[2011.12.25 03:21:37 | 000,001,086 | ---- | M] () -- C:\Users\Alice\DivX Plus Player.lnk
[2011.10.06 20:35:23 | 000,411,744 | ---- | M] () -- C:\Users\Alice\Dok1.odt
[2011.08.13 11:03:20 | 000,001,201 | ---- | M] () -- C:\Users\Alice\DVDVideoSoft Free Studio.lnk
[2011.08.13 11:03:20 | 000,001,257 | ---- | M] () -- C:\Users\Alice\Free Audio CD Burner.lnk
[2011.08.13 11:03:20 | 000,001,360 | ---- | M] () -- C:\Users\Alice\Free YouTube to MP3 Converter.lnk
[2010.06.23 03:05:13 | 000,002,690 | ---- | M] () -- C:\Users\Alice\Medion MediaPack.lnk
[2012.12.28 15:10:35 | 002,359,296 | -HS- | M] () -- C:\Users\Alice\ntuser.dat
[2012.12.28 15:10:35 | 000,262,144 | -HS- | M] () -- C:\Users\Alice\ntuser.dat.LOG1
[2012.11.19 17:15:59 | 000,262,144 | -HS- | M] () -- C:\Users\Alice\ntuser.dat.LOG2
[2010.08.03 10:26:32 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.08.03 10:26:32 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.08.03 10:26:32 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.08.29 18:10:34 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TM.blf
[2012.08.29 18:10:34 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TMContainer00000000000000000001.regtrans-ms
[2012.08.29 18:10:34 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{b638a02c-f1f4-11e1-8a5c-406186af99e2}.TMContainer00000000000000000002.regtrans-ms
[2011.04.11 16:15:05 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TM.blf
[2011.04.11 16:15:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TMContainer00000000000000000001.regtrans-ms
[2011.04.11 16:15:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{bf7a6eef-643f-11e0-b7b9-406186af99e2}.TMContainer00000000000000000002.regtrans-ms
[2012.09.05 16:10:05 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TM.blf
[2012.09.05 16:10:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TMContainer00000000000000000001.regtrans-ms
[2012.09.05 16:10:05 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{c76e392b-f72d-11e1-841c-406186af99e2}.TMContainer00000000000000000002.regtrans-ms
[2012.12.25 13:52:46 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{da759d90-4d11-11e2-8bd4-406186af99e2}.TM.blf
[2012.12.25 13:52:46 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{da759d90-4d11-11e2-8bd4-406186af99e2}.TMContainer00000000000000000001.regtrans-ms
[2012.12.25 13:52:46 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{da759d90-4d11-11e2-8bd4-406186af99e2}.TMContainer00000000000000000002.regtrans-ms
[2011.11.03 16:37:13 | 000,065,536 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TM.blf
[2011.11.03 16:37:13 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TMContainer00000000000000000001.regtrans-ms
[2011.11.03 16:37:13 | 000,524,288 | -HS- | M] () -- C:\Users\Alice\ntuser.dat{fac46e5f-0613-11e1-be1f-406186af99e2}.TMContainer00000000000000000002.regtrans-ms
[2010.08.03 10:26:33 | 000,000,020 | -HS- | M] () -- C:\Users\Alice\ntuser.ini
[2012.01.14 19:59:13 | 000,001,055 | ---- | M] () -- C:\Users\Alice\PokerStars.net.lnk
[2012.12.15 16:55:02 | 000,000,736 | ---- | M] () -- C:\Users\Alice\Star Wars - The Old Republic.lnk
[2012.04.21 18:20:47 | 000,035,328 | -HS- | M] () -- C:\Users\Alice\Thumbs.db
[2012.09.02 09:21:25 | 000,000,908 | ---- | M] () -- C:\Users\Alice\World of Warcraft.lnk
[2012.04.14 11:54:47 | 000,000,366 | ---- | M] () -- C:\Users\Alice\WoW.lnk
[2012.04.14 16:47:14 | 000,000,016 | ---- | M] () -- C:\Users\Alice\Zuhause.txt
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

