Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.01.2013, 19:14   #1
MadInn
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hallo,

bin leider auch Opfer des GVU Trojaners geworden.
Habe daraufhin eine Systemwiederherstellung gemacht und nun läuft soweit eigentlich auch alles wieder, ich bin mir jedoch sehr unsicher ob evtl noch irgendwo Reste des Trojaners auf meinem PC schlummern. Falls ja würde ich die natürlich gerne entfernen.

Habe schon Scans mit Malwarebytes Anti Malware und OTL gemacht:

Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTINSPC [Administrator]

13.01.2013 14:41:09
mbam-log-2013-01-13 (14-41-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 583657
Laufzeit: 3 Stunde(n), 12 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Martin\AppData\Roaming\skype.dat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
OTL OTL.txt:
Code:
ATTFilter
OTL logfile created on: 13.01.2013 18:35:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 61,15% Memory free
7,84 Gb Paging File | 6,08 Gb Available in Paging File | 77,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,18 Gb Total Space | 75,85 Gb Free Space | 26,32% Space Free | Partition Type: NTFS
Drive G: | 100,00 Mb Total Space | 70,33 Mb Free Space | 70,33% Space Free | Partition Type: NTFS
 
Computer Name: MARTINSPC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\AirPrint\airprint.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files (x86)\lotus\notes\ntmulti.exe (IBM Corp)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AirPrint) -- C:\AirPrint\airprint.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (ipsecd) -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe ()
SRV - (dtpd) -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe ()
SRV - (iked) -- C:\Programme\ShrewSoft\VPN Client\iked.exe ()
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\RWTH OpenVPN Client\bin\openvpnserv.exe ()
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (Multi-user Cleanup Service) -- C:\Program Files (x86)\lotus\notes\ntmulti.exe (IBM Corp)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (TVICHW64) -- C:\Windows\SysNative\drivers\TVicHW64.sys (EnTech Taiwan)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ZMGHPAudioSrv) -- C:\Windows\SysNative\drivers\zmghpau.sys (ZOOM)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (SynasUSB) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 29 98 CB 27 B3 CB 01  [binary data]
IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\..\SearchScopes,DefaultScope = {FC21BC8F-18E2-460C-A718-69A1D468D67F}
IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\..\SearchScopes\{FC21BC8F-18E2-460C-A718-69A1D468D67F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/#inbox"
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2012.02.14
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
FF - prefs.js..network.proxy.ssl: "70.38.90.211"
FF - prefs.js..network.proxy.ssl_port: 1080
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2011.06.29 19:39:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.23 12:06:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.05.09 17:30:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 12:09:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 01:52:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.05 11:13:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 12:09:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 01:52:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.05 11:13:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.11.23 19:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2010.11.23 19:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.22 18:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\kylo@hcrest.com
[2012.10.23 10:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dwydhe2m.default\extensions
[2012.07.25 13:48:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dwydhe2m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.09.17 22:15:16 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dwydhe2m.default\extensions\ich@maltegoetz.de
[2012.12.18 14:55:38 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-1.xml
[2012.08.08 16:32:53 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-10.xml
[2012.09.07 19:52:46 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-11.xml
[2012.09.16 15:19:52 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-12.xml
[2012.10.23 08:57:57 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-13.xml
[2012.11.08 08:48:00 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-14.xml
[2012.01.01 20:55:54 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-2.xml
[2012.02.08 19:24:37 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-3.xml
[2012.03.24 11:07:00 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-4.xml
[2012.04.01 20:14:49 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-5.xml
[2012.04.18 16:36:04 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-6.xml
[2012.05.16 08:09:22 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-7.xml
[2012.07.10 07:37:24 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-8.xml
[2012.07.24 10:07:18 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-9.xml
[2011.11.11 19:50:58 | 000,001,056 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin.xml
[2012.10.30 12:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.30 12:08:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.23 12:06:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.05.09 17:30:18 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2012.10.30 12:09:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 08:08:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.8_0\
CHR - Extension: JAM mit Chrome = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bggjdpbfjakfkacljidachigalghbnpk\0.2_0\
CHR - Extension: Gmail offline = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Uno = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnlcclaocpblfckpfgmpdfndodkofpo\2.3.4_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000..\Run: [Akamai NetSession Interface] C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\OC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} hxxp://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live%20Demo/nvUnifiedControl.ocx (nvUnifiedControl Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45931A56-8EBF-4F6A-8FCF-5A5F6D70B8FE}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DCD71DF-0535-4651-8A97-1937535B4ED0}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51099237-9ACA-46C6-B201-A017EA5F074C}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1056F4E-80D1-4F9D-ABF5-5C304FC62BD4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F384CFFF-602A-4CF4-819F-FF28E3768200}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC3F9B12-31D3-4E16-B614-AD95E9F5C7A5}: DhcpNameServer = 193.189.244.206 193.189.244.225
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{20c0f615-d5d4-11df-91b7-0024bec4c5f7}\Shell - "" = AutoRun
O33 - MountPoints2\{20c0f615-d5d4-11df-91b7-0024bec4c5f7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2ae40e36-1e6f-11e2-a0aa-506313fecb7c}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae40e36-1e6f-11e2-a0aa-506313fecb7c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{2ae40e44-1e6f-11e2-a0aa-506313fecb7c}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae40e44-1e6f-11e2-a0aa-506313fecb7c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{9a633312-d54b-11df-8ac8-0024bec4c5f7}\Shell - "" = AutoRun
O33 - MountPoints2\{9a633312-d54b-11df-8ac8-0024bec4c5f7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9a633321-d54b-11df-8ac8-0024bec4c5f7}\Shell - "" = AutoRun
O33 - MountPoints2\{9a633321-d54b-11df-8ac8-0024bec4c5f7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9a633336-d54b-11df-8ac8-0024bec4c5f7}\Shell - "" = AutoRun
O33 - MountPoints2\{9a633336-d54b-11df-8ac8-0024bec4c5f7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.13 14:55:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.01.13 14:32:20 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2013.01.13 14:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.13 14:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.13 14:31:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.13 14:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.13 14:31:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Programs
[2013.01.13 10:10:59 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Martin\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.12 19:29:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.11 19:28:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Neue Songidee
[2013.01.09 14:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.09 14:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.09 14:30:34 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup326.exe
[2013.01.07 17:27:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Updater
[2013.01.07 17:19:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013.01.07 17:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2013.01.07 17:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Zugaben
[2013.01.07 17:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Technische Informationen
[2013.01.07 17:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Kundendienst
[2013.01.07 17:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hilfe
[2013.01.07 17:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe(R) Photoshop(R) CS2
[2013.01.07 17:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Solutions Network
[2013.01.07 17:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe DNG Converter
[2013.01.07 17:13:57 | 683,444,704 | ---- | C] (Adobe Systems Inc.                                          ) -- C:\Users\Martin\Desktop\ID_CS2_GR_NonRet.exe
[2013.01.07 17:12:59 | 375,232,764 | ---- | C] (Adobe Systems Inc.                                          ) -- C:\Users\Martin\Desktop\PS_CS2_Gr_NonRet.exe
[2013.01.06 11:19:32 | 000,000,000 | ---D | C] -- C:\Sonstiges (Ordner vom Desktop)
[2013.01.05 12:09:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Steganos
[2013.01.05 12:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Steganos
[2013.01.05 12:05:02 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Steganos
[2012.12.22 13:13:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 13:13:03 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 13:12:59 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 13:12:58 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.08.06 21:44:32 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC9C4.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.13 18:24:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3183987224-1095028075-2954487604-1000UA.job
[2013.01.13 18:19:13 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.13 18:19:13 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.13 18:19:13 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.13 18:19:13 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.13 18:19:13 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.13 18:19:12 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 18:19:12 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 18:12:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.13 18:11:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.13 18:11:22 | 3156,807,680 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.13 18:02:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.13 17:42:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.13 14:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.01.13 14:31:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.13 10:11:03 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Martin\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.09 19:42:12 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 19:42:12 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.09 14:44:36 | 000,208,200 | ---- | M] () -- C:\Users\Martin\Desktop\cc_20130109_144409.reg
[2013.01.09 14:30:34 | 004,178,040 | ---- | M] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup326.exe
[2013.01.08 08:01:28 | 000,483,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.07 17:20:02 | 000,001,385 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.01.07 17:16:13 | 683,444,704 | ---- | M] (Adobe Systems Inc.                                          ) -- C:\Users\Martin\Desktop\ID_CS2_GR_NonRet.exe
[2013.01.07 17:14:28 | 375,232,764 | ---- | M] (Adobe Systems Inc.                                          ) -- C:\Users\Martin\Desktop\PS_CS2_Gr_NonRet.exe
[2013.01.06 21:49:55 | 000,017,408 | ---- | M] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db
[2013.01.06 16:11:34 | 000,001,011 | ---- | M] () -- C:\Users\Martin\Desktop\Studiumsordner Master.lnk
[2013.01.05 12:28:41 | 000,250,880 | ---- | M] () -- C:\Users\Martin\Documents\Martin.stb
[2012.12.28 19:03:49 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3183987224-1095028075-2954487604-1000Core.job
[2012.12.22 16:16:34 | 000,001,012 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.13 14:31:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 14:44:15 | 000,208,200 | ---- | C] () -- C:\Users\Martin\Desktop\cc_20130109_144409.reg
[2013.01.07 17:23:39 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.01.07 17:20:02 | 000,001,385 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013.01.07 17:19:31 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2013.01.07 17:18:35 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013.01.07 17:18:35 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013.01.06 16:11:19 | 000,001,011 | ---- | C] () -- C:\Users\Martin\Desktop\Studiumsordner Master.lnk
[2013.01.05 12:10:30 | 000,250,880 | ---- | C] () -- C:\Users\Martin\Documents\Martin.stb
[2012.06.02 20:59:27 | 000,017,408 | ---- | C] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db
[2012.04.06 10:17:46 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012.03.25 16:55:46 | 000,001,654 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.03.19 19:59:19 | 000,001,465 | ---- | C] () -- C:\Users\Martin\.recently-used.xbel
[2012.01.02 15:37:32 | 000,000,214 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.12.03 23:00:23 | 000,000,032 | ---- | C] () -- C:\Users\Martin\.simfy
[2011.06.15 11:02:40 | 000,000,680 | RHS- | C] () -- C:\Users\Martin\ntuser.pol
[2010.12.09 10:50:14 | 000,005,632 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.29 14:08:16 | 000,007,597 | ---- | C] () -- C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
[2010.07.17 17:45:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2005.04.07 15:07:40 | 000,014,601 | ---- | C] () -- C:\Program Files\Installationsanleitung.html
[2005.04.04 17:56:36 | 000,003,580 | ---- | C] () -- C:\Program Files\Bitte zuerst lesen.html
[2005.03.24 15:28:56 | 000,383,996 | ---- | C] () -- C:\Program Files\Photoshop Neue Funktionen.pdf
[2005.02.25 14:37:00 | 000,157,035 | ---- | C] () -- C:\Program Files\LegalNotices.pdf
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
OTL Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 13.01.2013 18:35:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 61,15% Memory free
7,84 Gb Paging File | 6,08 Gb Available in Paging File | 77,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,18 Gb Total Space | 75,85 Gb Free Space | 26,32% Space Free | Partition Type: NTFS
Drive G: | 100,00 Mb Total Space | 70,33 Mb Free Space | 70,33% Space Free | Partition Type: NTFS
 
