Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: gvu trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.01.2013, 17:44   #1
marmeladelow
 
gvu trojaner - Standard

gvu trojaner



hallo trojanerboarder,
seit mein kleiner bruder heute mittag an meinem pc war habe ich den gvu trojaner, ich schätze das er trotz warnung durch antivir eine unsicher seite betreten hat.
ich weiß das, das thema hier schon öfter gepostet wurde, dennoch poste ich nochmal, da die problembehandlung vielleicht von computer zu computer unterschiedlich ist.

Alt 09.01.2013, 17:51   #2
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



Hi,
das ist sie :-)
Starte neu, drücke f8 wähle abgesicherter Modus mit Netzwerk, melde dich im betroffenen Konto an.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 09.01.2013, 19:19   #3
marmeladelow
 
gvu trojaner - Standard

gvu trojaner



Extras
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.01.2013 18:04:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sebastian\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,90 Gb Available Physical Memory | 86,25% Memory free
16,00 Gb Paging File | 14,99 Gb Available in Paging File | 93,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920,46 Gb Total Space | 519,46 Gb Free Space | 56,43% Space Free | Partition Type: NTFS
Drive D: | 317,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 7,20 Gb Total Space | 4,53 Gb Free Space | 62,83% Space Free | Partition Type: FAT32
 
Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D986CB1-4A55-4C72-94B4-1BCA1893FA3B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{134B579F-69E4-4C21-BA06-2CCB5C2919B0}" = lport=57319 | protocol=17 | dir=in | name=pando media booster | 
"{1E3F4A44-F6F1-4F61-AEB5-9FEEA9FB9F96}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E0E1A7E-1D35-40A0-A095-9406B5467DA3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2FCB76AE-7C5E-4E28-9DFD-3713A512A9D0}" = lport=57319 | protocol=6 | dir=in | name=pando media booster | 
"{34873D58-8A05-48E6-987D-B6371F7DEAAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39BC66D2-3CF1-441D-AE3B-128AF3F526D7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{39EF0C12-77C1-4820-8620-07261C963736}" = lport=445 | protocol=6 | dir=in | app=system | 
"{50E7E038-EEEB-46F1-861C-367F01F05306}" = lport=57319 | protocol=17 | dir=in | name=pando media booster | 
"{55C8331C-1BB1-4762-A6CE-446EF34D2245}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{65B6977D-0E58-4452-B855-EDBBA14198B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{732C9160-32C7-40E0-8AB2-BEA7B581BDEF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{843B743B-1E99-4273-9C4C-BB4235382603}" = rport=139 | protocol=6 | dir=out | app=system | 
"{97D6F5AF-0DE1-412B-A4EA-F0CEF81C5682}" = lport=57319 | protocol=6 | dir=in | name=pando media booster | 
"{9981A4DC-6C0D-4974-AB3A-64C66BA140E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9BB5F0FD-6346-4C48-B2BB-CC7D043FBDFA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9EAD1AA0-1F41-4BC1-BE54-6F7AE0EC6070}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AAD6A7AB-0745-4461-A0EE-14A74E082773}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ADB63C0D-81F3-43CA-BB48-90A7D606774A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B1BD942E-C7E2-4771-BACC-77F50C7DCF8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B2D80560-B86B-4F69-BF0E-2E5F13FA7BB7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B3F3ED58-742B-4E20-B462-DE552BAE4F87}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | 
"{B57F4F91-7C6E-4279-B80B-1FCBA9424D5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BC2AAAE4-4297-4CA5-B0EF-340990131911}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C1F922D0-86C6-4647-8154-BEF0DF559021}" = lport=443 | protocol=6 | dir=in | name=443 | 
"{CDD31A7F-3175-46C1-B532-278AA46D5F5F}" = lport=3306 | protocol=6 | dir=in | name=3306 | 
"{DDEE2770-2C1E-40EB-BFFF-2E237623C370}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F1863504-A4D4-4557-A991-D0D521FA5520}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F945BC69-E4C4-404A-BC99-FB65A6F5DF7F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FBB4C268-D47E-4CC7-B357-34531BBD14B0}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000D9AB6-800B-4C47-8031-19AE2E7181D0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{060A59C6-68EF-4A35-B8C4-5718392DD1E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{084D39E4-BB2C-4BCD-9933-D2DF721265B0}" = protocol=17 | dir=in | app=e:\metin3\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{09575595-1550-4AA6-9FB0-97E98BF9B926}" = protocol=6 | dir=in | app=e:\metin3\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{096D370F-A48B-40E7-B56F-F9487DD7D071}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{0A79F066-6551-4916-8454-AB96C3283A6A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{0AE52BAA-962E-4696-9376-B051E54BF95B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{0B23355D-926B-4430-AB76-CAA6574BBDFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{1045AB8A-6221-4035-934C-C65F409D8CED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{1077E0BD-E2C5-433C-A7E9-A13D62D3CC2C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{11AFB9EF-B05F-4534-9744-3310CC2E7D5F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{13B1617E-A5C5-4F26-BB07-755CE29C10CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe | 
"{14E13BE1-8464-446E-BD29-724D5F1E8C59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{1783D224-9D55-456F-B83A-7EA96955367C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{1B449CDF-20C6-4652-B143-35ACF7BAD826}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{1C383FD3-1F07-4F27-824A-8260EB31DAED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1EC4F4FC-E02A-4DB4-A68D-550933840580}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{1EEAFA1C-6EF4-4D04-97A8-1EB01C31E485}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{20CFD2FF-188C-4102-AC27-1CD6BE3C5F5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{236A0228-911E-41BC-AE1F-4F7C3717D90C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{23A34253-F9FD-43B7-B34F-8D246790D95A}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{23F577C3-EC0D-47AB-AD4A-CF4B93D7C996}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{249B22EF-BF91-4A45-BC9D-01B29A78897B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{26EFC3E2-1D3D-45EA-BD5B-0B7FF6E04493}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{2764D2A3-C3BA-48D4-BA1C-7B381C147EC1}" = protocol=6 | dir=out | app=system | 
"{276B5AA2-1554-4074-B7AF-C45D3F78502C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{28FB9322-51FF-42E7-9B20-06F344ED0C1F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2D312A1A-9FFA-4D5E-AE05-920B62EB678B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | 
"{2D768E10-2FC8-4627-B14F-EE918BB35236}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{2E738CBE-9453-41D5-909F-3C0F0AE725C0}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{3112F697-3CF3-4480-AE4F-F06843232F6A}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{32B862B0-D448-4532-BA89-223608781D02}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{34C19ECB-A6DF-4C8D-8B08-553210331D6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{36A30F10-D32A-4917-B366-B538E128258A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{36B02B2F-6E86-45F9-80A3-752B8E081B91}" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"{3824EF36-8608-4AE5-987E-96798251ABB0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{3B327C8B-6587-4717-AD4D-95215C4BA556}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F125A0A-1A2E-4FDF-B80B-67BDC62A4C29}" = protocol=17 | dir=in | app=e:\wow\world of warcraft\launcher.patch.exe | 
"{449304AF-D181-4AFF-8885-428CEFE81A9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{45C9930F-279F-4F1E-AA60-A178A4DBED6E}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{473622FB-3280-4BD0-A7DB-BE5C4867B900}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{475D223F-8BC6-462E-864F-C81F9152B064}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"{48A4C84E-17AF-49E7-86C1-C3BA6600396E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{491CF325-F48B-471A-B3BA-9AAF6AFD5961}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4970008D-172C-493A-A5B3-82C1FC1D7FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\marmeladelow\day of defeat source\hl2.exe | 
"{49A7DF7F-1582-4A99-BE4E-6627F85CADF9}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{4ABEA7D8-0710-4D14-865B-7C0B8C6D31FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{4B5F13DE-6CAB-42A1-BA1F-FFCB9AE29619}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{4BF6DA9E-E6EB-4BEB-92F5-32673CB19E06}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4D85726D-DE59-43C4-BE1F-B726B0CAA657}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{503B0925-09AB-431B-B5B5-E986DFD3D7D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{52ADA309-A6D9-4BD8-A0F3-BAC4FF11F704}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{54773800-4DC7-4D0C-BA9F-C2D02A6AEA74}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 
"{54D5F240-3C1B-4BE5-A98A-C73C15750562}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5558EDFB-A8D1-4686-AA0E-087156B5FBEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{5DE6303A-25C3-4B14-9907-CCFDEEA9ECF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{60072B4B-1CC9-4198-BFFC-B6118E796B00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{60421D01-2D89-4273-9B0E-1C305387F948}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{62F303CF-F4C3-4CC3-9F3F-56F65C6B748A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{63838C9A-088A-44F3-A3BD-966A1AAC1523}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6A6A9E96-AB53-4476-A84F-6A573A8A29FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{6BB70373-5196-4591-8FEB-CE47B06D874B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{6E72BEA6-8441-4CD8-9B22-9088925B57F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{6EE29B42-2FE3-477F-B2C5-05818DE5E9A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{6FE528A3-82EE-40D8-84E8-4510E093F6B8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{718F4869-7D01-478A-8385-BF5EDD1B4C3B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{72A2B003-4998-4016-B9AA-7DA50B88FD73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{73B3774F-6A0A-40F6-B9B0-7D19FA95075A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{73FE430B-D160-401E-9EED-F74B5109974E}" = protocol=6 | dir=in | app=e:\wow\world of warcraft\launcher.patch.exe | 
"{7461D1E8-E93A-405E-B62C-E4DFB21E2AFD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{79D00943-51BF-4D6D-B245-D00423DD62FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{7AA3CF9E-3A59-4715-A98D-4291569C3C5E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7B30D3FB-3994-403D-B237-0BC89558F980}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7DEFD469-86DA-4C4E-8998-FFD78B2DA54F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{7EF2EB39-08D3-4517-9D21-54AAD0E23E27}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7EF56C6A-BCF1-4BA9-8A03-68584DE8C0B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | 
"{7FC2DFB4-F43F-490C-8512-F3A2465790A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{833E4603-94F8-40FD-B11C-0EC06CAEB84E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe | 
"{841C8217-4E4A-40C0-8C06-0BCAF215396C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{84C82471-5EDE-41C2-93F4-46D7A0B97EA5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{857B879F-F7EC-4F5A-9737-C0BE2FDF1AE1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{85842104-2630-4FA4-8144-F2AFDF6C18FF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8765698F-0352-47D9-8718-2ECB004BEE92}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{8C24F6F4-FF74-4FB8-83CC-7217ECBCC671}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{8CB16B44-0D9B-4613-824E-028CCE4EB3E2}" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"{90FDEEC1-3D5A-4FEA-A1EC-F71B3D79953E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{973C5214-6B5A-4670-B251-2435E1BE9C0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{97CF88A8-A303-481A-8EEE-CD23CE910B27}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{98828F38-EFE5-42F1-966E-EA8F46113E55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{98BC7CC8-6B1D-4919-9A44-8DEC24F847C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{9C21039D-436D-4610-90D3-F963FD4B4E5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{A07C3434-A97A-4CF3-8D0A-1388079A07E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{A28F0182-3111-46FF-A4A5-3FBD5076CA37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\marmeladelow\counter-strike source\hl2.exe | 
"{A305874F-8167-43CB-B6E3-4A9D2627257E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{A5CE460F-E37E-48C7-B64A-C353FFC8A50C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{A6971B90-CB3D-46D8-900F-EBEBC1268374}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{A746A449-C17F-4BE6-9B2E-E58690F58B83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A79840B4-20B9-483F-BA9F-86D269B3DE9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{A8544C09-3216-439C-9299-85F14D932D3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{A9710EC6-A689-4664-BCDF-04F5004A54A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{AC132696-5866-455B-A7A7-0D02423534C4}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 
"{ADEA423A-E2D1-425D-B4B3-6E0942016A1C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B12BDB03-E9FF-4664-A063-815B6647AD7D}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{B1A525C6-A317-40D2-A65F-EBFAAE6C6EF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{B321D619-0405-4387-A300-9099BAB8A8FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{B3946261-59AB-49F9-944D-7A2AFCFB8D49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\marmeladelow\counter-strike source\hl2.exe | 
"{B469BC91-0DD8-43B9-A332-B8854C31A43C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{B56604FC-3D62-424F-820B-1A7B1D836A17}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{B5FAA1FD-ABD8-4635-BC38-A4570AFD064D}" = dir=in | app=%systemroot%\installer\{2d8ced57-ccdb-4d86-9087-3bbcae8f8f22}\_985d6477562748cf925ef89f3e038bd3.exe | 
"{B6D01B11-FCF7-4515-A459-F4618FF5FF13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{BFCCB490-9174-4375-9F6C-22101BA56D3E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{C402D232-0CCC-48F1-BE16-B9B235EDE5A5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{C430E905-C806-4F81-9793-326ACEA046B3}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"{C5CB0AD6-C454-4CF9-AB46-EDBF3294BB77}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{C7C729C0-56FA-4C9D-8C16-4ACF8FBFD6F8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{C99B728A-A905-4460-9CEE-07C99ED442A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{CAABC203-F29C-459F-A8E3-3A06A55B32AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{CC9549C2-FC14-4448-884F-FA2C22866F15}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CFC93ABD-CF3C-4DC0-BC68-486A99830136}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{CFE4CB5B-D0F1-441D-B1CD-E1D4960F9036}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{D0771CC6-DF37-42AC-90A5-C7030CB9D211}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{D26F3CC6-9C93-4554-B5A3-89D0BCEEC85B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D61A65DF-A7F6-46DB-9DFB-E09FDA64BAD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\marmeladelow\day of defeat source\hl2.exe | 
"{D6D9F650-0892-41FD-B55E-0691ECC22A73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{D7F88F0E-85A7-462B-8BB2-F4765810F2B4}" = dir=in | app=%programfiles% (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{D8F66050-07D2-4AFE-9B13-A135F9482636}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{D9E36035-58E2-4D74-94A8-90C550B18291}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DF6768D1-2CED-48DF-8DAD-85F069801A74}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{E62940BA-C6B7-46D2-817F-B13B1E859B8E}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{E6B49A32-AF29-4389-B0FE-3DB28702D672}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{E7F338D0-8E29-423B-AF30-3E57D28479F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{E81144F0-C973-4A75-85EA-02E58950E24E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{EBA89D19-0150-4A97-A09C-34990C5AC631}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{EBD40E94-C228-4A73-9E4B-4CDA6059C8DA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{EC04B6AE-3C3F-49E6-97F3-A771E67F242A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{F2AE497B-E76F-4F98-BB6C-091345CFA482}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{F379DCA0-4A54-40FF-BCB2-33D1AC714E5A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{F43A673D-742F-44FE-B671-0F431E3294B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{F917579F-FB7E-4544-BBAA-51C5DC3F7F71}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FA0D85D9-5207-4D66-B584-6547C766E420}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{FAF4CAEE-BFC7-4839-B6D5-8EC0014E8F79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FD138B77-2494-4291-BB08-68E56CA1D72E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"TCP Query User{070D0FE1-9F1F-4A05-9B57-7C18CD71B468}C:\users\sebastian\desktop\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{0DC3D927-C6B1-4BCD-B7B2-3BA6EB4A7BEA}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{0FE54117-E04A-448F-B693-A562C565B1FA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{1675D609-8FF8-4455-B75F-F0A616ED3BFD}C:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"TCP Query User{1BCBEA8A-AE0C-42D7-83FE-7D55976859D5}C:\users\sebastian\desktop\spiele\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\spiele\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{1E9CB4B7-3CCA-431A-9E08-173CA54CEEBA}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{2221AB43-D1A3-4272-B733-747B6CA8FAAE}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"TCP Query User{27AC80B2-39DE-4F32-87E6-39C6C081FD02}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{3A0223C8-2852-4AD9-A4F8-AD34DC2F1665}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{3FF26E81-20F1-4D6B-B7C5-E513ED816BF8}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{483237FB-7FB1-478A-822B-40F6F92D41AE}C:\users\sebastian\desktop\spiele\wot\worldoftanks.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\spiele\wot\worldoftanks.exe | 
"TCP Query User{488FA3F2-8863-499C-A4C6-35CE39CA043B}E:\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{498C968F-B447-48A2-BD39-22777BB85F78}C:\users\sebastian\desktop\novo-world\metin2.bin" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\novo-world\metin2.bin | 
"TCP Query User{5408CB4B-A4A3-4165-A3A2-F766AF529263}C:\program files (x86)\steam\steamapps\marmeladelow\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\marmeladelow\counter-strike source\hl2.exe | 
"TCP Query User{6771CD80-E7AA-4383-A90F-44B846A11073}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{84DD3B73-5B06-45B2-A1BF-CAB17CED8CFE}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{889C2230-DA3C-4C06-AFE3-6CA0935FDAB7}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"TCP Query User{97E03BF8-31F4-424D-9FE1-C4CA939C7972}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{9A71444A-5E6E-4533-BF28-C0985D647B72}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"TCP Query User{9E6A9ABB-3AD2-4D7B-B958-C740D035D802}C:\users\sebastian\desktop\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\metin2\metin2client.bin | 
"TCP Query User{AF40B8C5-CC77-48E5-A923-0F3CAADD045F}C:\users\sebastian\desktop\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\guild wars 2\gw2.exe | 
"TCP Query User{BBACD929-421C-41FC-94CE-A5A37AA51314}C:\program files (x86)\guild wars 2\gw2.tmp" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.tmp | 
"TCP Query User{C03DC8EA-2DD0-4962-999E-CB1D492FA363}I:\metin p sever - kopie\germanserver3.exe" = protocol=6 | dir=in | app=i:\metin p sever - kopie\germanserver3.exe | 
"TCP Query User{C651AED9-79EE-4272-A105-B7A7F1900621}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"TCP Query User{D740D01A-3BDF-4D1C-B4EF-33F91C5E116D}C:\users\sebastian\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\local\temp\gw2.exe | 
"TCP Query User{DFAE8928-9161-4BB8-81F5-0F83156E1069}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{E40EC887-ED77-401E-9BDC-BDC3716F28D6}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{ED16E63A-6E00-40B3-9251-549CA094468D}K:\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=k:\battlefield 2\bf2.exe | 
"TCP Query User{F058F34F-FF29-4D25-A169-8DF5AF2A794D}C:\users\sebastian\desktop\spiele\wot\wotlauncher.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\spiele\wot\wotlauncher.exe | 
"TCP Query User{F209CF96-8719-450D-8A19-0D5785584667}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{F57149C6-B5E2-47DA-BA01-5A6CE1996D3D}C:\program files (x86)\electronic arts\battlefield bad company 2\bad company 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bad company 2.exe | 
"UDP Query User{02F3A65E-14FC-4C35-9A65-6146000E0F3F}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"UDP Query User{04EF0B9D-2A89-4A0F-9890-CA436D6DE205}C:\users\sebastian\desktop\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\guild wars 2\gw2.exe | 
"UDP Query User{05B9F8DC-4540-4617-B64B-3827AE1B192A}C:\program files (x86)\electronic arts\battlefield bad company 2\bad company 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bad company 2.exe | 
"UDP Query User{074928CD-CBFD-4173-B396-7F30BECFCC4F}E:\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{0A617D55-3C0A-415B-A6AD-5B5081EC843A}C:\users\sebastian\desktop\novo-world\metin2.bin" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\novo-world\metin2.bin | 
"UDP Query User{10A5D3EC-899C-4B3C-A0DB-C035377787AC}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"UDP Query User{122FDAE8-DAE5-4918-BA21-B3A15ED5EEBE}C:\users\sebastian\desktop\spiele\wot\wotlauncher.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\spiele\wot\wotlauncher.exe | 
"UDP Query User{13BD13BD-BBE0-4F37-8EB0-682F31D79549}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"UDP Query User{15073271-0836-4036-8EEC-77AED62CAC9F}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{1A1D0ABA-9378-4076-A0F7-06D1C339710A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{23ACAC13-115D-45E2-9E7A-A6D489EEDF1F}C:\users\sebastian\desktop\spiele\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\spiele\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{2BAE76A2-AB2B-41CB-90D0-3E0C78CD9422}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{44E4C33D-6DA7-4BDD-9B64-88E596917C0E}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"UDP Query User{59280002-35BD-4BB0-9A23-5B1B2B2C7906}C:\program files (x86)\guild wars 2\gw2.tmp" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.tmp | 
"UDP Query User{695DC094-497E-49A2-9147-CD9A8B40BCA6}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{6A181A9F-F531-4583-A0D0-F38819F338C0}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{6EB6B6DF-5393-4B91-81F0-7C16426F6690}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"UDP Query User{720B5E9F-071E-4BDB-ACAF-2D812C979900}C:\users\sebastian\desktop\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{746EF18A-9ED3-41DE-8613-0612C7BF5913}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{77022B3B-6A5C-4D0D-A6C8-B656D8AF2366}C:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"UDP Query User{7A3916CE-D70A-4633-9F88-8CEE66E4976A}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{9AF5DA22-FA72-4715-94DD-DA2943816EAA}C:\users\sebastian\desktop\spiele\wot\worldoftanks.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\spiele\wot\worldoftanks.exe | 
"UDP Query User{9D01CA0A-4A03-475D-9C19-E652F8A64EED}K:\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=k:\battlefield 2\bf2.exe | 
"UDP Query User{9D6CEC3B-9F8A-480E-9181-2F6DC484F03E}C:\users\sebastian\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\local\temp\gw2.exe | 
"UDP Query User{AF81C354-36B6-421E-BBAD-DCD65141FC41}C:\program files (x86)\steam\steamapps\marmeladelow\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\marmeladelow\counter-strike source\hl2.exe | 
"UDP Query User{B385CEE9-0E6C-48D2-A898-E9DF4A25596F}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{BCF8F6C3-5AD6-4527-957E-A317D7EE5DFC}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{C05B6205-B2CB-48E8-B969-12B328C350E6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C64DFD46-C410-44E2-A533-97396842427A}I:\metin p sever - kopie\germanserver3.exe" = protocol=17 | dir=in | app=i:\metin p sever - kopie\germanserver3.exe | 
"UDP Query User{F6060211-7234-4D6D-B2FE-F04BE820072F}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{F947D15E-E4F8-4046-B0A0-61CF10E989FD}C:\users\sebastian\desktop\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\metin2\metin2client.bin | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{391ED0B2-B886-A6D0-B1A6-C25A7FE5B452}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F8A27CA-6788-7965-3259-5C3B9C37FCD8}" = ATI Problem Report Wizard
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.01
"{6DF41AAD-B5F7-84BE-37F5-4C93184F5FBE}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B361F88B-D513-9D45-E7F2-871B61C46D32}" = WMV9/VC-1 Video Playback
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE269999-1AB7-7B39-7944-513CF3426CB8}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0471C553-36C2-E7A0-7489-E99CD3F9683C}" = CCC Help Chinese Standard
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{0BD171A4-7DAC-A12B-14E3-E33DA0B6FE6A}" = CCC Help Finnish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{17BADF87-3597-46FE-8D74-69C4FA78883E}" = Gothic 3
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D33BBA9-75E5-7B82-9776-277DEA2C4BA2}" = Catalyst Control Center Graphics Previews Vista
"{1D4BA420-070F-3F9B-4969-126689978A98}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2198B991-FCB1-F74E-26C9-5F7127B9DB0F}" = ccc-core-static
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3ED6B766-BDF2-F30F-F18E-16BA10ABA22A}" = CCC Help French
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F0BBF8C-9BAF-5F16-A2BF-B513D528F1B9}" = Catalyst Control Center Graphics Previews Common
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{516D7330-6BA3-6E53-9C7A-F50666C758E0}" = CCC Help Swedish
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{66391B4E-194D-C20E-F1E5-D7222F1A8104}" = CCC Help Turkish
"{67686439-FBC8-4342-9748-D42BA10F7994}" = DayZ Commander
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D1496ED-3150-FCD5-CA3B-4C08B89D00D0}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CD6B28-D387-9905-EF5B-78BF8AF722C6}" = CCC Help Chinese Traditional
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8678BD65-D66E-48BB-8531-91D0EF8998A1}" = Hercules Classic Silver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8A54BB79-658E-84A4-FBB7-93FD1EB20174}" = CCC Help Danish
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0D2B948-BB85-589F-D283-2145A54BB11B}" = CCC Help English
"{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}" = Hercules Webcam
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9C4FF3C-C5E5-07F7-AD5D-C26C2B41CFF3}" = CCC Help Dutch
"{ABA5FB59-633D-23B0-5841-D11A7B97C624}" = CCC Help Hungarian
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B0F9D227-9243-E2E6-21CE-7FB9528202C5}" = CCC Help Norwegian
"{B1D6F9CC-55FC-CD82-1D5C-BF725BF9311E}" = CCC Help Portuguese
"{B282CB34-95CC-06B2-DFBC-07617F722837}" = CCC Help Spanish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E342FAD9-ACA4-BE69-D78C-F26CDF6DC9DC}" = CCC Help Italian
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5BD5D44-EC2D-47FF-B451-6A6DA0B8AC60}" = Raumschiffe bauen mit Willy Werkel
"{ED9E5BCC-371A-5BE1-6DC6-CF7D8DC9A2B7}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF829AE4-69BB-F791-F3DF-C6CBF8942881}" = CCC Help Korean
"{EFF33410-5603-B27E-778A-7AB406C7A785}" = CCC Help Japanese
"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F241F4AB-9D50-52E4-6CA5-D1EA5A0713BC}" = CCC Help Russian
"{F3F8BEC4-1D0E-9E50-0AF6-54A16094C92E}" = CCC Help German
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FA39D1A0-3B11-AF64-5EF0-1DBC97F47075}" = CCC Help Thai
"{FD20D0EA-5F36-5870-26EC-5CA842E8C713}" = CCC Help Polish
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"AutoHotkey" = AutoHotkey 1.1.02.03
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Dell Dock" = Dell Dock
"Diablo III" = Diablo III
"DVD Shrink_is1" = DVD Shrink 3.2
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"GameBoost_is1" = GameBoost
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Guild Wars 2" = Guild Wars 2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"Klett Mathetrainer 6_is1" = Klett Mathetrainer 6
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mobile Partner" = Mobile Partner
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 12210" = Grand Theft Auto IV
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 205100" = Dishonored
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 218230" = PlanetSide 2
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 33910" = ARMA 2
"Steam App 400" = Portal
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 500" = Left 4 Dead
"Steam App 50300" = Spec Ops: The Line
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8980" = Borderlands
"Steam App 9480" = Saints Row 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VideoLAN VLC media player 0.8.6e
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SOE-C:/Users/Sebastian/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2012 11:36:40 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gothic3.exe, Version: 1.12.26364.0,
 Zeitstempel: 0x45800291  Name des fehlerhaften Moduls: Game.dll, Version: 1.12.26364.0,
 Zeitstempel: 0x4580019b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051668  ID des fehlerhaften
 Prozesses: 0x11e0  Startzeit der fehlerhaften Anwendung: 0x01cde51120919606  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\JoWood\Gothic 3\gothic3.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\JoWood\Gothic 3\Game.dll  Berichtskennung:
 5f2119d2-5104-11e2-b326-00256489b9d5
 
Error - 28.12.2012 11:36:47 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gothic3.exe, Version: 1.12.26364.0,
 Zeitstempel: 0x45800291  Name des fehlerhaften Moduls: Engine.dll, Version: 1.12.26364.0,
 Zeitstempel: 0x45800062  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00395de7  ID des fehlerhaften
 Prozesses: 0x11e0  Startzeit der fehlerhaften Anwendung: 0x01cde51120919606  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\JoWood\Gothic 3\gothic3.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\JoWood\Gothic 3\Engine.dll  Berichtskennung:
 6339226a-5104-11e2-b326-00256489b9d5
 
Error - 28.12.2012 11:36:59 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gothic3.exe, Version: 1.12.26364.0,
 Zeitstempel: 0x45800291  Name des fehlerhaften Moduls: Game.dll, Version: 1.12.26364.0,
 Zeitstempel: 0x4580019b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051668  ID des fehlerhaften
 Prozesses: 0x9f4  Startzeit der fehlerhaften Anwendung: 0x01cde51107f2470a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\JoWood\Gothic 3\gothic3.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\JoWood\Gothic 3\Game.dll  Berichtskennung:
 6a59e282-5104-11e2-b326-00256489b9d5
 