Alt 28.12.2012, 16:42   #11
markusg
/// Malware-holic
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



Update bitte Malwarebytes und füre einen vollständigen Scan aus, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 23:18   #12
cwalk
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.03.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Alice :: BUNSE [Administrator]

03.01.2013 22:56:10
mbam-log-2013-01-03 (22-56-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216345
Laufzeit: 5 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-1877026290-1340578905-802739823-1000\$RDN18P9.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-1877026290-1340578905-802739823-1000\$RZT6YIJ.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 03.01.2013, 23:48   #13
markusg
/// Malware-holic
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



edit:
pm gesehen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.01.2013, 02:33   #14
cwalk
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.03.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Alice :: BUNSE [Administrator]

03.01.2013 23:05:12
mbam-log-2013-01-03 (23-05-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354725
Laufzeit: 1 Stunde(n), 8 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Alice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-2af77f77 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Alice\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-7e201fa2 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 05.01.2013, 18:20   #15
markusg
/// Malware-holic
 
GVU mit CAM auf Kinox.to - Standard

GVU mit CAM auf Kinox.to



Hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU mit CAM auf Kinox.to
aktive, bilder, computer, countdown, dateien, dateien gelöscht, down, firefox, funktioniert, gelöscht, gen, gesperrt, internetverbindung, kein plan, mozilla, natürlich, plötzlich, scan, schonmal, seite, sperre, sperren, surfen, systemwiederherstellung, taskmanager, verbindung




Ähnliche Themen: GVU mit CAM auf Kinox.to


  1. kinox.to download geklickt und nun kommen Werbeeinblendungen und Warnhinweise in Massen
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (8)
  2. Polizei Popup bei Kinox, Zahlung innerhalb 46h, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (11)
  3. Nach Kinox-Nutzung Weißer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (13)
  4. GVU-Trojaner Win7 Bootcampt vermutlich von kinox.to
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (10)
  5. Problem mit "PC Sperrung" durch Besuch auf Kinox.to
    Log-Analyse und Auswertung - 13.03.2013 (13)
  6. Nach starten des Browsers öffnet sich GVU-Trojaner (nach kinox.to Besuch)
    Log-Analyse und Auswertung - 03.03.2013 (2)
  7. Virus/Trojaner, GVU, 100 Euro, Paysafe Card, Strafe, Kinox To
    Log-Analyse und Auswertung - 23.02.2013 (12)
  8. Virus über Kinox.to, Bundesministerium
    Log-Analyse und Auswertung - 28.12.2012 (1)
  9. kinox.to GVU Trojaner - Win7 mit Updates, Firefox + Avast!
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (9)
  10. GVU Trojaner Kinox (win7)
    Plagegeister aller Art und deren Bekämpfung - 22.12.2012 (1)
  11. Kinox.to Virus
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (11)
  12. Gvu Trojaner Webcam kinox.to
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (7)
  13. Kinox.to GVU Zahlungsmeldung ?Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (25)
  14. Ukash bei Kinox eingefangen, Wiederherstellungspunkt erstellt - ist das System sauber ?
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (9)
  15. Kinox.to BKA Virus. Was nun?
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  16. Kinox.to "GEMA"-Virus
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  17. Trojaner von der Seite kinox.to
    Log-Analyse und Auswertung - 10.10.2011 (7)

Zum Thema GVU mit CAM auf Kinox.to - Hi, war am surfen als plötzlich sich ne Seite öffnete mit "Ihr Computer ist gesperrt", Strafverfolgungen nach mehreren Paragraphen und einem Countdown für nen "Paysafekonto" von 100 € einschließlich meiner - GVU mit CAM auf Kinox.to...
Archiv
Du betrachtest: GVU mit CAM auf Kinox.to auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.