Computer Name: MARTINSPC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Sync with Dropbox] -- "C:\Program Files (x86)\Dropbox Folder Sync\Dropbox Folder Sync.exe" "%1" "sync" ()
Directory [UnSync with Dropbox] -- "C:\Program Files (x86)\Dropbox Folder Sync\Dropbox Folder Sync.exe" "%1" "unsync" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Sync with Dropbox] -- "C:\Program Files (x86)\Dropbox Folder Sync\Dropbox Folder Sync.exe" "%1" "sync" ()
Directory [UnSync with Dropbox] -- "C:\Program Files (x86)\Dropbox Folder Sync\Dropbox Folder Sync.exe" "%1" "unsync" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A8865-2E9C-4F3B-9E98-47AECB3624D9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{05B834D0-1BC1-4126-A954-B1898C96DC54}" = rport=139 | protocol=6 | dir=out | app=system | 
"{06643F01-96BB-4841-BC38-64EF4F1DCE22}" = rport=137 | protocol=17 | dir=out | app=system | 
"{33285391-B261-4E03-A764-338221D7C28B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{336D97D7-87B9-4445-8187-7D71D2DD4DAD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{33832219-9428-48BF-B323-BE68A7A87A72}" = lport=137 | protocol=17 | dir=in | app=system | 
"{35941AEC-5939-4A78-98E9-0B419213107C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{369A4679-3934-44CD-AF06-19B916016FAB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{39CCE483-8859-4B2B-8247-65E3E57E5180}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{4D1EA229-127C-4EAE-81FE-1FE8AE3F1332}" = lport=139 | protocol=6 | dir=in | app=system | 
"{59B3F198-AB6E-42D0-A2DE-314D9762ABA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{72FDD0E4-8E66-4D15-A88E-9C28530FFFCD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{75046C3F-41A1-40CC-9DC2-ABAFED33F3DC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7C6B8B4D-8DA4-4BAB-BB2B-94B1B3C75098}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8408BC85-54C0-4D73-95B3-F33EC5EA7A89}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8809A5B9-2FA4-490E-A550-AC5EA54FDA56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8CDF11FF-8797-4CBC-8846-40873D08EDBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{956E6DD1-36E6-4DA9-8222-59DECCA494B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{97659EB5-954B-4AEC-8433-92B63DA84839}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9C82CFFF-F848-4713-B509-C0671F41D5DD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D2757510-177B-4D44-B67A-8185D21897B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E8CA1116-5A73-440D-9CD2-1C7475B07FEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F2C1AC4C-5820-42A7-9428-9C76799C03FC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FC64F579-D6FC-4274-BDC0-BB2987025462}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FEBF3BB4-614C-4E81-B40E-189FA42E0FF8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0311A9E6-A93A-453A-83A9-CF47D6488A08}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{035CC1F6-F313-4D3B-B4B6-22A695A459B2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{070D7935-7FC0-4A64-8276-B7660085D8C3}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"{0A175C76-605B-45D9-BF16-2B592E8077B9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{0A825122-4B0D-4135-B8C4-A06EFE35C14E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E848F08-DEAA-4172-890C-1B6774D9605A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1702A3EF-8033-402F-9AFE-AE2775A17534}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1799EB9E-66A2-4656-9965-CB7309727A94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1DA72836-B65F-4DBC-83A2-2C67174F4DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"{224FCB1A-896C-4F4B-90FC-2193922E3413}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3185293F-AE13-41A2-A7C4-221A9AB38637}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{33BCE6E1-87CC-4031-AEDE-8999029499B1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{34FC5682-7856-49AD-A42C-1F9083D90A8B}" = protocol=6 | dir=out | app=system | 
"{42C5CA36-1789-4CF2-BB93-2DEFA39DD05E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4375B052-80B0-464A-9C63-EEA81F3F183C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{450F3E58-6F95-4033-A508-4A6AA7366572}" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\apps\2.0\2cr4lp55.64j\v0mh2e5e.cl9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{46269730-DAAC-4B93-BD4F-1EDC35E16AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{4A1C7230-AFD5-47F2-99B7-7992B7B3599B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4A32ED55-EBE5-47BB-AA32-EA1256AFDFE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4A4F7E28-EB22-443D-B68E-74F420DDD7BC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{4C2EAB61-C271-47AB-AEA4-48D506EACA71}" = protocol=17 | dir=in | app=c:\windows\syswow64\dlbtcoms.exe | 
"{4D9845B6-5C94-4209-B069-ED70597B5AC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5599911A-3815-47FB-95FE-A40CE7E02C8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{579EE610-774D-4B79-8212-ECC34B9351D7}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"{59FE587E-814A-4A29-A8E8-67B8FB926E58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{605D6637-1EC9-4B47-9456-212C4DFAE5D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6911A9CF-7056-4DD5-B5E7-51B87129D5E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{75241699-4299-4082-95BB-86264DDF1CA6}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7C4B4F0A-AE01-4982-9343-014CA24322ED}" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\akamai\netsession_win.exe | 
"{7C6C7B51-CEF2-4088-9C8D-A93742AFA1BE}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"{7F6F70B4-FB19-405D-BE03-A54945ED8B6F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{82D15CE2-6389-4F04-A73C-79DEC95052DA}" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\apps\2.0\2cr4lp55.64j\v0mh2e5e.cl9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{82F66A2E-D0DE-44E8-84E5-9447FAC503C1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{850352B8-F918-4363-95D2-0381731A1FC7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{853A11B8-5713-47C0-9FF1-CFD1C087FA4E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{87516F67-3D65-4CA8-8EB1-793C7CF9EBBC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{8B2086A3-4B45-41D2-BDCF-68FF2B2EAD8C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{8B4DB1AC-7A6F-4EBA-83EA-83DDE733EDED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{90B7F6EA-225D-4FBC-889A-F74F3755F587}" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\apps\2.0\2cr4lp55.64j\v0mh2e5e.cl9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{940791BE-BAD8-4E4A-A4D5-487D1E1C4570}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A23D1597-8215-49F1-8378-1BBE7EC2EEA5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B11C37AC-87F9-47F7-830A-3121059F9999}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{B1641F1B-6995-421A-B455-BD953E4DD6C2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B223BFDD-973E-49DD-AF17-B460EB3AA49C}" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\akamai\netsession_win.exe | 
"{B4B8C049-ADDA-4EDE-ADB9-B30482A185E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{B4CE667D-1E39-4F41-8D29-D2EBFABD6E1B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B508ABE3-93A1-41DB-81EA-E50816AB6EB5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B54A7C4E-6254-4F74-987B-AB684A46B429}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B9B120C7-16C7-438D-8D23-6B42D2C72CC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BCE22A4F-E666-4921-BA85-39F6F2A466B6}" = protocol=6 | dir=in | app=c:\windows\syswow64\dlbtcoms.exe | 
"{BD5FE832-6E62-42A8-87F0-D51D0D4B314B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{C564A6B0-532B-434C-9EC0-403A0A860192}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C792D291-ECF9-45FD-90C4-70DA6333B7B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C8473FD1-4DE3-47D5-A23D-8397377DC3EB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DBA5091B-A445-4C61-88A5-B4E1216EFC11}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{DF9E4A91-D941-4291-8D56-844F034F5620}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EBD601D1-D330-4C3A-807E-4681AB82435D}" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\apps\2.0\2cr4lp55.64j\v0mh2e5e.cl9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{F34FE6B8-A705-4B86-A683-EB56D5C49D00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F5272B99-50CF-4940-B16C-18ADE136308C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{FB010101-047B-4D41-AF44-CABE0F745257}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{1122BA26-0F96-436F-A2D6-22C601945B3D}C:\program files (x86)\virtualdj\virtualdj_home.exe" = protocol=6 | dir=in | app=c:\program files (x86)\virtualdj\virtualdj_home.exe | 
"TCP Query User{16FE2BBF-1C03-4BA2-8929-1758A334880A}C:\users\martin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{3B459A15-ADDA-4E0C-829F-22477DA9DC49}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{494586BA-CF9F-4397-91FD-776D0D29164B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{869A7A45-F9C4-43F0-9BD5-C9D00305F094}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{9C0DCA06-58F7-4EEF-BF8D-D4F9B6DF23C0}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{9E1A6829-D483-4873-B99D-489660DBDAF8}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{AB40A49C-4A85-4946-843E-ACAE7C2BCF02}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{BBF88F12-7047-453B-8617-5A683A0C8F40}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{DA4CE5B2-0407-4C4E-BCCE-183E43E71687}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{E2BCF841-2066-4E77-BCB1-A46D36A3CEDD}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{F41BC49E-5027-4D00-9384-611F25DC53B0}C:\users\martin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{07485489-66EB-44A1-86D1-113CB6A5A897}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{4C7C3D7D-4FDD-4613-BC42-BB2494ACD87E}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{54929F9A-1D9F-48EE-984F-6AFC512DE9C2}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"UDP Query User{59C4DA2E-4819-44FA-99FE-704497A0DEAA}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{61233511-9950-47F6-84FF-132126A2940D}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{AFF482CE-C687-463C-B826-613CD56D4D82}C:\users\martin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{B1490084-99CE-44AD-BFCF-DFC53D5C2ECD}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{B4B741BD-71A7-4180-9735-3DD485952B4D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{C1234638-D4B5-47CD-B6A9-0E91249EC3E6}C:\users\martin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{D86503B7-FEB5-4645-9E4F-A50225A38628}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{FBE88061-877E-47FB-B0E8-5006DEB69DC4}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{FDAD5F5C-D690-4773-9AD3-40E16A6E8D53}C:\program files (x86)\virtualdj\virtualdj_home.exe" = protocol=17 | dir=in | app=c:\program files (x86)\virtualdj\virtualdj_home.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}" = Canon MF4360-4390
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Sandboxie" = Sandboxie 3.66 (64-bit)
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D8D8094-9789-402E-BD28-337343F1DE6F}" = Samplitude Music Studio 17 Download-Version
"{40030378-9EB9-482A-AC10-195097CA624D}" = t@x 2009 Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A7970BE-2F8A-4004-ABE9-4CDB55A216E6}" = Lotus Notes 7.0
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCB8F6D-33FC-4E79-8616-7BE5DF32A955}" = BPM-Studio 4 Demo
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{C162E1F7-56C6-49DC-8DA6-216CF651A502}" = MAGIX Screenshare
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}" = PC Connectivity Solution
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.078
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1100000-0008-0000-0001-074957833700}" = ABBYY FineReader 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"Allway Sync_is1" = Allway Sync version 10.5.8
"Anki" = Anki
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DarkWave Studio" = DarkWave Studio 3.0.7
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX-Setup
"EES - Engineering Equation Solver" = EES - Engineering Equation Solver
"eLicenser Control" = eLicenser Control
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"GPL Ghostscript 9.05" = GPL Ghostscript
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Maker Hip Hop Edition 2 D" = MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX_{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"MAGIX_MSI_ms17dlx" = Samplitude Music Studio 17 Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Need for Speed High Stakes" = Need for Speed
"Opera 12.12.1707" = Opera 12.12
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"PDF Blender" = PDF Blender
"RWTH OpenVPN Client" = RWTH OpenVPN Client 2.1_rc19c
"Samplitude Music Studio 15 D" = Samplitude Music Studio 15 15.0.1.0 (D)
"ST5UNST #1" = Kaminfeuer Comprehensive Edition Free
"TMM10R_ec433b07-afd9-4112-b13f-c04b24e0211c" = TELL ME MORE
"TmNationsForever_is1" = TmNationsForever
"TrueCrypt" = TrueCrypt
"Update Service" = Sony Ericsson Update Service
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 2.0.2
"VST Bridge_is1" = VST Bridge 1.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XMind" = XMind
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.01.2013 12:31:19 | Computer Name = MartinsPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile  3.  Die im Manifest gefundene
 Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.  Verweis:
 Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".  Definition:
 Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 09.01.2013 14:17:04 | Computer Name = MartinsPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile  3.  Die im Manifest gefundene
 Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.  Verweis:
 Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".  Definition:
 Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 12.01.2013 08:29:02 | Computer Name = MartinsPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile  3.  Die im Manifest gefundene
 Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.  Verweis:
 Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".  Definition:
 Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 12.01.2013 10:20:26 | Computer Name = MartinsPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile  3.  Die im Manifest gefundene
 Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.  Verweis:
 Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".  Definition:
 Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 12.01.2013 15:06:08 | Computer Name = MartinsPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.01.2013 15:06:08 | Computer Name = MartinsPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1045
 