Error - 28.12.2012 11:37:05 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gothic3.exe, Version: 1.12.26364.0,
 Zeitstempel: 0x45800291  Name des fehlerhaften Moduls: Engine.dll, Version: 1.12.26364.0,
 Zeitstempel: 0x45800062  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00395de7  ID des fehlerhaften
 Prozesses: 0x9f4  Startzeit der fehlerhaften Anwendung: 0x01cde51107f2470a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\JoWood\Gothic 3\gothic3.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\JoWood\Gothic 3\Engine.dll  Berichtskennung:
 6e2af601-5104-11e2-b326-00256489b9d5
 
Error - 31.12.2012 07:32:29 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
 0x50c39964  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x4e0  Startzeit der fehlerhaften Anwendung: 0x01cde747146410b0  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: c21cf174-533d-11e2-b1e1-00256489b9d5
 
Error - 03.01.2013 06:41:02 | Computer Name = Sebastian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 03.01.2013 11:45:53 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
 0x50c39964  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0xb40  Startzeit der fehlerhaften Anwendung: 0x01cde9c95cf46af5  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: a79e67a9-55bc-11e2-a88c-00256489b9d5
 
Error - 03.01.2013 12:02:12 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
 0x50c39964  Name des fehlerhaften Moduls: igo32.dll, Version: 9.1.3.2637, Zeitstempel:
 0x50b64cff  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000f156  ID des fehlerhaften Prozesses:
 0x3cc  Startzeit der fehlerhaften Anwendung: 0x01cde9c98eb3b410  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Origin\igo32.dll  Berichtskennung: eeeff62a-55be-11e2-a88c-00256489b9d5
 
Error - 04.01.2013 07:40:45 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gothic3.exe, Version: 1.12.26364.0,
 Zeitstempel: 0x45800291  Name des fehlerhaften Moduls: Game.dll, Version: 1.12.26364.0,
 Zeitstempel: 0x4580019b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00051668  ID des fehlerhaften
 Prozesses: 0x9dc  Startzeit der fehlerhaften Anwendung: 0x01cdea7055264aea  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\JoWood\Gothic 3\gothic3.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\JoWood\Gothic 3\Game.dll  Berichtskennung:
 92fd0351-5663-11e2-a8cc-00256489b9d5
 
Error - 04.01.2013 07:40:47 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gothic3.exe, Version: 1.12.26364.0,
 Zeitstempel: 0x45800291  Name des fehlerhaften Moduls: Engine.dll, Version: 1.12.26364.0,
 Zeitstempel: 0x45800062  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00395de7  ID des fehlerhaften
 Prozesses: 0x9dc  Startzeit der fehlerhaften Anwendung: 0x01cdea7055264aea  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\JoWood\Gothic 3\gothic3.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\JoWood\Gothic 3\Engine.dll  Berichtskennung:
 94610558-5663-11e2-a8cc-00256489b9d5
 
Error - 07.01.2013 10:58:11 | Computer Name = Sebastian-PC | Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 1.0.0.152 kann nicht mehr 
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: ca4    Startzeit: 01cdece7460ff389    Endzeit: 5    Anwendungspfad: C:\Program
 Files (x86)\legende\RADS\solutions\lol_game_client_sln\releases\0.0.0.204\deploy\League
 of Legends.exe    Berichts-ID: 8d6eb10c-58da-11e2-a2d9-00256489b9d5  
 
[ System Events ]
Error - 08.01.2013 12:23:17 | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.01.2013 12:26:12 | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.01.2013 12:26:15 | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.01.2013 12:57:33 | Computer Name = Sebastian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 08.01.2013 12:57:35 | Computer Name = Sebastian-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 08.01.2013 12:57:35 | Computer Name = Sebastian-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 08.01.2013 12:57:34 | Computer Name = Sebastian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 08.01.2013 12:57:35 | Computer Name = Sebastian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 08.01.2013 12:57:35 | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.01.2013 13:00:41 | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---
__________________

Alt 09.01.2013, 19:22   #4
marmeladelow
 
gvu trojaner - Standard

gvu trojaner



OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.01.2013 18:04:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sebastian\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,90 Gb Available Physical Memory | 86,25% Memory free
16,00 Gb Paging File | 14,99 Gb Available in Paging File | 93,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920,46 Gb Total Space | 519,46 Gb Free Space | 56,43% Space Free | Partition Type: NTFS
Drive D: | 317,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 7,20 Gb Total Space | 4,53 Gb Free Space | 62,83% Space Free | Partition Type: FAT32
 
Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.09 17:56:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.02.11 23:46:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.11.28 15:51:42 | 001,039,872 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2012.12.21 11:36:24 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 20:02:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.08 22:29:02 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.13 17:41:13 | 004,539,712 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.27 11:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.29 12:11:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.10 12:02:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.03 19:18:12 | 008,133,120 | ---- | M] () [Disabled | Stopped] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010.10.18 01:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.11 10:53:00 | 000,660,800 | ---- | M] (SoftThinks) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.06.06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.05.21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.14 10:44:10 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011.09.14 10:44:10 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011.09.14 10:44:05 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.08.17 09:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.06.29 12:11:11 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 12:11:11 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.03 16:40:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.03 16:40:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 23:51:16 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.02.11 23:51:16 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.02.11 23:35:39 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.12.07 18:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.07 18:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.30 21:34:00 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.09 10:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2008.01.09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2007.07.17 18:10:24 | 010,684,672 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3)
DRV:64bit: - [2007.06.25 10:42:30 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117unic.sys -- (s117unic)
DRV:64bit: - [2007.06.25 10:42:30 | 000,123,432 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117obex.sys -- (s117obex)
DRV:64bit: - [2007.06.25 10:42:30 | 000,031,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117nd5.sys -- (s117nd5)
DRV:64bit: - [2007.06.25 10:42:24 | 000,144,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdm.sys -- (s117mdm)
DRV:64bit: - [2007.06.25 10:42:24 | 000,125,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mgmt.sys -- (s117mgmt)
DRV:64bit: - [2007.06.25 10:42:24 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdfl.sys -- (s117mdfl)
DRV:64bit: - [2007.06.25 10:42:22 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117bus.sys -- (s117bus)
DRV:64bit: - [2006.11.01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{7CAD3CB1-A391-42DD-B06F-2E433321BEB1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{03FBCDDE-EFF4-43F0-B58E-DD4FA696CBAE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1EAE2B80-E24C-4BE6-B956-68855D0ABB2D}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={1EAE2B80-E24C-4BE6-B956-68855D0ABB2D}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.14 20:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.14 20:02:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.27 10:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\npBFHUpdater.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\BFHUpdater.exe
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Battlefield Heroes = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.196.0_0\
CHR - Extension: Google-Suche = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: Battlefield Heroes = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.140.0_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [svñhîst] C:\Users\Sebastian\wgsdgsdgdsgsd.exe (Softspecialists)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.140.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22543460-A7FD-4930-905C-CD25A9BEA382}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75EB15B3-E6CB-419A-8AA3-F283E66EB702}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B1B21F4-04A4-4483-BB04-CFDE8B4126B4}: NameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.21 15:32:23 | 000,000,040 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{54d1157f-ee8f-11df-98cf-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{54d1157f-ee8f-11df-98cf-00256489b9d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5919ba79-3075-11e0-adb7-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{5919ba79-3075-11e0-adb7-00256489b9d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5919ba8d-3075-11e0-adb7-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{5919ba8d-3075-11e0-adb7-00256489b9d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5919bb6b-3075-11e0-adb7-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{5919bb6b-3075-11e0-adb7-00256489b9d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8a3d4e39-2fcf-11e0-b0ec-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{8a3d4e39-2fcf-11e0-b0ec-00256489b9d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8a3d4e45-2fcf-11e0-b0ec-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{8a3d4e45-2fcf-11e0-b0ec-00256489b9d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{958a197c-cd71-11e0-a207-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{958a197c-cd71-11e0-a207-001e101f4da1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b8c4bdfa-c704-11e0-887e-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{b8c4bdfa-c704-11e0-887e-00256489b9d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b8c4be10-c704-11e0-887e-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{b8c4be10-c704-11e0-887e-00256489b9d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bf3be49e-f34a-11df-bc75-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{bf3be49e-f34a-11df-bc75-00256489b9d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c3cc9965-0870-11e0-9152-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{c3cc9965-0870-11e0-9152-001e101f4da1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf3515cd-e8ef-11df-ade1-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{cf3515cd-e8ef-11df-ade1-00256489b9d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf3515d8-e8ef-11df-ade1-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{cf3515d8-e8ef-11df-ade1-00256489b9d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cf351646-e8ef-11df-ade1-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{cf351646-e8ef-11df-ade1-00256489b9d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf351694-e8ef-11df-ade1-00256489b9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{cf351694-e8ef-11df-ade1-00256489b9d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e62502a0-c0eb-11df-91ce-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e62502a0-c0eb-11df-91ce-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2009.07.21 11:28:36 | 000,041,792 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^Sebastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Sebastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Sebastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Sebastian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Tom Clancy's Rainbow Six Vegas.LNK -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ATICustomerCare - hkey= - key= - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MsConfig:64bit - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig:64bit - StartUpReg: EADM - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: HdRO-Startprogramm - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: Launch LCore - hkey= - key= - C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.08 17:57:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.01.08 13:12:55 | 000,032,768 | RHS- | C] (Softspecialists) -- C:\Users\Sebastian\wgsdgsdgdsgsd.exe
[2012.12.28 16:47:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\gothic3
[2012.12.28 16:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWood
[2012.12.28 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWood
[2012.12.27 07:25:21 | 000,000,000 | -HSD | C] -- C:\found.005
[2012.12.21 21:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2012.12.21 21:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2012.12.21 21:13:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\My ISO Files
[2012.12.14 20:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.09 17:56:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.01.08 17:23:23 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013.01.08 17:22:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.08 17:22:51 | 2146,684,927 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.08 16:41:57 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 16:41:57 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 16:34:43 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.01.08 13:27:38 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.01.08 13:27:38 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.08 13:27:13 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.01.08 13:12:55 | 000,032,768 | RHS- | M] (Softspecialists) -- C:\Users\Sebastian\wgsdgsdgdsgsd.exe
[2013.01.08 13:04:53 | 000,006,847 | ---- | M] () -- C:\Users\Sebastian\Desktop\imgres.jpg
[2013.01.07 23:32:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1627265003-3986830729-1591313232-1001UA.job
[2013.01.07 10:52:31 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1627265003-3986830729-1591313232-1001Core.job
[2013.01.03 21:41:50 | 001,521,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.03 21:41:50 | 000,662,464 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.03 21:41:50 | 000,622,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.03 21:41:50 | 000,133,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.03 21:41:50 | 000,109,452 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.30 19:15:10 | 000,196,060 | ---- | M] () -- C:\Users\Sebastian\Documents\20121231_191425.jpg
[2012.12.27 07:26:29 | 000,003,480 | ---- | M] () -- C:\bootsqm.dat
[2012.12.21 14:35:38 | 200,049,040 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.21 11:33:13 | 000,343,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.15 19:22:04 | 005,568,080 | ---- | M] () -- C:\Users\Sebastian\ts3_recording_12_12_15_19_21_33.wav
[2012.12.15 18:50:02 | 004,673,023 | ---- | M] () -- C:\Users\Sebastian\Desktop\DCVDNS - Hilfe, Ich Werde Bedroht (Brille - 24.02.2012).mp3
[2012.12.14 21:34:06 | 000,002,515 | ---- | M] () -- C:\Users\Sebastian\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.08 13:04:53 | 000,006,847 | ---- | C] () -- C:\Users\Sebastian\Desktop\imgres.jpg
[2012.12.30 19:14:52 | 000,196,060 | ---- | C] () -- C:\Users\Sebastian\Documents\20121231_191425.jpg
[2012.12.27 07:26:29 | 000,003,480 | ---- | C] () -- C:\bootsqm.dat
[2012.12.21 14:00:08 | 200,049,040 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.15 19:21:34 | 005,568,080 | ---- | C] () -- C:\Users\Sebastian\ts3_recording_12_12_15_19_21_33.wav
[2012.12.15 18:49:49 | 004,673,023 | ---- | C] () -- C:\Users\Sebastian\Desktop\DCVDNS - Hilfe, Ich Werde Bedroht (Brille - 24.02.2012).mp3
[2012.10.07 16:23:47 | 000,006,144 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.31 14:31:44 | 000,001,406 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\wklnhst.dat
[2012.03.24 11:57:12 | 000,007,596 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\resmon.resmoncfg
[2012.01.03 16:28:56 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2012.01.03 16:28:56 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2012.01.01 16:39:24 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.08.30 15:14:22 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2011.06.17 10:39:32 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.06.15 16:50:57 | 000,000,680 | RHS- | C] () -- C:\Users\Sebastian\ntuser.pol
[2011.06.03 23:33:58 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.04.23 18:22:06 | 000,000,623 | ---- | C] () -- C:\Windows\eReg.dat
[2011.04.07 18:32:56 | 003,478,060 | ---- | C] () -- C:\Users\Sebastian\ts3_recording_11_04_07_19_32_54.wav
[2011.02.18 20:01:50 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2011.02.12 14:51:26 | 000,000,097 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\fusioncache.dat
[2011.02.12 14:19:20 | 001,520,412 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.10 16:53:33 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.24 20:17:23 | 272,208,428 | ---- | C] () -- C:\Users\Sebastian\ts3_recording_11_01_24_20_17_21.wav
[2010.12.21 16:57:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.16 15:32:08 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\.minecraft
[2012.06.10 11:07:28 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\.Nitrous
[2010.07.18 00:37:57 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Acreon
[2011.09.26 13:37:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\astragon Software GmbH
[2012.01.04 20:06:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Bioshock
[2011.08.15 13:44:31 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.06.15 17:30:14 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.03.25 20:05:48 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2012.09.23 10:43:54 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DVDVideoSoft
[2012.09.21 15:33:51 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.14 18:34:29 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FileZilla
[2012.05.12 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Hi-Rez Studios
[2013.01.07 23:52:03 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ICQ
[2011.08.05 19:45:01 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Kalypso Media
[2012.10.05 13:06:14 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Klett
[2010.09.10 07:56:49 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Leadertech
[2012.09.01 19:03:17 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Lionhead Studios
[2011.04.16 13:01:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\LolClient
[2012.05.24 11:53:49 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\LolClient2
[2012.05.12 15:20:30 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Need for Speed World
[2012.02.11 12:09:48 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Opera
[2012.12.07 18:07:47 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Origin
[2011.06.06 08:58:24 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ProtectDisc
[2011.03.18 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Screaming Bee
[2012.07.27 21:56:41 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\six-updater
[2012.07.27 21:36:28 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\six-zsync
[2012.05.24 15:33:05 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Smokin' Guns
[2011.02.18 23:37:17 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Teeworlds
[2012.08.31 14:31:46 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Template
[2010.12.21 15:25:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\The Games Company
[2012.03.27 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Thunderbird
[2011.10.14 12:43:24 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TIPP10
[2012.08.03 21:53:05 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TS3Client
[2012.04.11 12:23:38 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ts3overlay
[2011.06.08 17:06:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Ubisoft
[2012.10.10 19:42:03 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Wargaming.net
[2010.09.10 19:09:55 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\WildTangent
[2011.03.30 18:15:28 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.07.29 07:58:08 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.03 22:28:12 | 000,000,000 | ---D | M] -- C:\1033
[2012.12.28 16:35:12 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.07.10 15:02:39 | 000,000,000 | ---D | M] -- C:\Crash
[2010.08.04 16:03:12 | 000,000,000 | ---D | M] -- C:\dell
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.07.06 20:01:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.02.28 23:18:24 | 000,000,000 | ---D | M] -- C:\Download
[2010.07.03 16:21:08 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.03.25 18:23:11 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.07.25 17:58:39 | 000,000,000 | -HSD | M] -- C:\found.001
[2012.06.22 15:41:08 | 000,000,000 | -HSD | M] -- C:\found.002
[2012.10.07 10:32:24 | 000,000,000 | -HSD | M] -- C:\found.003
[2012.11.18 11:04:12 | 000,000,000 | -HSD | M] -- C:\found.004
[2012.12.27 07:25:21 | 000,000,000 | -HSD | M] -- C:\found.005
[2012.01.03 12:13:18 | 000,000,000 | ---D | M] -- C:\Fraps
[2010.07.03 06:41:49 | 000,000,000 | ---D | M] -- C:\Intel
[2010.07.03 06:50:35 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.07.13 22:05:42 | 000,000,000 | ---D | M] -- C:\Netts
[2011.07.08 18:23:08 | 000,000,000 | ---D | M] -- C:\Nexon
[2012.10.10 18:04:02 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.04.29 14:51:21 | 000,000,000 | ---D | M] -- C:\PFiles
[2012.12.07 22:45:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.28 16:31:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.10.20 19:51:16 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.07.06 20:01:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.07.06 20:07:02 | 000,000,000 | -HSD | M] -- C:\System Recovery
[2013.01.07 11:25:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.29 07:57:19 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.08 17:22:51 | 000,000,000 | ---D | M] -- C:\Windows
[2012.01.01 16:22:04 | 000,000,000 | ---D | M] -- C:\xampp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.11 12:07:18 | 000,001,084 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1627265003-3986830729-1591313232-1001Core.job
[2012.02.11 12:07:23 | 000,001,136 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1627265003-3986830729-1591313232-1001UA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.07.03 16:25:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.07.03 16:25:10 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.07.03 16:25:02 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010.07.03 16:25:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.07.03 16:25:10 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.07.03 16:25:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.07.03 16:25:10 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.07.03 16:25:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.07.03 16:25:10 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.07.03 16:25:02 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.07.03 16:25:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010.07.03 16:25:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Drivers\storage\R243136\IaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys
[2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.03 16:25:10 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.03 16:25:10 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.01.08 18:06:58 | 003,670,016 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat
[2013.01.08 18:06:58 | 000,262,144 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat.LOG1
[2010.07.06 20:01:41 | 000,000,000 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat.LOG2
[2010.07.07 11:48:20 | 000,065,536 | -HS- | M] () -- C:\Users\Sebastian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.07.07 11:48:20 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.07.07 11:48:20 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013.01.03 16:29:27 | 000,065,536 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{03b087ff-0ee2-11e1-89cd-00256489b9d5}.TM.blf
[2013.01.03 16:29:27 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{03b087ff-0ee2-11e1-89cd-00256489b9d5}.TMContainer00000000000000000001.regtrans-ms
[2011.11.14 19:42:32 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{03b087ff-0ee2-11e1-89cd-00256489b9d5}.TMContainer00000000000000000002.regtrans-ms
[2011.01.07 06:29:58 | 000,065,536 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{234bcc45-1a0a-11e0-8caf-00256489b9d5}.TM.blf
[2011.01.07 06:29:58 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{234bcc45-1a0a-11e0-8caf-00256489b9d5}.TMContainer00000000000000000001.regtrans-ms
[2011.01.07 06:29:58 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{234bcc45-1a0a-11e0-8caf-00256489b9d5}.TMContainer00000000000000000002.regtrans-ms
[2010.07.12 14:42:45 | 000,065,536 | -HS- | M] () -- C:\Users\Sebastian\NTUSER.DAT{25f8d762-8db8-11df-ad32-00256489b9d5}.TM.blf
[2010.07.12 14:42:45 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\NTUSER.DAT{25f8d762-8db8-11df-ad32-00256489b9d5}.TMContainer00000000000000000001.regtrans-ms
[2010.07.12 14:42:45 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\NTUSER.DAT{25f8d762-8db8-11df-ad32-00256489b9d5}.TMContainer00000000000000000002.regtrans-ms
[2011.01.20 12:08:58 | 000,065,536 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{75b958cf-2477-11e0-bab9-00256489b9d5}.TM.blf
[2011.01.20 12:08:58 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{75b958cf-2477-11e0-bab9-00256489b9d5}.TMContainer00000000000000000001.regtrans-ms
[2011.01.20 12:08:58 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{75b958cf-2477-11e0-bab9-00256489b9d5}.TMContainer00000000000000000002.regtrans-ms
[2011.01.06 17:26:39 | 000,065,536 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{93cb2479-19ac-11e0-a61f-00256489b9d5}.TM.blf
[2011.01.06 17:26:39 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{93cb2479-19ac-11e0-a61f-00256489b9d5}.TMContainer00000000000000000001.regtrans-ms
[2011.01.06 17:26:39 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{93cb2479-19ac-11e0-a61f-00256489b9d5}.TMContainer00000000000000000002.regtrans-ms
[2011.01.06 19:44:46 | 000,065,536 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{ca5121a4-19c1-11e0-9c3a-00256489b9d5}.TM.blf
[2011.01.06 19:44:46 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{ca5121a4-19c1-11e0-9c3a-00256489b9d5}.TMContainer00000000000000000001.regtrans-ms
[2011.01.06 19:44:46 | 000,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{ca5121a4-19c1-11e0-9c3a-00256489b9d5}.TMContainer00000000000000000002.regtrans-ms
[2010.07.06 20:01:41 | 000,000,020 | -HS- | M] () -- C:\Users\Sebastian\ntuser.ini
[2011.11.24 19:26:52 | 000,000,680 | RHS- | M] () -- C:\Users\Sebastian\ntuser.pol
[2011.01.24 20:46:21 | 272,208,428 | ---- | M] () -- C:\Users\Sebastian\ts3_recording_11_01_24_20_17_21.wav
[2011.04.07 18:33:22 | 003,478,060 | ---- | M] () -- C:\Users\Sebastian\ts3_recording_11_04_07_19_32_54.wav
[2012.12.15 19:22:04 | 005,568,080 | ---- | M] () -- C:\Users\Sebastian\ts3_recording_12_12_15_19_21_33.wav
[2013.01.08 13:12:55 | 000,032,768 | RHS- | M] (Softspecialists) -- C:\Users\Sebastian\wgsdgsdgdsgsd.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Files - Unicode (All) ==========
[2012.11.05 13:02:32 | 000,000,000 | ---D | M](C:\Users\Sebastian\Desktop\Cornelius Filme ??) -- C:\Users\Sebastian\Desktop\Cornelius Filme ♥♥
[2012.11.05 13:02:06 | 000,000,000 | ---D | C](C:\Users\Sebastian\Desktop\Cornelius Filme ??) -- C:\Users\Sebastian\Desktop\Cornelius Filme ♥♥
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:4FE5B2F8C9D209A2