Error - 12.01.2013 15:06:08 | Computer Name = MartinsPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1045
 
Error - 12.01.2013 20:08:29 | Computer Name = MartinsPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b8479a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001db99
ID
 des fehlerhaften Prozesses: 0xca4  Startzeit der fehlerhaften Anwendung: 0x01cdf1220be5ba7b
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\kernel32.dll  Berichtskennung: 5bb56fe2-5d15-11e2-b4bd-0024bec4c5f7
 
Error - 12.01.2013 20:54:11 | Computer Name = MartinsPC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 13.01.2013 04:28:13 | Computer Name = MartinsPC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 13.01.2013 13:12:15 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
 (0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
 connection has been canceled during its initiation. 
 
Error - 13.01.2013 13:12:15 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
 (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target 
 
Error - 13.01.2013 13:12:15 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 13.01.2013 13:12:51 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
 1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391706
 (0xFE210026) Description: CERTIFICATE_ERROR_VERIFY_POLICY_FAILED:Certificate failed
 a policy check server name: vpn-unidsl.rwth-aachen.de
 
Error - 13.01.2013 13:12:53 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
 (0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
 connection has been canceled during its initiation. 
 
Error - 13.01.2013 13:12:53 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
 (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target 
 
Error - 13.01.2013 13:12:53 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 13.01.2013 13:16:39 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 13.01.2013 13:16:39 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 13.01.2013 13:16:39 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
[ System Events ]
Error - 12.01.2013 20:34:30 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.01.2013 20:34:30 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.01.2013 20:34:32 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  avkmgr  CSC  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  truecrypt  vflt
vwififlt
Wanarpv6
WfpLwf
 
Error - 12.01.2013 20:34:55 | Computer Name = MartinsPC | Source = DCOM | ID = 10005
Description = 
 
Error - 12.01.2013 20:54:11 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 13.01.2013 04:28:13 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 13.01.2013 13:13:33 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Peernetzwerkidentitäts-Manager erreicht.
 
Error - 13.01.2013 13:13:33 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Peernetzwerkidentitäts-Manager" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 13.01.2013 13:13:33 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peernetzwerkidentitäts-Manager"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1053
 
Error - 13.01.2013 13:13:33 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peer Name Resolution-Protokoll" ist vom Dienst "Peernetzwerkidentitäts-Manager"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1053
 
 
< End of report >
         
Vielen Dank schon mal für die Hilfe!

Alt 13.01.2013, 20:07   #2
markusg
/// Malware-holic
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hi
denjenigen, der solche schrottigen Tipps wie Systemwiederherstellung bei Malware zu nutzen ins netz stellt, müsste man verprügeln :d
bitte finger weg von der SWH bei Malware befall
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
__________________

__________________

Alt 13.01.2013, 20:19   #3
MadInn
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hey, danke für die schnelle Antwort. Habe den Ordner hochgeladen...

Weshalb sollte man denn keine Systemwiederherstellung bei Malwarebefall machen?
__________________

Alt 13.01.2013, 20:20   #4
markusg
/// Malware-holic
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



hi,
1. kann bei unvollständiger löschung das System evtl. nicht mehr starten.
2. funktionieren einige Programmenicht mehr ordnungsgemäß
3. erschwert das die analyse
s killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.01.2013, 20:32   #5
MadInn
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hier der log:

Code:
ATTFilter
20:26:03.0718 4868  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:26:03.0859 4868  ============================================================
20:26:03.0859 4868  Current date / time: 2013/01/13 20:26:03.0859
20:26:03.0859 4868  SystemInfo:
20:26:03.0859 4868  
20:26:03.0859 4868  OS Version: 6.1.7601 ServicePack: 1.0
20:26:03.0859 4868  Product type: Workstation
20:26:03.0859 4868  ComputerName: MARTINSPC
20:26:03.0874 4868  UserName: Martin
20:26:03.0874 4868  Windows directory: C:\Windows
20:26:03.0874 4868  System windows directory: C:\Windows
20:26:03.0874 4868  Running under WOW64
20:26:03.0874 4868  Processor architecture: Intel x64
20:26:03.0874 4868  Number of processors: 4
20:26:03.0874 4868  Page size: 0x1000
20:26:03.0874 4868  Boot type: Normal boot
20:26:03.0874 4868  ============================================================
20:26:04.0576 4868  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:26:04.0592 4868  ============================================================
20:26:04.0592 4868  \Device\Harddisk0\DR0:
20:26:04.0592 4868  MBR partitions:
20:26:04.0592 4868  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139F000, BlocksNum 0x32000
20:26:04.0592 4868  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D1000, BlocksNum 0x2405D2B0
20:26:04.0592 4868  ============================================================
20:26:04.0670 4868  C: <-> \Device\Harddisk0\DR0\Partition2
20:26:04.0748 4868  G: <-> \Device\Harddisk0\DR0\Partition1
20:26:04.0748 4868  ============================================================
20:26:04.0748 4868  Initialize success
20:26:04.0748 4868  ============================================================
20:26:41.0314 3308  ============================================================
20:26:41.0314 3308  Scan started
20:26:41.0314 3308  Mode: Manual; SigCheck; TDLFS; 
20:26:41.0314 3308  ============================================================
20:26:41.0829 3308  ================ Scan system memory ========================
20:26:41.0829 3308  System memory - ok
20:26:41.0829 3308  ================ Scan services =============================
20:26:42.0079 3308  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:26:42.0204 3308  1394ohci - ok
20:26:42.0422 3308  [ 656F06850D02BAED19F0E2E72B047CE2 ] ABBYY.Licensing.FineReader.Professional.11.0 C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
20:26:42.0469 3308  ABBYY.Licensing.FineReader.Professional.11.0 - ok
20:26:42.0547 3308  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:26:42.0578 3308  ACPI - ok
20:26:42.0640 3308  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:26:42.0734 3308  AcpiPmi - ok
20:26:42.0812 3308  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
20:26:42.0874 3308  acsock - ok
20:26:42.0999 3308  [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:26:43.0030 3308  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
20:26:43.0030 3308  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
20:26:43.0202 3308  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:26:43.0233 3308  AdobeFlashPlayerUpdateSvc - ok
20:26:43.0296 3308  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:26:43.0327 3308  adp94xx - ok
20:26:43.0358 3308  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:26:43.0374 3308  adpahci - ok
20:26:43.0405 3308  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:26:43.0420 3308  adpu320 - ok
20:26:43.0436 3308  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:26:43.0514 3308  AeLookupSvc - ok
20:26:43.0576 3308  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:26:43.0670 3308  AFD - ok
20:26:43.0732 3308  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:26:43.0748 3308  agp440 - ok
20:26:43.0826 3308  AirPrint - ok
20:26:44.0091 3308  [ B9B98E08EC127900025F42462D3D0A66 ] Akamai          C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll
20:26:44.0310 3308  Akamai - ok
20:26:44.0356 3308  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:26:44.0434 3308  ALG - ok
20:26:44.0512 3308  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:26:44.0544 3308  aliide - ok
20:26:44.0559 3308  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:26:44.0575 3308  amdide - ok
20:26:44.0637 3308  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:26:44.0700 3308  AmdK8 - ok
20:26:44.0731 3308  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:26:44.0762 3308  AmdPPM - ok
20:26:44.0824 3308  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:26:44.0856 3308  amdsata - ok
20:26:44.0887 3308  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:26:44.0902 3308  amdsbs - ok
20:26:44.0918 3308  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:26:44.0934 3308  amdxata - ok
20:26:45.0012 3308  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:26:45.0043 3308  AntiVirSchedulerService - ok
20:26:45.0074 3308  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:26:45.0090 3308  AntiVirService - ok
20:26:45.0168 3308  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:26:45.0246 3308  AppID - ok
20:26:45.0292 3308  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:26:45.0355 3308  AppIDSvc - ok
20:26:45.0402 3308  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:26:45.0480 3308  Appinfo - ok
20:26:45.0589 3308  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:26:45.0604 3308  Apple Mobile Device - ok
20:26:45.0651 3308  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:26:45.0729 3308  AppMgmt - ok
20:26:45.0776 3308  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:26:45.0792 3308  arc - ok
20:26:45.0807 3308  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:26:45.0823 3308  arcsas - ok
20:26:45.0870 3308  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:26:45.0948 3308  AsyncMac - ok
20:26:46.0010 3308  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:26:46.0026 3308  atapi - ok
20:26:46.0104 3308  [ DACE94C8AB40EFCD819C023F51C60C2E ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:26:46.0213 3308  athr - ok
20:26:46.0291 3308  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:26:46.0400 3308  AudioEndpointBuilder - ok
20:26:46.0416 3308  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:26:46.0462 3308  AudioSrv - ok
20:26:46.0525 3308  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:26:46.0556 3308  avgntflt - ok
20:26:46.0572 3308  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:26:46.0587 3308  avipbb - ok
20:26:46.0603 3308  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:26:46.0618 3308  avkmgr - ok
20:26:46.0712 3308  [ BD39D7CFD9D6A73396B618113A8E8D57 ] avmaudio        C:\Windows\system32\DRIVERS\avmaudio.sys
20:26:46.0774 3308  avmaudio - ok
20:26:46.0837 3308  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:26:46.0977 3308  AxInstSV - ok
20:26:47.0024 3308  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:26:47.0071 3308  b06bdrv - ok
20:26:47.0118 3308  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:26:47.0180 3308  b57nd60a - ok
20:26:47.0242 3308  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:26:47.0305 3308  BDESVC - ok
20:26:47.0336 3308  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:26:47.0414 3308  Beep - ok
20:26:47.0523 3308  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:26:47.0632 3308  BFE - ok
20:26:47.0695 3308  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:26:47.0788 3308  BITS - ok
20:26:47.0835 3308  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:26:47.0882 3308  blbdrive - ok
20:26:47.0991 3308  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:26:48.0007 3308  Bonjour Service - ok
20:26:48.0085 3308  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:26:48.0147 3308  bowser - ok
20:26:48.0194 3308  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:26:48.0288 3308  BrFiltLo - ok
20:26:48.0319 3308  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:26:48.0366 3308  BrFiltUp - ok
20:26:48.0428 3308  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:26:48.0490 3308  Browser - ok
20:26:48.0537 3308  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:26:48.0568 3308  Brserid - ok
20:26:48.0584 3308  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:26:48.0646 3308  BrSerWdm - ok
20:26:48.0662 3308  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:26:48.0724 3308  BrUsbMdm - ok
20:26:48.0787 3308  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:26:48.0834 3308  BrUsbSer - ok
20:26:48.0896 3308  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:26:48.0990 3308  BthEnum - ok
20:26:49.0036 3308  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:26:49.0099 3308  BTHMODEM - ok
20:26:49.0146 3308  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:26:49.0192 3308  BthPan - ok
20:26:49.0270 3308  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
20:26:49.0348 3308  BTHPORT - ok
20:26:49.0411 3308  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:26:49.0489 3308  bthserv - ok
20:26:49.0551 3308  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
20:26:49.0582 3308  BTHUSB - ok
20:26:49.0629 3308  [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
20:26:49.0645 3308  btusbflt - ok
20:26:49.0723 3308  [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
20:26:49.0738 3308  btwaudio - ok
20:26:49.0785 3308  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
20:26:49.0816 3308  btwavdt - ok
20:26:49.0910 3308  [ 31DA517946FFE416442E864592548F8A ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:26:49.0941 3308  btwdins - ok
20:26:50.0004 3308  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
20:26:50.0004 3308  btwl2cap - ok
20:26:50.0050 3308  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
20:26:50.0066 3308  btwrchid - ok
20:26:50.0082 3308  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:26:50.0160 3308  cdfs - ok
20:26:50.0222 3308  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:26:50.0269 3308  cdrom - ok
20:26:50.0331 3308  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:26:50.0409 3308  CertPropSvc - ok
20:26:50.0456 3308  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:26:50.0503 3308  circlass - ok
20:26:50.0550 3308  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:26:50.0565 3308  CLFS - ok
20:26:50.0643 3308  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:50.0674 3308  clr_optimization_v2.0.50727_32 - ok
20:26:50.0737 3308  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:26:50.0752 3308  clr_optimization_v2.0.50727_64 - ok
20:26:50.0893 3308  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:50.0924 3308  clr_optimization_v4.0.30319_32 - ok
20:26:50.0986 3308  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:26:51.0002 3308  clr_optimization_v4.0.30319_64 - ok
20:26:51.0064 3308  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:26:51.0111 3308  CmBatt - ok
20:26:51.0158 3308  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:26:51.0174 3308  cmdide - ok
20:26:51.0252 3308  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:26:51.0298 3308  CNG - ok
20:26:51.0314 3308  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:26:51.0330 3308  Compbatt - ok
20:26:51.0392 3308  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:26:51.0454 3308  CompositeBus - ok
20:26:51.0470 3308  COMSysApp - ok
20:26:51.0501 3308  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:26:51.0517 3308  crcdisk - ok
20:26:51.0579 3308  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:26:51.0657 3308  CryptSvc - ok
20:26:51.0720 3308  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
20:26:51.0813 3308  CSC - ok
20:26:51.0876 3308  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
20:26:51.0922 3308  CscService - ok
20:26:52.0000 3308  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:26:52.0063 3308  DcomLaunch - ok
20:26:52.0188 3308  [ CC8B5C964B777F4EC3E89F13B4B5FF0F ] DCService.exe   C:\ProgramData\DatacardService\DCService.exe
20:26:52.0234 3308  DCService.exe ( UnsignedFile.Multi.Generic ) - warning
20:26:52.0234 3308  DCService.exe - detected UnsignedFile.Multi.Generic (1)
20:26:52.0266 3308  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:26:52.0359 3308  defragsvc - ok
20:26:52.0422 3308  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:26:52.0500 3308  DfsC - ok
20:26:52.0562 3308  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:26:52.0624 3308  Dhcp - ok
20:26:52.0671 3308  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:26:52.0734 3308  discache - ok
20:26:52.0796 3308  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:26:52.0812 3308  Disk - ok
20:26:52.0858 3308  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:26:52.0936 3308  Dnscache - ok
20:26:52.0999 3308  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:26:53.0092 3308  dot3svc - ok
20:26:53.0124 3308  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:26:53.0217 3308  DPS - ok
20:26:53.0265 3308  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:26:53.0281 3308  drmkaud - ok
20:26:53.0343 3308  dtpd - ok
20:26:53.0421 3308  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:26:53.0468 3308  DXGKrnl - ok
20:26:53.0530 3308  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:26:53.0593 3308  EapHost - ok
20:26:53.0717 3308  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:26:53.0842 3308  ebdrv - ok
20:26:53.0889 3308  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:26:53.0967 3308  EFS - ok
20:26:54.0014 3308  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:26:54.0123 3308  ehRecvr - ok
20:26:54.0154 3308  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:26:54.0217 3308  ehSched - ok
20:26:54.0279 3308  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:26:54.0326 3308  elxstor - ok
20:26:54.0341 3308  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:26:54.0388 3308  ErrDev - ok
20:26:54.0451 3308  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:26:54.0560 3308  EventSystem - ok