< End of report >
         
--- --- ---

Alt 09.01.2013, 19:26   #5
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [svñhîst] C:\Users\Sebastian\wgsdgsdgdsgsd.exe (Softspecialists)
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 17:49   #6
marmeladelow
 
gvu trojaner - Standard

gvu trojaner



hier das log nach dem neustart
Zitat:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\svñhîst deleted successfully.
C:\Users\Sebastian\wgsdgsdgdsgsd.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Conni

User: Conni.Sebastian-PC
->Flash cache emptied: 57839 bytes

User: conni.Sebastian-PC.000

User: Default
->Flash cache emptied: 56468 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: lisi

User: Lisi.Sebastian-PC

User: Public

User: Sebastian
->Flash cache emptied: 16371253 bytes

Total Flash Files Cleaned = 16,00 mb


[EMPTYTEMP]

User: All Users

User: AppData

User: Conni

User: Conni.Sebastian-PC
->Temp folder emptied: 8720692 bytes
->Temporary Internet Files folder emptied: 55148314 bytes
->Opera cache emptied: 1252463 bytes
->Flash cache emptied: 0 bytes

User: conni.Sebastian-PC.000

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: lisi

User: Lisi.Sebastian-PC

User: Public

User: Sebastian
->Temp folder emptied: 198603599 bytes
->Temporary Internet Files folder emptied: 49225288 bytes
->Java cache emptied: 39222085 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69752904 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85230 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 403,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01092013_174216

Files\Folders moved on Reboot...
C:\Users\Sebastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
upload hat geklappt

Alt 10.01.2013, 18:09   #7
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



Danke
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 18:21   #8
marmeladelow
 