20:26:54.0622 3308  [ 23B79B19F49A037EBA4A9A3BB03ED91D ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
20:26:54.0669 3308  ewusbnet - ok
20:26:54.0716 3308  [ E2CBB821C7CAE0EF8B56DE28ED85C740 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
20:26:54.0763 3308  ew_hwusbdev - ok
20:26:54.0825 3308  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:26:54.0903 3308  exfat - ok
20:26:55.0059 3308  Fabs - ok
20:26:55.0075 3308  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:26:55.0168 3308  fastfat - ok
20:26:55.0231 3308  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:26:55.0324 3308  Fax - ok
20:26:55.0355 3308  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:26:55.0371 3308  fdc - ok
20:26:55.0433 3308  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:26:55.0511 3308  fdPHost - ok
20:26:55.0543 3308  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:26:55.0605 3308  FDResPub - ok
20:26:55.0636 3308  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:26:55.0652 3308  FileInfo - ok
20:26:55.0652 3308  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:26:55.0730 3308  Filetrace - ok
20:26:55.0870 3308  [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
20:26:55.0964 3308  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
20:26:55.0964 3308  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
20:26:55.0995 3308  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:26:56.0042 3308  flpydisk - ok
20:26:56.0104 3308  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:26:56.0135 3308  FltMgr - ok
20:26:56.0213 3308  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:26:56.0291 3308  FontCache - ok
20:26:56.0401 3308  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:26:56.0416 3308  FontCache3.0.0.0 - ok
20:26:56.0447 3308  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:26:56.0463 3308  FsDepends - ok
20:26:56.0510 3308  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:26:56.0525 3308  Fs_Rec - ok
20:26:56.0588 3308  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:26:56.0619 3308  fvevol - ok
20:26:56.0666 3308  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:26:56.0681 3308  gagp30kx - ok
20:26:56.0759 3308  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:26:56.0791 3308  GEARAspiWDM - ok
20:26:56.0869 3308  [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
20:26:56.0884 3308  ggflt - ok
20:26:56.0900 3308  [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
20:26:56.0915 3308  ggsemc - ok
20:26:56.0993 3308  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:26:57.0087 3308  gpsvc - ok
20:26:57.0243 3308  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:26:57.0274 3308  gupdate - ok
20:26:57.0305 3308  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:26:57.0337 3308  gupdatem - ok
20:26:57.0368 3308  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:26:57.0430 3308  hcw85cir - ok
20:26:57.0493 3308  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:26:57.0539 3308  HdAudAddService - ok
20:26:57.0571 3308  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:26:57.0633 3308  HDAudBus - ok
20:26:57.0664 3308  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:26:57.0695 3308  HidBatt - ok
20:26:57.0727 3308  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:26:57.0789 3308  HidBth - ok
20:26:57.0805 3308  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:26:57.0867 3308  HidIr - ok
20:26:57.0898 3308  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:26:57.0976 3308  hidserv - ok
20:26:58.0039 3308  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:26:58.0054 3308  HidUsb - ok
20:26:58.0132 3308  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:26:58.0226 3308  hkmsvc - ok
20:26:58.0273 3308  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:26:58.0335 3308  HomeGroupListener - ok
20:26:58.0397 3308  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:26:58.0460 3308  HomeGroupProvider - ok
20:26:58.0522 3308  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:26:58.0538 3308  HpSAMD - ok
20:26:58.0600 3308  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:26:58.0709 3308  HTTP - ok
20:26:58.0772 3308  [ 08B1A06A55F068A17A51BA26618CF50F ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
20:26:58.0803 3308  huawei_enumerator - ok
20:26:58.0834 3308  [ 6E5CD3984742A922D0C183C7E82C3C94 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:26:58.0928 3308  hwdatacard - ok
20:26:58.0990 3308  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:26:59.0021 3308  hwpolicy - ok
20:26:59.0084 3308  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:26:59.0115 3308  i8042prt - ok
20:26:59.0146 3308  [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:26:59.0177 3308  IAANTMON - ok
20:26:59.0209 3308  [ BE7D72FCF442C26975942007E0831241 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:26:59.0224 3308  iaStor - ok
20:26:59.0271 3308  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:26:59.0287 3308  iaStorV - ok
20:26:59.0380 3308  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:26:59.0411 3308  idsvc - ok
20:26:59.0458 3308  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:26:59.0474 3308  iirsp - ok
20:26:59.0474 3308  iked - ok
20:26:59.0521 3308  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:26:59.0630 3308  IKEEXT - ok
20:26:59.0739 3308  [ 59B0BBA422F04467E8C89B7CE6AE95E1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:26:59.0817 3308  IntcAzAudAddService - ok
20:26:59.0864 3308  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:26:59.0895 3308  intelide - ok
20:26:59.0942 3308  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:26:59.0989 3308  intelppm - ok
20:27:00.0035 3308  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:27:00.0113 3308  IPBusEnum - ok
20:27:00.0160 3308  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:27:00.0207 3308  IpFilterDriver - ok
20:27:00.0254 3308  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:27:00.0347 3308  iphlpsvc - ok
20:27:00.0394 3308  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:27:00.0457 3308  IPMIDRV - ok
20:27:00.0488 3308  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:27:00.0566 3308  IPNAT - ok
20:27:00.0675 3308  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:27:00.0706 3308  iPod Service - ok
20:27:00.0753 3308  ipsecd - ok
20:27:00.0784 3308  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:27:00.0893 3308  IRENUM - ok
20:27:00.0940 3308  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:27:00.0971 3308  isapnp - ok
20:27:01.0018 3308  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:27:01.0034 3308  iScsiPrt - ok
20:27:01.0065 3308  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:27:01.0081 3308  kbdclass - ok
20:27:01.0127 3308  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:27:01.0159 3308  kbdhid - ok
20:27:01.0205 3308  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:27:01.0221 3308  KeyIso - ok
20:27:01.0268 3308  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:27:01.0299 3308  KSecDD - ok
20:27:01.0315 3308  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:27:01.0330 3308  KSecPkg - ok
20:27:01.0377 3308  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:27:01.0471 3308  ksthunk - ok
20:27:01.0533 3308  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:27:01.0611 3308  KtmRm - ok
20:27:01.0689 3308  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:27:01.0783 3308  LanmanServer - ok
20:27:01.0829 3308  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:27:01.0892 3308  LanmanWorkstation - ok
20:27:01.0970 3308  [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
20:27:01.0985 3308  LBTServ - ok
20:27:02.0048 3308  [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:27:02.0079 3308  LHidFilt - ok
20:27:02.0141 3308  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:27:02.0219 3308  lltdio - ok
20:27:02.0266 3308  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:27:02.0329 3308  lltdsvc - ok
20:27:02.0344 3308  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:27:02.0438 3308  lmhosts - ok
20:27:02.0485 3308  [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:27:02.0485 3308  LMouFilt - ok
20:27:02.0531 3308  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:27:02.0563 3308  LSI_FC - ok
20:27:02.0594 3308  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:27:02.0609 3308  LSI_SAS - ok
20:27:02.0625 3308  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:27:02.0641 3308  LSI_SAS2 - ok
20:27:02.0672 3308  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:27:02.0687 3308  LSI_SCSI - ok
20:27:02.0734 3308  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:27:02.0828 3308  luafv - ok
20:27:02.0875 3308  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:27:02.0921 3308  Mcx2Svc - ok
20:27:02.0953 3308  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:27:02.0984 3308  megasas - ok
20:27:02.0999 3308  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:27:03.0031 3308  MegaSR - ok
20:27:03.0077 3308  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:27:03.0171 3308  MMCSS - ok
20:27:03.0187 3308  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:27:03.0280 3308  Modem - ok
20:27:03.0327 3308  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:27:03.0358 3308  monitor - ok
20:27:03.0436 3308  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:27:03.0452 3308  mouclass - ok
20:27:03.0545 3308  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:27:03.0561 3308  mouhid - ok
20:27:03.0623 3308  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:27:03.0639 3308  mountmgr - ok
20:27:03.0764 3308  [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:27:03.0795 3308  MozillaMaintenance - ok
20:27:03.0842 3308  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:27:03.0873 3308  mpio - ok
20:27:03.0904 3308  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:27:03.0951 3308  mpsdrv - ok
20:27:04.0013 3308  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:27:04.0091 3308  MpsSvc - ok
20:27:04.0138 3308  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:27:04.0201 3308  MRxDAV - ok
20:27:04.0232 3308  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:27:04.0310 3308  mrxsmb - ok
20:27:04.0357 3308  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:27:04.0403 3308  mrxsmb10 - ok
20:27:04.0435 3308  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:27:04.0481 3308  mrxsmb20 - ok
20:27:04.0513 3308  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:27:04.0528 3308  msahci - ok
20:27:04.0559 3308  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:27:04.0575 3308  msdsm - ok
20:27:04.0591 3308  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:27:04.0606 3308  MSDTC - ok
20:27:04.0669 3308  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:27:04.0715 3308  Msfs - ok
20:27:04.0747 3308  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:27:04.0825 3308  mshidkmdf - ok
20:27:04.0871 3308  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:27:04.0903 3308  msisadrv - ok
20:27:04.0934 3308  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:27:04.0996 3308  MSiSCSI - ok
20:27:04.0996 3308  msiserver - ok
20:27:05.0043 3308  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:27:05.0121 3308  MSKSSRV - ok
20:27:05.0152 3308  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:27:05.0215 3308  MSPCLOCK - ok
20:27:05.0246 3308  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:27:05.0339 3308  MSPQM - ok
20:27:05.0386 3308  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:27:05.0417 3308  MsRPC - ok
20:27:05.0464 3308  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:27:05.0495 3308  mssmbios - ok
20:27:05.0542 3308  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:27:05.0620 3308  MSTEE - ok
20:27:05.0651 3308  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:27:05.0698 3308  MTConfig - ok
20:27:05.0823 3308  [ 62FEB5A75311DA565F4EB26881A4B520 ] Multi-user Cleanup Service C:\Program Files (x86)\lotus\notes\ntmulti.exe
20:27:05.0854 3308  Multi-user Cleanup Service ( UnsignedFile.Multi.Generic ) - warning
20:27:05.0854 3308  Multi-user Cleanup Service - detected UnsignedFile.Multi.Generic (1)
20:27:05.0885 3308  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:27:05.0901 3308  Mup - ok
20:27:05.0963 3308  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:27:06.0057 3308  napagent - ok
20:27:06.0119 3308  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:27:06.0197 3308  NativeWifiP - ok
20:27:06.0244 3308  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:27:06.0291 3308  NDIS - ok
20:27:06.0338 3308  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:27:06.0416 3308  NdisCap - ok
20:27:06.0463 3308  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:27:06.0525 3308  NdisTapi - ok
20:27:06.0572 3308  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:27:06.0665 3308  Ndisuio - ok
20:27:06.0697 3308  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:27:06.0759 3308  NdisWan - ok
20:27:06.0821 3308  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:27:06.0899 3308  NDProxy - ok
20:27:06.0993 3308  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
20:27:07.0040 3308  Netaapl - ok
20:27:07.0071 3308  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:27:07.0165 3308  NetBIOS - ok
20:27:07.0211 3308  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:27:07.0305 3308  NetBT - ok
20:27:07.0352 3308  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:27:07.0367 3308  Netlogon - ok
20:27:07.0430 3308  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:27:07.0523 3308  Netman - ok
20:27:07.0555 3308  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:27:07.0648 3308  netprofm - ok
20:27:07.0695 3308  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:27:07.0726 3308  NetTcpPortSharing - ok
20:27:07.0773 3308  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:27:07.0804 3308  nfrd960 - ok
20:27:07.0867 3308  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:27:07.0929 3308  NlaSvc - ok
20:27:07.0945 3308  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:27:08.0007 3308  Npfs - ok
20:27:08.0023 3308  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:27:08.0101 3308  nsi - ok
20:27:08.0132 3308  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:27:08.0225 3308  nsiproxy - ok
20:27:08.0288 3308  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:27:08.0350 3308  Ntfs - ok
20:27:08.0381 3308  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:27:08.0459 3308  Null - ok
20:27:08.0522 3308  [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:27:08.0537 3308  NVHDA - ok
20:27:08.0834 3308  [ 9D1B69708732B57D1DBC0F648692A04B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:27:09.0239 3308  nvlddmkm - ok
20:27:09.0333 3308  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:27:09.0364 3308  nvraid - ok
20:27:09.0380 3308  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:27:09.0395 3308  nvstor - ok
20:27:09.0458 3308  [ 95D57F391BF4E81A5A9348B57A509E31 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:27:09.0489 3308  nvsvc - ok
20:27:09.0567 3308  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:27:09.0598 3308  nv_agp - ok
20:27:09.0661 3308  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:27:09.0707 3308  ohci1394 - ok
20:27:09.0848 3308  [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
20:27:09.0879 3308  OMSI download service ( UnsignedFile.Multi.Generic ) - warning
20:27:09.0879 3308  OMSI download service - detected UnsignedFile.Multi.Generic (1)
20:27:09.0957 3308  [ 2D88DB1B1B91711E3AE0368933CECD9C ] OpenVPNService  C:\Program Files (x86)\RWTH OpenVPN Client\bin\openvpnserv.exe
20:27:09.0988 3308  OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
20:27:09.0988 3308  OpenVPNService - detected UnsignedFile.Multi.Generic (1)
20:27:10.0113 3308  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:27:10.0129 3308  ose64 - ok
20:27:10.0363 3308  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:27:10.0565 3308  osppsvc - ok
20:27:10.0612 3308  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:27:10.0690 3308  p2pimsvc - ok
20:27:10.0721 3308  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:27:10.0753 3308  p2psvc - ok
20:27:10.0784 3308  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:27:10.0799 3308  Parport - ok
20:27:10.0846 3308  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:27:10.0877 3308  partmgr - ok
20:27:10.0909 3308  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:27:10.0955 3308  PcaSvc - ok
20:27:11.0033 3308  [ 81B5E63131090879AD6EF9F32109B88D ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:27:11.0096 3308  pccsmcfd - ok
20:27:11.0143 3308  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:27:11.0174 3308  pci - ok
20:27:11.0189 3308  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:27:11.0205 3308  pciide - ok
20:27:11.0236 3308  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:27:11.0252 3308  pcmcia - ok
20:27:11.0283 3308  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:27:11.0283 3308  pcw - ok
20:27:11.0314 3308  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:27:11.0392 3308  PEAUTH - ok
20:27:11.0455 3308  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:27:11.0564 3308  PeerDistSvc - ok
20:27:11.0673 3308  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:27:11.0735 3308  PerfHost - ok
20:27:11.0813 3308  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:27:11.0938 3308  pla - ok
20:27:11.0985 3308  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:27:12.0016 3308  PlugPlay - ok
20:27:12.0047 3308  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:27:12.0094 3308  PNRPAutoReg - ok
20:27:12.0141 3308  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:27:12.0172 3308  PNRPsvc - ok
20:27:12.0235 3308  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:27:12.0328 3308  PolicyAgent - ok
20:27:12.0375 3308  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:27:12.0484 3308  Power - ok
20:27:12.0515 3308  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:27:12.0593 3308  PptpMiniport - ok
20:27:12.0609 3308  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:27:12.0656 3308  Processor - ok
20:27:12.0703 3308  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:27:12.0749 3308  ProfSvc - ok
20:27:12.0765 3308  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:27:12.0796 3308  ProtectedStorage - ok
20:27:12.0859 3308  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:27:12.0952 3308  Psched - ok
20:27:13.0015 3308  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:27:13.0077 3308  ql2300 - ok
20:27:13.0124 3308  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:27:13.0139 3308  ql40xx - ok
20:27:13.0186 3308  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:27:13.0249 3308  QWAVE - ok
20:27:13.0280 3308  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:27:13.0311 3308  QWAVEdrv - ok
20:27:13.0436 3308  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
20:27:13.0483 3308  RapiMgr - ok
20:27:13.0499 3308  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:27:13.0562 3308  RasAcd - ok
20:27:13.0608 3308  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:27:13.0655 3308  RasAgileVpn - ok
20:27:13.0718 3308  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:27:13.0780 3308  RasAuto - ok
20:27:13.0827 3308  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:27:13.0920 3308  Rasl2tp - ok
20:27:13.0998 3308  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:27:14.0092 3308  RasMan - ok
20:27:14.0123 3308  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:27:14.0170 3308  RasPppoe - ok
20:27:14.0186 3308  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:27:14.0248 3308  RasSstp - ok
20:27:14.0310 3308  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:27:14.0388 3308  rdbss - ok
20:27:14.0420 3308  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:27:14.0466 3308  rdpbus - ok
20:27:14.0498 3308  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:27:14.0561 3308  RDPCDD - ok
20:27:14.0608 3308  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:27:14.0639 3308  RDPDR - ok
20:27:14.0686 3308  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:27:14.0748 3308  RDPENCDD - ok
20:27:14.0779 3308  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:27:14.0811 3308  RDPREFMP - ok
20:27:14.0857 3308  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:27:14.0935 3308  RDPWD - ok
20:27:14.0998 3308  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:27:15.0013 3308  rdyboost - ok
20:27:15.0045 3308  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:27:15.0123 3308  RemoteAccess - ok
20:27:15.0169 3308  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:27:15.0247 3308  RemoteRegistry - ok
20:27:15.0294 3308  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:27:15.0357 3308  RFCOMM - ok
20:27:15.0388 3308  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:27:15.0466 3308  RpcEptMapper - ok
20:27:15.0497 3308  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:27:15.0528 3308  RpcLocator - ok
20:27:15.0575 3308  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:27:15.0637 3308  RpcSs - ok
20:27:15.0684 3308  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:27:15.0762 3308  rspndr - ok
20:27:15.0825 3308  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
20:27:15.0856 3308  s0016bus - ok
20:27:15.0887 3308  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
20:27:15.0918 3308  s0016mdfl - ok
20:27:15.0934 3308  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
20:27:15.0965 3308  s0016mdm - ok
20:27:16.0012 3308  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
20:27:16.0027 3308  s0016mgmt - ok
20:27:16.0043 3308  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
20:27:16.0059 3308  s0016nd5 - ok
20:27:16.0074 3308  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
20:27:16.0090 3308  s0016obex - ok
20:27:16.0105 3308  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
20:27:16.0121 3308  s0016unic - ok
20:27:16.0168 3308  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:27:16.0230 3308  s3cap - ok
20:27:16.0246 3308  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:27:16.0261 3308  SamSs - ok
20:27:16.0386 3308  [ 687CDADD7B13529E6D6EDA30B3F67051 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
20:27:16.0417 3308  SbieDrv - ok
20:27:16.0480 3308  [ 4CDB30762D89264FF570D2C64BA9B8A6 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
20:27:16.0511 3308  SbieSvc - ok
20:27:16.0542 3308  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:27:16.0573 3308  sbp2port - ok
20:27:16.0589 3308  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:27:16.0651 3308  SCardSvr - ok
20:27:16.0667 3308  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:27:16.0729 3308  scfilter - ok
20:27:16.0807 3308  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:27:16.0901 3308  Schedule - ok
20:27:16.0932 3308  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:27:16.0979 3308  SCPolicySvc - ok
20:27:17.0026 3308  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
20:27:17.0088 3308  sdbus - ok
20:27:17.0119 3308  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:27:17.0197 3308  SDRSVC - ok
20:27:17.0244 3308  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:27:17.0307 3308  secdrv - ok
20:27:17.0353 3308  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:27:17.0431 3308  seclogon - ok
20:27:17.0494 3308  [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
20:27:17.0572 3308  seehcri - ok
20:27:17.0619 3308  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:27:17.0665 3308  SENS - ok
20:27:17.0681 3308  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:27:17.0712 3308  SensrSvc - ok
20:27:17.0712 3308  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:27:17.0728 3308  Serenum - ok
20:27:17.0790 3308  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:27:17.0821 3308  Serial - ok
20:27:17.0868 3308  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:27:17.0884 3308  sermouse - ok
20:27:18.0024 3308  [ 6AD303A3529B7AEF99391DE19F5B400B ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:27:18.0055 3308  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
20:27:18.0055 3308  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
20:27:18.0118 3308  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:27:18.0196 3308  SessionEnv - ok
20:27:18.0243 3308  [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
20:27:18.0305 3308  SFEP - ok
20:27:18.0367 3308  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
20:27:18.0430 3308  sffdisk - ok
20:27:18.0461 3308  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:27:18.0508 3308  sffp_mmc - ok
20:27:18.0523 3308  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
20:27:18.0570 3308  sffp_sd - ok
20:27:18.0617 3308  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:27:18.0648 3308  sfloppy - ok
20:27:18.0711 3308  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:27:18.0820 3308  SharedAccess - ok
20:27:18.0867 3308  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:27:18.0960 3308  ShellHWDetection - ok
20:27:19.0007 3308  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:27:19.0038 3308  SiSRaid2 - ok
20:27:19.0054 3308  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:27:19.0069 3308  SiSRaid4 - ok
20:27:19.0179 3308  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:27:19.0210 3308  SkypeUpdate - ok
20:27:19.0257 3308  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:27:19.0350 3308  Smb - ok
20:27:19.0397 3308  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:27:19.0413 3308  SNMPTRAP - ok
20:27:19.0537 3308  [ E603BEE916153164B990A9DE49C04B9B ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
20:27:19.0569 3308  Sony Ericsson PCCompanion - ok
20:27:19.0584 3308  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:27:19.0615 3308  spldr - ok
20:27:19.0662 3308  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:27:19.0756 3308  Spooler - ok
20:27:19.0881 3308  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:27:20.0052 3308  sppsvc - ok
20:27:20.0083 3308  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:27:20.0161 3308  sppuinotify - ok
20:27:20.0208 3308  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:27:20.0302 3308  srv - ok
20:27:20.0333 3308  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:27:20.0364 3308  srv2 - ok
20:27:20.0411 3308  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:27:20.0442 3308  srvnet - ok
20:27:20.0505 3308  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:27:20.0598 3308  SSDPSRV - ok
20:27:20.0629 3308  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:27:20.0676 3308  SstpSvc - ok
20:27:20.0707 3308  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:27:20.0707 3308  stexstor - ok
20:27:20.0785 3308  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:27:20.0863 3308  stisvc - ok
20:27:20.0895 3308  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:27:20.0910 3308  storflt - ok
20:27:20.0926 3308  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
20:27:20.0988 3308  StorSvc - ok
20:27:21.0035 3308  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:27:21.0066 3308  storvsc - ok
20:27:21.0113 3308  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:27:21.0144 3308  swenum - ok
20:27:21.0175 3308  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:27:21.0269 3308  swprv - ok
20:27:21.0331 3308  [ 512231BA47975F3F1A67B11F271BB49D ] SynasUSB        C:\Windows\system32\drivers\SynUSB64.sys
20:27:21.0347 3308  SynasUSB - ok
20:27:21.0409 3308  [ 8F63178D1DB81BB79270AE55ECDD8321 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:27:21.0425 3308  SynTP - ok
20:27:21.0519 3308  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:27:21.0597 3308  SysMain - ok