gvu trojaner - Standard

gvu trojaner



hier der scan
Zitat:
18:17:26.0041 2880 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:17:28.0054 2880 ============================================================
18:17:28.0054 2880 Current date / time: 2013/01/09 18:17:28.0054
18:17:28.0054 2880 SystemInfo:
18:17:28.0054 2880
18:17:28.0054 2880 OS Version: 6.1.7601 ServicePack: 1.0
18:17:28.0054 2880 Product type: Workstation
18:17:28.0054 2880 ComputerName: SEBASTIAN-PC
18:17:28.0054 2880 UserName: Sebastian
18:17:28.0054 2880 Windows directory: C:\Windows
18:17:28.0054 2880 System windows directory: C:\Windows
18:17:28.0054 2880 Running under WOW64
18:17:28.0054 2880 Processor architecture: Intel x64
18:17:28.0054 2880 Number of processors: 4
18:17:28.0054 2880 Page size: 0x1000
18:17:28.0054 2880 Boot type: Normal boot
18:17:28.0054 2880 ============================================================
18:17:29.0364 2880 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:17:29.0364 2880 Drive \Device\Harddisk1\DR1 - Size: 0x1CD940000 (7.21 Gb), SectorSize: 0x200, Cylinders: 0x3AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:17:29.0380 2880 ============================================================
18:17:29.0380 2880 \Device\Harddisk0\DR0:
18:17:29.0380 2880 MBR partitions:
18:17:29.0380 2880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x15F5000
18:17:29.0380 2880 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x161C800, BlocksNum 0x730E9800
18:17:29.0380 2880 \Device\Harddisk1\DR1:
18:17:29.0380 2880 MBR partitions:
18:17:29.0380 2880 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xE6AA80
18:17:29.0380 2880 ============================================================
18:17:29.0536 2880 C: <-> \Device\Harddisk0\DR0\Partition2
18:17:29.0536 2880 ============================================================
18:17:29.0536 2880 Initialize success
18:17:29.0536 2880 ============================================================
18:18:03.0107 3412 ============================================================
18:18:03.0107 3412 Scan started
18:18:03.0107 3412 Mode: Manual; SigCheck; TDLFS;
18:18:03.0107 3412 ============================================================
18:18:03.0825 3412 ================ Scan system memory ========================
18:18:03.0825 3412 System memory - ok
18:18:03.0825 3412 ================ Scan services =============================
18:18:04.0995 3412 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:18:05.0057 3412 1394ohci - ok
18:18:05.0213 3412 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:18:05.0244 3412 ACPI - ok
18:18:05.0307 3412 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:18:05.0322 3412 AcpiPmi - ok
18:18:05.0572 3412 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:18:05.0587 3412 adp94xx - ok
18:18:05.0853 3412 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:18:05.0868 3412 adpahci - ok
18:18:06.0102 3412 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:18:06.0118 3412 adpu320 - ok
18:18:06.0180 3412 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:18:06.0227 3412 AeLookupSvc - ok
18:18:06.0492 3412 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:18:06.0508 3412 AFD - ok
18:18:06.0648 3412 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:18:06.0664 3412 agp440 - ok
18:18:07.0912 3412 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
18:18:07.0912 3412 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
18:18:07.0912 3412 Akamai ( HiddenFile.Multi.Generic ) - warning
18:18:07.0912 3412 Akamai - detected HiddenFile.Multi.Generic (1)
18:18:08.0068 3412 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:18:08.0083 3412 ALG - ok
18:18:08.0271 3412 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:18:08.0286 3412 aliide - ok
18:18:08.0395 3412 [ 11276158EEEEADF3EB154061BFC80A19 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:18:08.0411 3412 AMD External Events Utility - ok
18:18:08.0536 3412 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:18:08.0551 3412 amdide - ok
18:18:08.0723 3412 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:18:08.0739 3412 AmdK8 - ok
18:18:10.0439 3412 [ DF943A113060D3ABFDA4730AE4163D6F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:18:10.0533 3412 amdkmdag - ok
18:18:11.0032 3412 [ 4003B34B4A83DE29CD1C88EB6C869E58 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:18:11.0047 3412 amdkmdap - ok
18:18:11.0094 3412 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:18:11.0110 3412 AmdPPM - ok
18:18:11.0250 3412 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:18:11.0266 3412 amdsata - ok
18:18:11.0406 3412 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:18:11.0422 3412 amdsbs - ok
18:18:11.0515 3412 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:18:11.0531 3412 amdxata - ok
18:18:12.0077 3412 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:18:12.0077 3412 AntiVirSchedulerService - ok
18:18:12.0295 3412 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:18:12.0311 3412 AntiVirService - ok
18:18:12.0795 3412 [ 53EA061ECC67223A430F153C3682AD54 ] Apache2.2 c:\xampp\apache\bin\httpd.exe
18:18:12.0795 3412 Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
18:18:12.0795 3412 Apache2.2 - detected UnsignedFile.Multi.Generic (1)
18:18:13.0029 3412 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:18:13.0075 3412 AppID - ok
18:18:13.0138 3412 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:18:13.0169 3412 AppIDSvc - ok
18:18:13.0325 3412 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:18:13.0356 3412 Appinfo - ok
18:18:13.0731 3412 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:18:13.0746 3412 AppMgmt - ok
18:18:13.0902 3412 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:18:13.0918 3412 arc - ok
18:18:14.0027 3412 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:18:14.0043 3412 arcsas - ok
18:18:14.0199 3412 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:18:14.0245 3412 AsyncMac - ok
18:18:14.0495 3412 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:18:14.0511 3412 atapi - ok
18:18:14.0729 3412 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
18:18:14.0745 3412 AtiHdmiService - ok
18:18:15.0610 3412 [ DF943A113060D3ABFDA4730AE4163D6F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:18:15.0701 3412 atikmdag - ok
18:18:16.0103 3412 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
18:18:16.0120 3412 atksgt - ok
18:18:16.0274 3412 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:18:16.0321 3412 AudioEndpointBuilder - ok
18:18:16.0477 3412 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:18:16.0524 3412 AudioSrv - ok
18:18:16.0602 3412 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:18:16.0617 3412 avgntflt - ok
18:18:16.0758 3412 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:18:16.0773 3412 avipbb - ok
18:18:17.0023 3412 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:18:17.0038 3412 AxInstSV - ok
18:18:17.0288 3412 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:18:17.0304 3412 b06bdrv - ok
18:18:17.0538 3412 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:18:17.0553 3412 b57nd60a - ok
18:18:17.0662 3412 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:18:17.0678 3412 BDESVC - ok
18:18:17.0803 3412 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:18:17.0834 3412 Beep - ok
18:18:18.0224 3412 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:18:18.0630 3412 BFE - ok
18:18:18.0895 3412 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:18:18.0942 3412 BITS - ok
18:18:19.0020 3412 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:18:19.0035 3412 blbdrive - ok
18:18:19.0269 3412 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:18:19.0269 3412 bowser - ok
18:18:19.0378 3412 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:18:19.0378 3412 BrFiltLo - ok
18:18:19.0488 3412 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:18:19.0503 3412 BrFiltUp - ok
18:18:19.0550 3412 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:18:19.0566 3412 Browser - ok
18:18:19.0644 3412 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:18:19.0659 3412 Brserid - ok
18:18:19.0737 3412 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:18:19.0753 3412 BrSerWdm - ok
18:18:19.0784 3412 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:18:19.0800 3412 BrUsbMdm - ok
18:18:19.0956 3412 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:18:19.0971 3412 BrUsbSer - ok
18:18:20.0190 3412 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:18:20.0205 3412 BTHMODEM - ok
18:18:20.0332 3412 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:18:20.0364 3412 bthserv - ok
18:18:20.0515 3412 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:18:20.0551 3412 cdfs - ok
18:18:20.0858 3412 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:18:20.0872 3412 cdrom - ok
18:18:21.0052 3412 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:18:21.0092 3412 CertPropSvc - ok
18:18:21.0182 3412 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:18:21.0197 3412 circlass - ok
18:18:21.0340 3412 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:18:21.0359 3412 CLFS - ok
18:18:21.0851 3412 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:18:21.0863 3412 clr_optimization_v2.0.50727_32 - ok
18:18:22.0138 3412 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:18:22.0150 3412 clr_optimization_v2.0.50727_64 - ok
18:18:22.0742 3412 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:18:22.0755 3412 clr_optimization_v4.0.30319_32 - ok
18:18:23.0524 3412 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:18:23.0539 3412 clr_optimization_v4.0.30319_64 - ok
18:18:23.0649 3412 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:18:23.0664 3412 CmBatt - ok
18:18:23.0742 3412 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:18:23.0742 3412 cmdide - ok
18:18:23.0914 3412 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:18:23.0945 3412 CNG - ok
18:18:24.0007 3412 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:18:24.0023 3412 Compbatt - ok
18:18:24.0132 3412 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:18:24.0163 3412 CompositeBus - ok
18:18:24.0210 3412 COMSysApp - ok
18:18:24.0304 3412 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:18:24.0319 3412 crcdisk - ok
18:18:24.0491 3412 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:18:24.0507 3412 CryptSvc - ok
18:18:24.0585 3412 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:18:24.0616 3412 CSC - ok
18:18:24.0865 3412 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:18:24.0881 3412 CscService - ok
18:18:25.0318 3412 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
18:18:25.0318 3412 DAUpdaterSvc - ok
18:18:25.0505 3412 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:18:25.0552 3412 DcomLaunch - ok
18:18:25.0692 3412 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:18:25.0739 3412 defragsvc - ok
18:18:25.0879 3412 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:18:25.0911 3412 DfsC - ok
18:18:26.0082 3412 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:18:26.0098 3412 Dhcp - ok
18:18:26.0176 3412 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:18:26.0207 3412 discache - ok
18:18:26.0425 3412 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:18:26.0441 3412 Disk - ok
18:18:26.0593 3412 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:18:26.0603 3412 Dnscache - ok
18:18:26.0853 3412 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
18:18:26.0853 3412 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
18:18:26.0853 3412 DockLoginService - detected UnsignedFile.Multi.Generic (1)
18:18:27.0043 3412 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:18:27.0073 3412 dot3svc - ok
18:18:27.0153 3412 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:18:27.0193 3412 DPS - ok
18:18:27.0316 3412 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:18:27.0331 3412 drmkaud - ok
18:18:27.0597 3412 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:18:27.0628 3412 DXGKrnl - ok
18:18:27.0893 3412 EagleX64 - ok
18:18:27.0971 3412 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:18:28.0018 3412 EapHost - ok
18:18:28.0564 3412 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:18:28.0611 3412 ebdrv - ok
18:18:28.0657 3412 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:18:28.0673 3412 EFS - ok
18:18:28.0938 3412 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:18:28.0954 3412 ehRecvr - ok
18:18:29.0001 3412 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:18:29.0016 3412 ehSched - ok
18:18:29.0172 3412 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:18:29.0203 3412 elxstor - ok
18:18:29.0235 3412 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:18:29.0250 3412 ErrDev - ok
18:18:29.0406 3412 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:18:29.0437 3412 EventSystem - ok
18:18:29.0687 3412 [ 8ADACFFAD67394C711698EA074CE3BAB ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
18:18:29.0703 3412 ewusbnet - ok
18:18:29.0749 3412 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:18:29.0796 3412 exfat - ok
18:18:29.0843 3412 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:18:29.0874 3412 fastfat - ok
18:18:30.0139 3412 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:18:30.0155 3412 Fax - ok
18:18:30.0171 3412 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:18:30.0186 3412 fdc - ok
18:18:30.0264 3412 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:18:30.0311 3412 fdPHost - ok
18:18:30.0327 3412 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:18:30.0358 3412 FDResPub - ok
18:18:30.0420 3412 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:18:30.0436 3412 FileInfo - ok
18:18:30.0451 3412 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:18:30.0483 3412 Filetrace - ok
18:18:30.0561 3412 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:18:30.0576 3412 flpydisk - ok
18:18:30.0748 3412 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:18:30.0763 3412 FltMgr - ok
18:18:31.0013 3412 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:18:31.0044 3412 FontCache - ok
18:18:31.0138 3412 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:18:31.0153 3412 FontCache3.0.0.0 - ok
18:18:31.0200 3412 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:18:31.0216 3412 FsDepends - ok
18:18:31.0247 3412 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:18:31.0263 3412 Fs_Rec - ok
18:18:31.0434 3412 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:18:31.0450 3412 fvevol - ok
18:18:31.0590 3412 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:18:31.0606 3412 gagp30kx - ok
18:18:31.0996 3412 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
18:18:31.0996 3412 GameConsoleService - ok
18:18:32.0136 3412 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:18:32.0214 3412 gpsvc - ok
18:18:32.0370 3412 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:18:32.0386 3412 hamachi - ok
18:18:33.0088 3412 [ 21D24138B736983F6E23823E092E9428 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:18:33.0135 3412 Hamachi2Svc - ok
18:18:33.0275 3412 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:18:33.0291 3412 hcw85cir - ok
18:18:33.0384 3412 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:18:33.0400 3412 HdAudAddService - ok
18:18:33.0525 3412 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:18:33.0540 3412 HDAudBus - ok
18:18:33.0587 3412 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:18:33.0603 3412 HidBatt - ok
18:18:33.0649 3412 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:18:33.0681 3412 HidBth - ok
18:18:33.0727 3412 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:18:33.0743 3412 HidIr - ok
18:18:33.0774 3412 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:18:33.0821 3412 hidserv - ok
18:18:33.0946 3412 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:18:33.0961 3412 HidUsb - ok
18:18:34.0055 3412 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:18:34.0102 3412 hkmsvc - ok
18:18:34.0164 3412 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:18:34.0180 3412 HomeGroupListener - ok
18:18:34.0242 3412 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:18:34.0258 3412 HomeGroupProvider - ok
18:18:34.0320 3412 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:18:34.0336 3412 HpSAMD - ok
18:18:34.0539 3412 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:18:34.0585 3412 HTTP - ok
18:18:34.0757 3412 [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:18:34.0773 3412 hwdatacard - ok
18:18:34.0819 3412 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:18:34.0835 3412 hwpolicy - ok
18:18:34.0897 3412 [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
18:18:34.0913 3412 hwusbdev - ok
18:18:35.0085 3412 [ 4B7423FCC37664954460AC3E71752B62 ] hxctlflt C:\Windows\system32\DRIVERS\hxctlflt.sys
18:18:35.0085 3412 hxctlflt - ok
18:18:35.0194 3412 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:18:35.0209 3412 i8042prt - ok
18:18:35.0631 3412 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:18:35.0646 3412 IAANTMON - ok
18:18:35.0771 3412 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:18:35.0787 3412 iaStor - ok
18:18:35.0943 3412 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:18:35.0974 3412 iaStorV - ok
18:18:36.0489 3412 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:18:36.0489 3412 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:18:36.0489 3412 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:18:36.0754 3412 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:18:36.0769 3412 idsvc - ok
18:18:36.0863 3412 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:18:36.0879 3412 iirsp - ok
18:18:37.0269 3412 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:18:37.0315 3412 IKEEXT - ok
18:18:37.0815 3412 [ 492CD3A94913D753B4591CD9E29EC843 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:18:37.0846 3412 IntcAzAudAddService - ok
18:18:37.0877 3412 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:18:37.0893 3412 intelide - ok
18:18:38.0017 3412 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:18:38.0033 3412 intelppm - ok
18:18:38.0064 3412 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:18:38.0111 3412 IPBusEnum - ok
18:18:38.0158 3412 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:18:38.0189 3412 IpFilterDriver - ok
18:18:38.0345 3412 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:18:38.0376 3412 iphlpsvc - ok
18:18:38.0407 3412 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:18:38.0423 3412 IPMIDRV - ok
18:18:38.0485 3412 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:18:38.0548 3412 IPNAT - ok
18:18:38.0704 3412 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:18:38.0719 3412 IRENUM - ok
18:18:38.0751 3412 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:18:38.0766 3412 isapnp - ok
18:18:38.0922 3412 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:18:38.0938 3412 iScsiPrt - ok
18:18:39.0156 3412 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:18:39.0187 3412 kbdclass - ok
18:18:39.0281 3412 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:18:39.0297 3412 kbdhid - ok
18:18:39.0328 3412 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:18:39.0343 3412 KeyIso - ok
18:18:39.0375 3412 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:18:39.0390 3412 KSecDD - ok
18:18:39.0484 3412 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:18:39.0546 3412 KSecPkg - ok
18:18:39.0702 3412 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:18:39.0733 3412 ksthunk - ok
18:18:39.0827 3412 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:18:39.0905 3412 KtmRm - ok
18:18:40.0077 3412 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:18:40.0108 3412 LanmanServer - ok
18:18:40.0295 3412 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:18:40.0342 3412 LanmanWorkstation - ok
18:18:40.0467 3412 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
18:18:40.0513 3412 LGBusEnum - ok
18:18:40.0638 3412 [ 158D22B9EA55C5D7449ADD199015715E ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
18:18:40.0669 3412 LGSHidFilt - ok
18:18:40.0841 3412 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
18:18:40.0857 3412 LGVirHid - ok
18:18:41.0169 3412 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
18:18:41.0184 3412 lirsgt - ok
18:18:41.0325 3412 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:18:41.0371 3412 lltdio - ok
18:18:41.0527 3412 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:18:41.0574 3412 lltdsvc - ok
18:18:41.0605 3412 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:18:41.0637 3412 lmhosts - ok
18:18:41.0824 3412 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:18:41.0839 3412 LSI_FC - ok
18:18:42.0058 3412 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:18:42.0073 3412 LSI_SAS - ok
18:18:42.0229 3412 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:18:42.0245 3412 LSI_SAS2 - ok
18:18:42.0370 3412 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:18:42.0385 3412 LSI_SCSI - ok
18:18:42.0526 3412 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:18:42.0573 3412 luafv - ok
18:18:42.0682 3412 lxdn_device - ok
18:18:42.0760 3412 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:18:42.0775 3412 Mcx2Svc - ok
18:18:42.0853 3412 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:18:42.0869 3412 megasas - ok
18:18:43.0041 3412 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:18:43.0056 3412 MegaSR - ok
18:18:43.0462 3412 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:18:43.0493 3412 MMCSS - ok
18:18:43.0587 3412 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:18:43.0618 3412 Modem - ok
18:18:43.0805 3412 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:18:43.0821 3412 monitor - ok
18:18:43.0930 3412 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:18:43.0945 3412 mouclass - ok
18:18:44.0101 3412 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:18:44.0117 3412 mouhid - ok
18:18:44.0164 3412 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:18:44.0179 3412 mountmgr - ok
18:18:44.0585 3412 [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:18:44.0601 3412 MozillaMaintenance - ok
18:18:44.0757 3412 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:18:44.0772 3412 mpio - ok
18:18:44.0819 3412 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:18:44.0850 3412 mpsdrv - ok
18:18:45.0303 3412 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:18:45.0349 3412 MpsSvc - ok
18:18:45.0521 3412 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:18:45.0537 3412 MRxDAV - ok
18:18:45.0630 3412 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:18:45.0646 3412 mrxsmb - ok
18:18:45.0880 3412 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:18:45.0895 3412 mrxsmb10 - ok
18:18:45.0973 3412 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:18:45.0989 3412 mrxsmb20 - ok
18:18:46.0051 3412 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:18:46.0067 3412 msahci - ok
18:18:46.0207 3412 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:18:46.0223 3412 msdsm - ok
18:18:46.0348 3412 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:18:46.0363 3412 MSDTC - ok
18:18:46.0473 3412 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:18:46.0504 3412 Msfs - ok
18:18:46.0566 3412 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:18:46.0597 3412 mshidkmdf - ok
18:18:46.0660 3412 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:18:46.0675 3412 msisadrv - ok
18:18:46.0863 3412 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:18:46.0894 3412 MSiSCSI - ok
18:18:46.0894 3412 msiserver - ok
18:18:47.0409 3412 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:18:47.0440 3412 MSKSSRV - ok
18:18:47.0611 3412 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:18:47.0643 3412 MSPCLOCK - ok
18:18:47.0799 3412 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:18:47.0845 3412 MSPQM - ok
18:18:47.0892 3412 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:18:47.0908 3412 MsRPC - ok
18:18:47.0986 3412 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:18:48.0001 3412 mssmbios - ok
18:18:48.0173 3412 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:18:48.0204 3412 MSTEE - ok
18:18:48.0251 3412 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:18:48.0251 3412 MTConfig - ok
18:18:48.0360 3412 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:18:48.0376 3412 Mup - ok
18:18:48.0781 3412 mysql - ok
18:18:49.0015 3412 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:18:49.0047 3412 napagent - ok
18:18:49.0187 3412 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:18:49.0218 3412 NativeWifiP - ok
18:18:49.0530 3412 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:18:49.0546 3412 NDIS - ok
18:18:49.0686 3412 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:18:49.0749 3412 NdisCap - ok
18:18:49.0842 3412 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:18:49.0873 3412 NdisTapi - ok
18:18:49.0998 3412 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:18:50.0029 3412 Ndisuio - ok