20:27:21.0643 3308  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:27:21.0706 3308  TabletInputService - ok
20:27:21.0753 3308  [ 024ADC7F69D1776D72CC5D031B41CE4F ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
20:27:21.0815 3308  tap0901 - ok
20:27:21.0846 3308  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:27:21.0924 3308  TapiSrv - ok
20:27:21.0955 3308  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:27:22.0002 3308  TBS - ok
20:27:22.0096 3308  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:27:22.0158 3308  Tcpip - ok
20:27:22.0205 3308  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:27:22.0252 3308  TCPIP6 - ok
20:27:22.0283 3308  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:27:22.0330 3308  tcpipreg - ok
20:27:22.0361 3308  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:27:22.0439 3308  TDPIPE - ok
20:27:22.0455 3308  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:27:22.0501 3308  TDTCP - ok
20:27:22.0564 3308  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:27:22.0642 3308  tdx - ok
20:27:22.0689 3308  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:27:22.0704 3308  TermDD - ok
20:27:22.0767 3308  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:27:22.0860 3308  TermService - ok
20:27:22.0891 3308  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:27:22.0954 3308  Themes - ok
20:27:22.0985 3308  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:27:23.0047 3308  THREADORDER - ok
20:27:23.0141 3308  [ C676B0F52F2B6483AFB88F79CABB011E ] Tpkd            C:\Windows\system32\drivers\Tpkd.sys
20:27:23.0157 3308  Tpkd - ok
20:27:23.0203 3308  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:27:23.0297 3308  TrkWks - ok
20:27:23.0406 3308  [ EA43DE1743C1BA0D2D17B8DB90C91D88 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
20:27:23.0437 3308  truecrypt - ok
20:27:23.0500 3308  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:27:23.0593 3308  TrustedInstaller - ok
20:27:23.0656 3308  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:23.0703 3308  tssecsrv - ok
20:27:23.0765 3308  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:27:23.0843 3308  TsUsbFlt - ok
20:27:23.0921 3308  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:27:23.0999 3308  tunnel - ok
20:27:24.0061 3308  [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW64        C:\Windows\system32\DRIVERS\TVICHW64.SYS
20:27:24.0077 3308  TVICHW64 - ok
20:27:24.0108 3308  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:27:24.0139 3308  uagp35 - ok
20:27:24.0186 3308  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:27:24.0280 3308  udfs - ok
20:27:24.0311 3308  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:27:24.0358 3308  UI0Detect - ok
20:27:24.0420 3308  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:27:24.0436 3308  uliagpkx - ok
20:27:24.0514 3308  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:27:24.0576 3308  umbus - ok
20:27:24.0639 3308  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:27:24.0654 3308  UmPass - ok
20:27:24.0717 3308  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
20:27:24.0748 3308  UmRdpService - ok
20:27:24.0795 3308  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:27:24.0888 3308  upnphost - ok
20:27:25.0013 3308  [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService     C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
20:27:25.0060 3308  UPnPService ( UnsignedFile.Multi.Generic ) - warning
20:27:25.0060 3308  UPnPService - detected UnsignedFile.Multi.Generic (1)
20:27:25.0122 3308  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:27:25.0185 3308  USBAAPL64 - ok
20:27:25.0263 3308  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:27:25.0309 3308  usbaudio - ok
20:27:25.0341 3308  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:25.0419 3308  usbccgp - ok
20:27:25.0450 3308  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:27:25.0481 3308  usbcir - ok
20:27:25.0543 3308  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:27:25.0559 3308  usbehci - ok
20:27:25.0606 3308  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:27:25.0653 3308  usbhub - ok
20:27:25.0684 3308  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:27:25.0731 3308  usbohci - ok
20:27:25.0793 3308  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:27:25.0840 3308  usbprint - ok
20:27:25.0887 3308  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:27:25.0902 3308  usbscan - ok
20:27:25.0980 3308  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
20:27:26.0043 3308  usbser - ok
20:27:26.0058 3308  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:26.0121 3308  USBSTOR - ok
20:27:26.0152 3308  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:27:26.0199 3308  usbuhci - ok
20:27:26.0277 3308  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:27:26.0323 3308  usbvideo - ok
20:27:26.0339 3308  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:27:26.0417 3308  UxSms - ok
20:27:26.0495 3308  [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
20:27:26.0526 3308  VAIO Event Service - ok
20:27:26.0542 3308  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:27:26.0557 3308  VaultSvc - ok
20:27:26.0604 3308  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:27:26.0635 3308  vdrvroot - ok
20:27:26.0698 3308  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:27:26.0791 3308  vds - ok
20:27:26.0885 3308  [ 00C7DF4F50962BA218AB60D32869100B ] vflt            C:\Windows\system32\DRIVERS\vfilter.sys
20:27:26.0932 3308  vflt - ok
20:27:26.0979 3308  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:27.0010 3308  vga - ok
20:27:27.0025 3308  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:27:27.0103 3308  VgaSave - ok
20:27:27.0150 3308  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:27:27.0166 3308  vhdmp - ok
20:27:27.0213 3308  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:27:27.0228 3308  viaide - ok
20:27:27.0275 3308  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:27:27.0306 3308  vmbus - ok
20:27:27.0322 3308  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:27:27.0369 3308  VMBusHID - ok
20:27:27.0431 3308  [ A99CA064AD11266FE7067A79BF78BBB5 ] vnet            C:\Windows\system32\DRIVERS\virtualnet.sys
20:27:27.0493 3308  vnet - ok
20:27:27.0556 3308  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:27:27.0571 3308  volmgr - ok
20:27:27.0634 3308  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:27:27.0649 3308  volmgrx - ok
20:27:27.0696 3308  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:27:27.0727 3308  volsnap - ok
20:27:27.0821 3308  [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
20:27:27.0852 3308  vpnagent - ok
20:27:27.0899 3308  [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
20:27:27.0915 3308  vpnva - ok
20:27:27.0977 3308  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:27:27.0993 3308  vsmraid - ok
20:27:28.0071 3308  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:27:28.0180 3308  VSS - ok
20:27:28.0195 3308  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:27:28.0242 3308  vwifibus - ok
20:27:28.0289 3308  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:27:28.0305 3308  vwififlt - ok
20:27:28.0351 3308  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:27:28.0414 3308  vwifimp - ok
20:27:28.0461 3308  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:27:28.0554 3308  W32Time - ok
20:27:28.0601 3308  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:27:28.0632 3308  WacomPen - ok
20:27:28.0695 3308  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:27:28.0788 3308  WANARP - ok
20:27:28.0788 3308  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:27:28.0835 3308  Wanarpv6 - ok
20:27:28.0960 3308  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:27:29.0007 3308  WatAdminSvc - ok
20:27:29.0085 3308  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:27:29.0147 3308  wbengine - ok
20:27:29.0178 3308  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:27:29.0194 3308  WbioSrvc - ok
20:27:29.0272 3308  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
20:27:29.0303 3308  WcesComm - ok
20:27:29.0365 3308  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:27:29.0428 3308  wcncsvc - ok
20:27:29.0459 3308  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:27:29.0490 3308  WcsPlugInService - ok
20:27:29.0506 3308  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:27:29.0537 3308  Wd - ok
20:27:29.0584 3308  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:27:29.0631 3308  Wdf01000 - ok
20:27:29.0631 3308  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:27:29.0771 3308  WdiServiceHost - ok
20:27:29.0771 3308  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:27:29.0787 3308  WdiSystemHost - ok
20:27:29.0849 3308  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:27:29.0911 3308  WebClient - ok
20:27:29.0958 3308  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:27:30.0052 3308  Wecsvc - ok
20:27:30.0067 3308  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:27:30.0114 3308  wercplsupport - ok
20:27:30.0161 3308  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:27:30.0223 3308  WerSvc - ok
20:27:30.0270 3308  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:27:30.0333 3308  WfpLwf - ok
20:27:30.0348 3308  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:27:30.0364 3308  WIMMount - ok
20:27:30.0364 3308  WinDefend - ok
20:27:30.0379 3308  WinHttpAutoProxySvc - ok
20:27:30.0411 3308  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:27:30.0473 3308  Winmgmt - ok
20:27:30.0582 3308  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:27:30.0691 3308  WinRM - ok
20:27:30.0769 3308  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:27:30.0816 3308  WinUsb - ok
20:27:30.0879 3308  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:27:30.0957 3308  Wlansvc - ok
20:27:31.0175 3308  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:27:31.0253 3308  wlidsvc - ok
20:27:31.0300 3308  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:27:31.0347 3308  WmiAcpi - ok
20:27:31.0409 3308  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:27:31.0440 3308  wmiApSrv - ok
20:27:31.0503 3308  WMPNetworkSvc - ok
20:27:31.0518 3308  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:27:31.0549 3308  WPCSvc - ok
20:27:31.0596 3308  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:27:31.0643 3308  WPDBusEnum - ok
20:27:31.0674 3308  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:27:31.0768 3308  ws2ifsl - ok
20:27:31.0799 3308  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:27:31.0861 3308  wscsvc - ok
20:27:31.0861 3308  WSearch - ok
20:27:31.0971 3308  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:27:32.0049 3308  wuauserv - ok
20:27:32.0080 3308  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:27:32.0142 3308  WudfPf - ok
20:27:32.0205 3308  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:27:32.0267 3308  WUDFRd - ok
20:27:32.0298 3308  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:27:32.0345 3308  wudfsvc - ok
20:27:32.0376 3308  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:27:32.0439 3308  WwanSvc - ok
20:27:32.0485 3308  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
20:27:32.0548 3308  yukonw7 - ok
20:27:32.0626 3308  [ 928E13688D3A229343FC176601B7237F ] ZMGHPAudioSrv   C:\Windows\system32\drivers\zmghpau.sys
20:27:32.0657 3308  ZMGHPAudioSrv ( UnsignedFile.Multi.Generic ) - warning
20:27:32.0657 3308  ZMGHPAudioSrv - detected UnsignedFile.Multi.Generic (1)
20:27:32.0719 3308  ================ Scan global ===============================
20:27:32.0766 3308  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:27:32.0813 3308  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:27:32.0829 3308  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:27:32.0860 3308  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:27:32.0891 3308  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:27:32.0891 3308  [Global] - ok
20:27:32.0891 3308  ================ Scan MBR ==================================
20:27:32.0907 3308  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:27:33.0250 3308  \Device\Harddisk0\DR0 - ok
20:27:33.0250 3308  ================ Scan VBR ==================================
20:27:33.0265 3308  [ 0BC0CE3995075CAA0A20712CD00CC205 ] \Device\Harddisk0\DR0\Partition1
20:27:33.0265 3308  \Device\Harddisk0\DR0\Partition1 - ok
20:27:33.0297 3308  [ 19100200355CB1BBE078A153A24EE461 ] \Device\Harddisk0\DR0\Partition2
20:27:33.0297 3308  \Device\Harddisk0\DR0\Partition2 - ok
20:27:33.0297 3308  ============================================================
20:27:33.0297 3308  Scan finished
20:27:33.0297 3308  ============================================================
20:27:33.0343 1188  Detected object count: 9
20:27:33.0343 1188  Actual detected object count: 9
20:27:54.0185 1188  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:54.0185 1188  DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188  DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:54.0185 1188  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:54.0185 1188  Multi-user Cleanup Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188  Multi-user Cleanup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:54.0185 1188  OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188  OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:54.0185 1188  OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188  OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:54.0185 1188  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:54.0185 1188  UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188  UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:27:54.0201 1188  ZMGHPAudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0201 1188  ZMGHPAudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 13.01.2013, 21:04   #6
markusg
/// Malware-holic
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> GVU Trojaner entfernen