18:18:50.0107 3412 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:18:50.0154 3412 NdisWan - ok
18:18:50.0185 3412 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:18:50.0217 3412 NDProxy - ok
18:18:50.0341 3412 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:18:50.0373 3412 NetBIOS - ok
18:18:50.0466 3412 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:18:50.0497 3412 NetBT - ok
18:18:50.0513 3412 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:18:50.0529 3412 Netlogon - ok
18:18:50.0794 3412 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:18:50.0825 3412 Netman - ok
18:18:51.0355 3412 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:18:51.0371 3412 NetMsmqActivator - ok
18:18:51.0511 3412 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:18:51.0527 3412 NetPipeActivator - ok
18:18:51.0839 3412 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:18:51.0886 3412 netprofm - ok
18:18:51.0964 3412 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:18:51.0979 3412 NetTcpActivator - ok
18:18:51.0979 3412 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:18:51.0995 3412 NetTcpPortSharing - ok
18:18:52.0135 3412 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:18:52.0151 3412 nfrd960 - ok
18:18:52.0291 3412 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:18:52.0306 3412 NlaSvc - ok
18:18:52.0439 3412 [ 9573223E205907247AE6D948E3453770 ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
18:18:52.0465 3412 nmwcdnsux64 - ok
18:18:52.0526 3412 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:18:52.0560 3412 Npfs - ok
18:18:52.0602 3412 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:18:52.0637 3412 nsi - ok
18:18:52.0653 3412 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:18:52.0688 3412 nsiproxy - ok
18:18:53.0072 3412 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:18:53.0106 3412 Ntfs - ok
18:18:53.0176 3412 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:18:53.0209 3412 Null - ok
18:18:53.0275 3412 NVHDA - ok
18:18:53.0378 3412 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:18:53.0392 3412 nvraid - ok
18:18:53.0463 3412 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:18:53.0476 3412 nvstor - ok
18:18:53.0531 3412 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:18:53.0544 3412 nv_agp - ok
18:18:54.0068 3412 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:18:54.0083 3412 odserv - ok
18:18:54.0193 3412 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:18:54.0208 3412 ohci1394 - ok
18:18:54.0364 3412 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:18:54.0380 3412 ose - ok
18:18:54.0489 3412 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:18:54.0505 3412 p2pimsvc - ok
18:18:54.0661 3412 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:18:54.0676 3412 p2psvc - ok
18:18:54.0785 3412 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:18:54.0801 3412 Parport - ok
18:18:54.0895 3412 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:18:54.0910 3412 partmgr - ok
18:18:54.0988 3412 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:18:55.0019 3412 PcaSvc - ok
18:18:55.0097 3412 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:18:55.0113 3412 pci - ok
18:18:55.0160 3412 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:18:55.0175 3412 pciide - ok
18:18:55.0253 3412 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:18:55.0269 3412 pcmcia - ok
18:18:55.0331 3412 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:18:55.0331 3412 pcw - ok
18:18:55.0441 3412 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:18:55.0487 3412 PEAUTH - ok
18:18:56.0049 3412 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:18:56.0080 3412 PeerDistSvc - ok
18:18:58.0406 3412 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:18:58.0420 3412 PerfHost - ok
18:18:58.0781 3412 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:18:58.0827 3412 pla - ok
18:18:59.0091 3412 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:18:59.0110 3412 PlugPlay - ok
18:18:59.0312 3412 PnkBstrA - ok
18:18:59.0415 3412 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:18:59.0430 3412 PNRPAutoReg - ok
18:18:59.0520 3412 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:18:59.0538 3412 PNRPsvc - ok
18:18:59.0664 3412 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:18:59.0703 3412 PolicyAgent - ok
18:18:59.0769 3412 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:18:59.0804 3412 Power - ok
18:18:59.0973 3412 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:19:00.0010 3412 PptpMiniport - ok
18:19:00.0045 3412 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:19:00.0059 3412 Processor - ok
18:19:00.0173 3412 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:19:00.0189 3412 ProfSvc - ok
18:19:00.0233 3412 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:19:00.0248 3412 ProtectedStorage - ok
18:19:00.0376 3412 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:19:00.0413 3412 Psched - ok
18:19:00.0813 3412 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:19:00.0846 3412 ql2300 - ok
18:19:00.0896 3412 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:19:00.0911 3412 ql40xx - ok
18:19:01.0043 3412 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:19:01.0066 3412 QWAVE - ok
18:19:01.0144 3412 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:19:01.0162 3412 QWAVEdrv - ok
18:19:01.0211 3412 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:19:01.0248 3412 RasAcd - ok
18:19:01.0358 3412 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:19:01.0397 3412 RasAgileVpn - ok
18:19:01.0458 3412 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:19:01.0492 3412 RasAuto - ok
18:19:01.0574 3412 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:19:01.0612 3412 Rasl2tp - ok
18:19:01.0984 3412 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:19:02.0025 3412 RasMan - ok
18:19:02.0148 3412 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:19:02.0185 3412 RasPppoe - ok
18:19:02.0309 3412 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:19:02.0346 3412 RasSstp - ok
18:19:02.0462 3412 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:19:02.0499 3412 rdbss - ok
18:19:02.0566 3412 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:19:02.0583 3412 rdpbus - ok
18:19:02.0636 3412 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:19:02.0671 3412 RDPCDD - ok
18:19:02.0758 3412 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:19:02.0773 3412 RDPDR - ok
18:19:03.0024 3412 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:19:03.0060 3412 RDPENCDD - ok
18:19:03.0130 3412 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:19:03.0168 3412 RDPREFMP - ok
18:19:03.0277 3412 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:19:03.0292 3412 RDPWD - ok
18:19:03.0482 3412 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:19:03.0499 3412 rdyboost - ok
18:19:03.0562 3412 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:19:03.0599 3412 RemoteAccess - ok
18:19:03.0737 3412 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:19:03.0776 3412 RemoteRegistry - ok
18:19:03.0964 3412 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:19:04.0004 3412 RpcEptMapper - ok
18:19:04.0064 3412 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:19:04.0079 3412 RpcLocator - ok
18:19:04.0225 3412 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:19:04.0265 3412 RpcSs - ok
18:19:04.0377 3412 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:19:04.0409 3412 rspndr - ok
18:19:04.0751 3412 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:19:04.0771 3412 RTL8167 - ok
18:19:05.0446 3412 [ 6C90231046FB9FC4123C42179832817F ] s117bus C:\Windows\system32\DRIVERS\s117bus.sys
18:19:05.0458 3412 s117bus - ok
18:19:05.0580 3412 [ 3279341C90EF8F226AF77623039F4495 ] s117mdfl C:\Windows\system32\DRIVERS\s117mdfl.sys
18:19:05.0590 3412 s117mdfl - ok
18:19:05.0694 3412 [ 73E331F555279E753B312675DDAF4516 ] s117mdm C:\Windows\system32\DRIVERS\s117mdm.sys
18:19:05.0702 3412 s117mdm - ok
18:19:05.0922 3412 [ D420731FD2880F0F40F20771EFAAD671 ] s117mgmt C:\Windows\system32\DRIVERS\s117mgmt.sys
18:19:05.0934 3412 s117mgmt - ok
18:19:06.0367 3412 [ 98236CA5A9A77D0983AC3F6D6527C796 ] s117nd5 C:\Windows\system32\DRIVERS\s117nd5.sys
18:19:06.0377 3412 s117nd5 - ok
18:19:06.0574 3412 [ 1DD613909477AE298C98E86617EC356B ] s117obex C:\Windows\system32\DRIVERS\s117obex.sys
18:19:06.0586 3412 s117obex - ok
18:19:06.0690 3412 [ 9A22DF5FE9B6BE279D820776A6ADB56F ] s117unic C:\Windows\system32\DRIVERS\s117unic.sys
18:19:06.0702 3412 s117unic - ok
18:19:06.0763 3412 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:19:06.0778 3412 s3cap - ok
18:19:06.0834 3412 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:19:06.0848 3412 SamSs - ok
18:19:06.0903 3412 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:19:06.0918 3412 sbp2port - ok
18:19:07.0062 3412 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:19:07.0098 3412 SCardSvr - ok
18:19:07.0159 3412 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:19:07.0196 3412 scfilter - ok
18:19:07.0563 3412 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:19:07.0607 3412 Schedule - ok
18:19:07.0668 3412 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:19:07.0704 3412 SCPolicySvc - ok
18:19:07.0888 3412 [ 8B56BDCE6A303DDE63D63440D1CF9AD1 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
18:19:07.0888 3412 ScreamBAudioSvc - ok
18:19:07.0985 3412 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:19:08.0001 3412 SDRSVC - ok
18:19:08.0112 3412 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:19:08.0150 3412 secdrv - ok
18:19:08.0193 3412 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:19:08.0227 3412 seclogon - ok
18:19:08.0441 3412 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
18:19:08.0454 3412 seehcri - ok
18:19:08.0514 3412 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:19:08.0547 3412 SENS - ok
18:19:08.0599 3412 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:19:08.0612 3412 SensrSvc - ok
18:19:08.0636 3412 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:19:08.0648 3412 Serenum - ok
18:19:08.0697 3412 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:19:08.0709 3412 Serial - ok
18:19:08.0772 3412 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:19:08.0784 3412 sermouse - ok
18:19:08.0840 3412 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:19:08.0873 3412 SessionEnv - ok
18:19:08.0931 3412 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:19:08.0945 3412 sffdisk - ok
18:19:08.0969 3412 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:19:08.0983 3412 sffp_mmc - ok
18:19:09.0014 3412 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:19:09.0029 3412 sffp_sd - ok
18:19:09.0085 3412 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:19:09.0096 3412 sfloppy - ok
18:19:09.0533 3412 [ BEB504962E36D6F368EBFC702A659E09 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:19:09.0550 3412 SftService - ok
18:19:09.0781 3412 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:19:09.0819 3412 SharedAccess - ok
18:19:09.0928 3412 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:19:09.0965 3412 ShellHWDetection - ok
18:19:10.0242 3412 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:19:10.0256 3412 SiSRaid2 - ok
18:19:10.0334 3412 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:19:10.0348 3412 SiSRaid4 - ok
18:19:10.0795 3412 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:19:10.0807 3412 SkypeUpdate - ok
18:19:10.0976 3412 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:19:11.0012 3412 Smb - ok
18:19:11.0229 3412 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:19:11.0245 3412 SNMPTRAP - ok
18:19:14.0640 3412 [ 56B69DE178E12F4C2A25AC18E1D0BFB0 ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
18:19:14.0750 3412 SNPSTD3 - ok
18:19:14.0835 3412 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:19:14.0849 3412 spldr - ok
18:19:15.0047 3412 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:19:15.0068 3412 Spooler - ok
18:19:15.0581 3412 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:19:15.0645 3412 sppsvc - ok
18:19:15.0787 3412 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:19:15.0827 3412 sppuinotify - ok
18:19:16.0250 3412 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
18:19:16.0263 3412 sprtsvc_DellSupportCenter - ok
18:19:16.0406 3412 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:19:16.0424 3412 srv - ok
18:19:16.0558 3412 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:19:16.0575 3412 srv2 - ok
18:19:16.0634 3412 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:19:16.0649 3412 srvnet - ok
18:19:16.0880 3412 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:19:16.0919 3412 SSDPSRV - ok
18:19:16.0981 3412 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:19:17.0018 3412 SstpSvc - ok
18:19:17.0379 3412 Steam Client Service - ok
18:19:17.0437 3412 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:19:17.0451 3412 stexstor - ok
18:19:18.0087 3412 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:19:18.0113 3412 stisvc - ok
18:19:18.0509 3412 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:19:18.0523 3412 storflt - ok
18:19:18.0590 3412 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:19:18.0606 3412 StorSvc - ok
18:19:18.0682 3412 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:19:18.0695 3412 storvsc - ok
18:19:18.0757 3412 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:19:18.0770 3412 swenum - ok
18:19:18.0825 3412 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:19:18.0868 3412 swprv - ok
18:19:19.0107 3412 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:19:19.0143 3412 SysMain - ok
18:19:19.0190 3412 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:19:19.0211 3412 TabletInputService - ok
18:19:19.0388 3412 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:19:19.0429 3412 TapiSrv - ok
18:19:19.0516 3412 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:19:19.0555 3412 TBS - ok
18:19:20.0315 3412 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:19:20.0352 3412 Tcpip - ok
18:19:21.0156 3412 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:19:21.0193 3412 TCPIP6 - ok
18:19:21.0274 3412 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:19:21.0286 3412 tcpipreg - ok
18:19:21.0339 3412 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:19:21.0351 3412 TDPIPE - ok
18:19:21.0404 3412 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:19:21.0416 3412 TDTCP - ok
18:19:21.0589 3412 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:19:21.0625 3412 tdx - ok
18:19:22.0028 3412 TEAM - ok
18:19:22.0095 3412 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:19:22.0109 3412 TermDD - ok
18:19:22.0254 3412 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:19:22.0295 3412 TermService - ok
18:19:22.0371 3412 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:19:22.0391 3412 Themes - ok
18:19:22.0441 3412 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:19:22.0476 3412 THREADORDER - ok
18:19:22.0585 3412 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:19:22.0622 3412 TrkWks - ok
18:19:22.0745 3412 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:19:22.0783 3412 TrustedInstaller - ok
18:19:22.0848 3412 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:19:22.0884 3412 tssecsrv - ok
18:19:23.0562 3412 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:19:23.0576 3412 TsUsbFlt - ok
18:19:23.0772 3412 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:19:23.0809 3412 tunnel - ok
18:19:23.0881 3412 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:19:23.0895 3412 uagp35 - ok
18:19:24.0042 3412 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:19:24.0081 3412 udfs - ok
18:19:24.0156 3412 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:19:24.0173 3412 UI0Detect - ok
18:19:24.0253 3412 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:19:24.0267 3412 uliagpkx - ok
18:19:24.0583 3412 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:19:24.0597 3412 umbus - ok
18:19:24.0647 3412 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:19:24.0662 3412 UmPass - ok
18:19:24.0775 3412 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:19:24.0792 3412 UmRdpService - ok
18:19:24.0898 3412 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:19:24.0937 3412 upnphost - ok
18:19:25.0036 3412 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:19:25.0054 3412 usbaudio - ok
18:19:25.0097 3412 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:19:25.0112 3412 usbccgp - ok
18:19:25.0188 3412 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:19:25.0205 3412 usbcir - ok
18:19:25.0245 3412 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:19:25.0256 3412 usbehci - ok
18:19:25.0535 3412 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:19:25.0550 3412 usbhub - ok
18:19:25.0607 3412 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:19:25.0621 3412 usbohci - ok
18:19:25.0750 3412 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:19:25.0763 3412 usbprint - ok
18:19:25.0819 3412 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:19:25.0835 3412 usbscan - ok
18:19:25.0892 3412 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:19:25.0907 3412 USBSTOR - ok
18:19:25.0936 3412 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:19:25.0949 3412 usbuhci - ok
18:19:26.0011 3412 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:19:26.0047 3412 UxSms - ok
18:19:26.0084 3412 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:19:26.0096 3412 VaultSvc - ok
18:19:26.0199 3412 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:19:26.0213 3412 vdrvroot - ok
18:19:26.0350 3412 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:19:26.0393 3412 vds - ok
18:19:26.0655 3412 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:19:26.0673 3412 vga - ok
18:19:26.0780 3412 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:19:26.0817 3412 VgaSave - ok
18:19:26.0880 3412 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:19:26.0897 3412 vhdmp - ok
18:19:26.0973 3412 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:19:26.0986 3412 viaide - ok
18:19:27.0102 3412 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:19:27.0118 3412 vmbus - ok
18:19:27.0199 3412 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:19:27.0213 3412 VMBusHID - ok
18:19:27.0268 3412 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:19:27.0282 3412 volmgr - ok
18:19:27.0372 3412 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:19:27.0387 3412 volmgrx - ok
18:19:27.0458 3412 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:19:27.0475 3412 volsnap - ok
18:19:27.0671 3412 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:19:27.0687 3412 vsmraid - ok
18:19:28.0182 3412 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:19:28.0234 3412 VSS - ok
18:19:28.0284 3412 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:19:28.0301 3412 vwifibus - ok
18:19:28.0484 3412 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:19:28.0526 3412 W32Time - ok
18:19:28.0589 3412 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:19:28.0603 3412 WacomPen - ok
18:19:28.0782 3412 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:19:28.0813 3412 WANARP - ok
18:19:28.0953 3412 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:19:28.0985 3412 Wanarpv6 - ok
18:19:29.0297 3412 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:19:29.0328 3412 wbengine - ok
18:19:29.0468 3412 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:19:29.0499 3412 WbioSrvc - ok
18:19:29.0624 3412 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:19:29.0640 3412 wcncsvc - ok
18:19:29.0702 3412 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:19:29.0718 3412 WcsPlugInService - ok
18:19:29.0796 3412 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:19:29.0811 3412 Wd - ok
18:19:29.0999 3412 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:19:30.0014 3412 Wdf01000 - ok
18:19:30.0061 3412 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:19:30.0077 3412 WdiServiceHost - ok
18:19:30.0077 3412 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:19:30.0108 3412 WdiSystemHost - ok
18:19:30.0201 3412 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:19:30.0217 3412 WebClient - ok
18:19:30.0311 3412 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:19:30.0357 3412 Wecsvc - ok
18:19:30.0404 3412 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:19:30.0451 3412 wercplsupport - ok
18:19:30.0638 3412 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:19:30.0669 3412 WerSvc - ok
18:19:30.0825 3412 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:19:30.0872 3412 WfpLwf - ok
18:19:31.0153 3412 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:19:31.0169 3412 WimFltr - ok
18:19:31.0200 3412 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:19:31.0215 3412 WIMMount - ok
18:19:31.0278 3412 WinDefend - ok
18:19:31.0278 3412 WinHttpAutoProxySvc - ok
18:19:31.0855 3412 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:19:31.0886 3412 Winmgmt - ok
18:19:32.0417 3412 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:19:32.0479 3412 WinRM - ok
18:19:32.0775 3412 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:19:32.0791 3412 WinUsb - ok
18:19:33.0134 3412 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:19:33.0165 3412 Wlansvc - ok
18:19:34.0195 3412 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:19:34.0242 3412 wlidsvc - ok
18:19:34.0273 3412 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:19:34.0289 3412 WmiAcpi - ok
18:19:34.0351 3412 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:19:34.0367 3412 wmiApSrv - ok
18:19:34.0523 3412 WMPNetworkSvc - ok
18:19:34.0725 3412 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:19:34.0741 3412 WPCSvc - ok
18:19:34.0803 3412 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:19:34.0819 3412 WPDBusEnum - ok
18:19:34.0881 3412 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:19:34.0913 3412 ws2ifsl - ok
18:19:34.0975 3412 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:19:34.0991 3412 wscsvc - ok
18:19:34.0991 3412 WSearch - ok
18:19:35.0365 3412 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:19:35.0412 3412 wuauserv - ok
18:19:35.0459 3412 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:19:35.0474 3412 WudfPf - ok
18:19:35.0630 3412 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:35.0646 3412 WUDFRd - ok
18:19:35.0771 3412 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:19:35.0786 3412 wudfsvc - ok
18:19:35.0880 3412 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:19:35.0895 3412 WwanSvc - ok
18:19:36.0473 3412 X6va005 - ok
18:19:36.0831 3412 X6va006 - ok
18:19:36.0987 3412 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
18:19:37.0003 3412 xusb21 - ok
18:19:37.0518 3412 ================ Scan global ===============================
18:19:37.0596 3412 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:19:38.0001 3412 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:19:38.0064 3412 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:19:38.0126 3412 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:19:38.0345 3412 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:19:38.0345 3412 [Global] - ok
18:19:38.0345 3412 ================ Scan MBR ==================================
18:19:38.0376 3412 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:19:57.0447 3412 \Device\Harddisk0\DR0 - ok
18:19:57.0452 3412 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:19:57.0567 3412 \Device\Harddisk1\DR1 - ok
18:19:57.0567 3412 ================ Scan VBR ==================================
18:19:57.0581 3412 [ 839CAE3CD90682053A928951CD705E04 ] \Device\Harddisk0\DR0\Partition1
18:19:57.0582 3412 \Device\Harddisk0\DR0\Partition1 - ok
18:19:57.0609 3412 [ 6A4C240675737A1D5AA76703E7C4FE57 ] \Device\Harddisk0\DR0\Partition2
18:19:57.0611 3412 \Device\Harddisk0\DR0\Partition2 - ok
18:19:57.0615 3412 [ 44F901140B1D9535E4DE9E6B5D61D1CA ] \Device\Harddisk1\DR1\Partition1
18:19:57.0616 3412 \Device\Harddisk1\DR1\Partition1 - ok
18:19:57.0617 3412 ============================================================
18:19:57.0617 3412 Scan finished
18:19:57.0617 3412 ============================================================
18:19:57.0630 5108 Detected object count: 4
18:19:57.0630 5108 Actual detected object count: 4
18:20:28.0158 5108 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:20:28.0158 5108 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
18:20:28.0158 5108 Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:28.0158 5108 Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:28.0158 5108 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:28.0158 5108 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:28.0158 5108 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:28.0158 5108 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 10.01.2013, 18:22   #9
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 20:55   #10
marmeladelow
 
gvu trojaner - Standard

gvu trojaner



Code:
ATTFilter
ComboFix 13-01-08.01 - Sebastian 09.01.2013  20:38:54.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8191.6144 [GMT 1:00]
ausgeführt von:: c:\users\Sebastian\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
 ADS - Windows: deleted 24 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Sebastian\AppData\Local\._Revolution_
c:\users\Sebastian\AppData\Local\assembly\tmp
c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Recent\Call of Duty Black Ops II - Zombies.url
c:\windows\IsUn0407.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
Infizierte Kopie von c:\windows\SysWow64\user32.dll wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-09 bis 2013-01-09  ))))))))))))))))))))))))))))))
.
.
2013-01-09 19:45 . 2013-01-09 19:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-09 17:18 . 2013-01-09 17:18	--------	d-----w-	c:\users\Sebastian\AppData\Roaming\Malwarebytes
2013-01-09 17:18 . 2013-01-09 17:18	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-09 17:18 . 2013-01-09 17:18	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-09 17:18 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-09 17:18 . 2013-01-09 17:18	--------	d-----w-	c:\users\Sebastian\AppData\Local\Programs
2013-01-09 16:42 . 2013-01-09 16:51	--------	d-----w-	C:\_OTL
2013-01-07 10:25 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{29EC6CA7-66AA-4D9C-BE83-8FFA6AD5EB79}\mpengine.dll
2012-12-28 15:31 . 2012-12-28 15:31	--------	d-----w-	c:\program files (x86)\JoWood
2012-12-27 06:25 . 2012-12-27 06:25	--------	d-----w-	C:\found.005
2012-12-21 20:13 . 2012-12-21 19:59	--------	d-----w-	c:\program files (x86)\UltraISO
2012-12-21 10:30 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 10:30 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 10:30 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 10:30 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-14 19:02 . 2012-12-15 11:41	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-12-14 15:40 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-14 15:40 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-14 15:39 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-14 15:28 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-14 15:28 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 12:27 . 2010-09-16 20:08	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-01-08 12:27 . 2010-09-16 19:56	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-01-08 12:27 . 2010-09-16 19:56	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-12-14 16:31 . 2011-09-14 09:44	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-12-14 15:42 . 2010-10-31 22:51	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-08 21:29 . 2010-09-16 19:56	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-10-16 08:38 . 2012-11-28 17:44	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:44	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:44	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_678E52C622D3FEC81C940F43ECEEEB26"="c:\users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
.
c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 246224]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [2009-02-09 111104]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-09-14 16008]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 X6va005;X6va005;c:\users\SEBAST~1\AppData\Local\Temp\005B037.tmp [x]
R3 X6va006;X6va006;c:\users\SEBAST~1\AppData\Local\Temp\006DE8D.tmp [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-11 203776]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
R4 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
R4 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-10 136360]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-09-14 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-09-14 66328]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1627265003-3986830729-1591313232-1001Core.job
- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 11:07]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1627265003-3986830729-1591313232-1001UA.job
- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 11:07]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE: Free YouTube to MP3 Converter - c:\users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{22543460-A7FD-4930-905C-CD25A9BEA382}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{8B1B21F4-04A4-4483-BB04-CFDE8B4126B4}: NameServer = 193.189.244.225 193.189.244.206
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\SEBAST~1\AppData\Local\Temp\005B037.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\SEBAST~1\AppData\Local\Temp\006DE8D.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1627265003-3986830729-1591313232-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:20,d9,e1,4e,f1,0a,0f,66,fc,4f,26,9f,47,ee,26,ba,aa,67,2c,ea,00,63,4b,
   7e,bc,06,8b,ca,85,39,58,b6,6a,4b,f4,ed,ac,cf,a3,57,46,7b,34,9d,ac,01,96,a6,\
"??"=hex:2c,77,f1,a2,a0,29,f5,8d,3d,74,ee,56,0c,cf,c7,49
.
[HKEY_USERS\S-1-5-21-1627265003-3986830729-1591313232-1001\Software\SecuROM\License information*]
"datasecu"=hex:22,72,95,40,fe,bf,b7,a0,bb,9f,cb,ad,7e,d4,56,2f,56,3e,66,98,b8,
   22,5d,9e,36,e1,ad,cd,45,c8,2a,f0,e1,94,c1,75,54,dc,a0,a5,89,b3,ad,f8,28,70,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-09  20:52:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-09 19:52
.
Vor Suchlauf: 19 Verzeichnis(se), 564.388.413.440 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 564.238.286.848 Bytes frei
.
- - End Of File - - F78F9B78C0A8659C750C93806CEFA106
         

Alt 11.01.2013, 01:43   #11
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



Hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.01.2013, 12:05   #12
marmeladelow
 
gvu trojaner - Standard

gvu trojaner



Code:
ATTFilter
WinRAR		24.08.2010		notwendig
Windows Media Player Firefox Plugin	Microsoft Corp	28.04.2012	0,29MB	1.0.0.8 notwendig
Windows Live-Uploadtool	Microsoft Corporation	02.07.2010	0,22MB	14.0.8014.1029 notwendig
Windows Live Sync	Microsoft Corporation	02.07.2010	2,79MB	14.0.8089.726 notwendig
Windows Live ID Sign-in Assistant	Microsoft Corporation	08.07.2011	10,0MB	6.500.3165.0 notwendig
Windows Live Essentials	Microsoft Corporation	02.07.2010		14.0.8089.0726 notwendig
WildTangent-Spiele	WildTangent	02.07.2010		1.0.0.71 notwendig
VideoLAN VLC media player 0.8.6e	VideoLAN Team	09.12.2011		0.8.6e notwendig
Ubisoft Game Launcher	UBISOFT	07.06.2011		1.0.0.0 notwendig
The Elder Scrolls V: Skyrim	Bethesda Game Studios	01.01.2012		notwendig
TeamSpeak 3 Client	TeamSpeak Systems GmbH	02.08.2012		3.0.8.1 notwendig
Steam(TM)	Valve	06.08.2010	16,6MB	1.0.0.0 notwendig
Spec Ops: The Line	YAGER	22.09.2012		 notwendig
Skype™ 5.10	Skype Technologies S.A.	21.10.2012	19,4MB	5.10.116 notwendig
Six Updater	Six Projects	27.07.2012	38,7MB	2.09.7016 unnötig
Saints Row 2	Volition	02.12.2011		notwendig
RESIDENT EVIL 5	CAPCOM CO., LTD.	08.07.2011	6.939MB	1.0.0.129 notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	30.06.2011		6.0.1.5963 notwendig
QuickTime	Apple Inc.	13.01.2012	73,3MB	7.71.80.42 notwendig 
PunkBuster Services	Even Balance, Inc.	12.01.2012		0.991 notwendig
Portal	Valve	02.12.2011		notwendig
PlanetSide 2	Sony Online Entertainment	29.11.2012		unnötig
Pando Media Booster	Pando Networks Inc.	03.08.2012	5,47MB	2.6.0.8 unbekannt
Origin	Electronic Arts, Inc.	11.03.2012		8.5.0.4554 notwendig
NVIDIA PhysX	NVIDIA Corporation	12.10.2012	99,2MB	9.11.1111 unnötig
NCsoft Launcher	NCsoft	13.03.2012		1.5.19002 unöttig
NC Launcher (GameForge)	NCsoft	13.03.2012		unnötig
Mozilla Thunderbird 17.0 (x86 de)	Mozilla	14.12.2012	41,9MB	17.0 notwendig
Mozilla Maintenance Service	Mozilla	14.12.2012	0,32MB	17.0 notwendig
Mobile Partner	Huawei Technologies Co.,Ltd	14.08.2011		16.002.03.01.40 notwendig
Microsoft XNA Framework Redistributable 3.1	Microsoft Corporation	23.01.2011	7,55MB	3.1.10527.0 notwendig
Microsoft Xbox 360 Accessories 1.2	Microsoft	28.12.2011	7,82MB	1.20.146.0 notwendig
Microsoft WSE 3.0 Runtime	Microsoft Corp.	14.09.2010	0,92MB	3.0.5305.0 notwendig
Microsoft Works 6-9 Converter	Microsoft Corporation	04.09.2012	1,17MB	14.0.6120.5002 notwendig
Microsoft Works	Microsoft Corporation	10.10.2012	1.000MB	9.7.0621 notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	02.01.2012	15,0MB	10.0.40219 notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	15.04.2011	13,7MB	10.0.30319 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	0,59MB	9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	08.08.2010	0,58MB	9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	10.07.2010	0,58MB	9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	17.09.2011	0,23MB	9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	20.09.2010	1,42MB	9.0.21022 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	16.06.2011	0,77MB	9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	03.08.2010	0,77MB	9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	13.09.2011	0,25MB	9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	15.04.2011	0,58MB	9.0.30729.5570 notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	15.04.2011	0,77MB	9.0.30729.5570 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	11.07.2010	0,20MB	9.0.30729.4148 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	15.04.2011	0,57MB	8.0.51011 notwendig
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	22.12.2010	0,68MB	8.0.61000 notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	03.10.2012	2,38MB	8.0.59193 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	10.07.2010	0,25MB	8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	24.12.2010	0,25MB	8.0.50727.4053 notwendig
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	02.07.2010	1,45MB	1.0.1215.0 notwendig
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	02.07.2010	0,61MB	1.0.1215.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	02.07.2010	1,72MB	3.1.0000 notwendig
Microsoft Silverlight	Microsoft Corporation	15.05.2012	50,7MB	5.1.10411.0 notwendig
Microsoft Office Suite Activation Assistant	Microsoft Corporation	02.07.2010	8,37MB	2.9 notwendig
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	09.01.2013	121,1MB	12.0.6612.1000 notwendig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	28.06.2012	0,50MB	2.0.4024.1 notwendig
Microsoft Office Home and Student 2007	Microsoft Corporation	29.03.2012		12.0.6612.1000 notwendig
Microsoft Office File Validation Add-In	Microsoft Corporation	13.09.2011	7,95MB	14.0.5130.5003 notwendig
Microsoft Games for Windows Marketplace	Microsoft Corporation	08.07.2011	6,04MB	3.5.50.0 notwendig
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	25.11.2011	31,3MB	3.5.92.0 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	13.02.2011	2,94MB	4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	13.02.2011	38,8MB	4.0.30319 notwendig
Microsoft .NET Framework 1.1		11.02.2011		notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	08.01.2013	18,5MB	1.70.0.1100 notwendig
Logitech Gaming Software 8.01	Logitech Inc.	13.09.2011	28,7MB	8.01.120 notwendig
Left 4 Dead	Valve	25.11.2010		notwendig
Java(TM) 6 Update 24	Sun Microsystems, Inc.	02.07.2010	97,2MB	6.0.240 notwendig
Java(TM) 6 Update 20 (64-bit)	Sun Microsystems, Inc.	02.07.2010	90,6MB	6.0.200 notwendig
Intel® Matrix Storage Manager	Intel Corporation	02.07.2010	 notwendig	
ICQ7.6	ICQ	03.11.2011		7.6 notwendig
Hercules Webcam		29.01.2011		notwendig
Hercules Classic Silver	Hercules	02.01.2012		3.2.2.1 notwendig
Half-Life 2: Deathmatch	Valve	22.02.2011		notwendig
Guild Wars 2	NCsoft Corporation, Ltd.	14.09.2012		notwendig
Grand Theft Auto IV	Rockstar	19.10.2012		notwendig
Gothic 3	JoWood	27.12.2012	3.050MB	1.0.0 notwendig
Google Chrome	Google Inc.	10.02.2012		23.0.1271.97 notwendig
Free YouTube to MP3 Converter version 3.11.32.918	DVDVideoSoft Ltd.	20.09.2012	60,9MB	3.11.32.918 notwendig
Fraps (remove only)		02.01.2012		notwendig
Fallout 3	Bethesda Softworks	25.11.2011		1.00.0000 unnötig
Fable III	Microsoft Game Studios	31.08.2012		1.0.0000.131 notwendig
ESN Sonar	ESN Social Software AB	06.12.2012		0.70.4 notwendig
EAX4 Unified Redist	Creative Labs	20.05.2011	0,16MB	4.001 notwendig
DVD Shrink 3.2	DVD Shrink	07.08.2012		notwendig
Dragon Age: Origins	Electronic Arts, Inc.	27.08.2011		1.00 notwendig
Dishonored	Bethesda Softworks	12.10.2012		1.0 notwendig
Diablo III	Blizzard Entertainment	20.12.2012		1.0.6.13644 notwendig
Dell Support Center (Support Software)	Dell	02.07.2010		2.5.09100 unnötig
Dell Resource CD	Ihr Firmenname	12.09.2011	3,00MB	1.00.0000 unnötig
Dell Getting Started Guide	Dell Inc.	02.07.2010		1.00.0000 notwendig
Dell Dock	Stardock Corporation	03.07.2010		notwendig
Dell Dock		02.07.2010		notwendig
Dell DataSafe Online	Dell, Inc.	02.07.2010		1.2.0011 notwendig
Dell DataSafe Local Backup - Support Software	Dell	02.07.2010		2.41notwendig
Dell DataSafe Local Backup	Dell	02.07.2010		9.3.92 notwendig
DayZ Commander	Dotjosh Studios	13.10.2012	3,95MB	0.9.90 unnötig
Day of Defeat: Source	Valve	01.12.2010		unnötig
CPUID CPU-Z 1.62		06.12.2012	3,19MB	unnötig
Counter-Strike: Source	Valve	06.08.2010	3.844MB	1.0.0.0 notwendig
Counter-Strike: Source	Valve	08.12.2012		notwendig
Compatibility Pack für 2007 Office System	Microsoft Corporation	09.01.2013	216MB	12.0.6612.1000 notwendig
CCleaner	Piriform	13.09.2011		3.10 notwendig
Camtasia Studio 7	TechSmith Corporation	02.01.2012	219MB	7.0.1 unnötig
Call of Duty: Modern Warfare 3 - Multiplayer	Infinity Ward - Sledgehammer Games	01.01.2012		notwendig
Call of Duty: Modern Warfare 3 - Dedicated Server	Infinity Ward - Sledgehammer Games	01.01.2012		notwendig
Call of Duty: Modern Warfare 3	Infinity Ward - Sledgehammer Games	01.01.2012	notwendig	
Call of Duty: Black Ops II - Zombies		21.12.2012	unnötig	
Call of Duty: Black Ops II - Multiplayer		25.12.2012	 unnötig	
Call of Duty: Black Ops II		21.12.2012		unnötig
Call of Duty 4: Modern Warfare	Infinity Ward	06.01.2011	 unnötig	
Borderlands	Gearbox Software	12.10.2012		unnötig
BioShock	2K Games	09.06.2011		2.62.0000		unnötig
BattlEye for OA Uninstall		27.07.2012		unnötig
Battlelog Web Plugins	EA Digital Illusions CE AB	06.12.2012		2.1.2 notwendig
Battlefield: Bad Company™ 2	Electronic Arts	29.12.2011	5.869MB	1.0.0.0      	           notwendig	
Battlefield 3™	Electronic Arts	06.12.2012		1.0.0.0 			notwendig
Avira AntiVir Personal - Free Antivirus	Avira GmbH	28.10.2012	61,8MB	10.2.0.719  notwendig
AutoHotkey 1.1.02.03	AutoHotkey Community	25.08.2011		1.1.02.03		notwendig
ATI Stream SDK v2 Developer	ATI Technologies Inc.	11.02.2011	51,9MB	2.3.0.0         notwendig
ATI Catalyst Install Manager	ATI Technologies, Inc.	11.02.2011	22,4MB	3.0.808.0    notwendig
Assassin's Creed II	Ubisoft	07.06.2011		1.01				notwendig
ARMA 2	Bohemia Interactive	26.07.2012						unnötig
applicationupdater	Sony Online Entertainment	29.11.2012				notwendig	
Apple Software Update	Apple Inc.	19.09.2011	2,38MB	2.1.3.127
Apple Application Support	Apple Inc.	13.01.2012	61,2MB	2.1.5			unnötig
Akamai NetSession Interface Service		22.01.2012				unnötig	
AION Free-To-Play	Gameforge	13.03.2012	22,6MB	2.70.0000			unnötig
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	02.03.2011		11.5.9.620		notwendig
Adobe Reader 9.4.5 - Deutsch	Adobe Systems Incorporated	16.06.2011	164,9MB	9.4.5	notwendig
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	02.01.2012	6,00MB	11.1.102.55 notwendig
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	02.01.2012	6,00MB	11.1.102.55 notwendig
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	18.03.2011	6,00MB	10.2.152.32 notwendig
Adobe AIR	Adobe Systems Incorporated	31.08.2011		2.7.1.19610 notwendig
7-Zip 9.20 (x64 edition)	Igor Pavlov	05.05.2012	4,53MB	9.20.00.0    notwendig
         

Alt 13.01.2013, 17:51   #13
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



deinstaliere:
VideoLAN
aktuell:
VideoLAN - Official page for VLC media player, the Open Source video framework!
Six
PlanetSide
NCsoft
NC Launcher
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Fallout
DayZ
Day of
CPUID
Camtasia
Borderlands
BioShock
ARMA
Akamai
AION
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 10:47   #14
marmeladelow
 
gvu trojaner - Standard

gvu trojaner



bei adobe reader kann ich in den einstellungen updater/automatisch installieren nicht anwählen, da alle drei optionen grau hinterlegt sind

nach erneuter installation hat alles geklappt

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 14/01/2013 um 12:24:21 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Sebastian - SEBASTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sebastian\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\Sebastian\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Sebastian\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Sebastian\AppData\LocalLow\facemoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKU\S-1-5-21-1627265003-3986830729-1591313232-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKU\S-1-5-21-1627265003-3986830729-1591313232-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-1627265003-3986830729-1591313232-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-1627265003-3986830729-1591313232-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4887 octets] - [14/01/2013 12:24:21]

########## EOF - C:\AdwCleaner[R1].txt - [4947 octets] ##########
         

Alt 15.01.2013, 20:24   #15
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



hi
ok das mit den Updates können wir dann auch anders regeln.
fo

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

starte bitte neu, teste, wie der PC läuft + Programme wie Browser
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu gvu trojaner
antivir, betreten, bruder, compu, computer, gepostet, gvu trojaner, heute, kleiner, problembehandlung, schätze, seite, thema, troja, trojane, trojaner, trotz, unsicher, unterschiedlich, warnung, öfter




Zum Thema gvu trojaner - hallo trojanerboarder, seit mein kleiner bruder heute mittag an meinem pc war habe ich den gvu trojaner, ich schätze das er trotz warnung durch antivir eine unsicher seite betreten hat. - gvu trojaner...
Archiv
Du betrachtest: gvu trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.