Alt 13.01.2013, 21:41   #7
MadInn
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hier der Log von Combofix:

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-13.01 - Martin 13.01.2013  21:11:41.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4014.2473 [GMT 1:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\hpeC9C4.dll
c:\users\Martin\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-13 bis 2013-01-13  ))))))))))))))))))))))))))))))
.
.
2013-01-13 20:22 . 2013-01-13 20:22	--------	d-----w-	c:\users\OC\AppData\Local\temp
2013-01-13 20:22 . 2013-01-13 20:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-13 17:36 . 2013-01-13 17:36	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4B4D787-DF29-4DDF-9484-7F32FD5A149A}\offreg.dll
2013-01-13 13:32 . 2013-01-13 13:32	--------	d-----w-	c:\users\Martin\AppData\Roaming\Malwarebytes
2013-01-13 13:31 . 2013-01-13 13:31	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-13 13:31 . 2013-01-13 13:31	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-13 13:31 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-13 13:31 . 2013-01-13 13:31	--------	d-----w-	c:\users\Martin\AppData\Local\Programs
2013-01-13 09:27 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4B4D787-DF29-4DDF-9484-7F32FD5A149A}\mpengine.dll
2013-01-09 13:31 . 2013-01-09 13:31	--------	d-----w-	c:\program files\CCleaner
2013-01-07 16:19 . 2013-01-07 16:19	--------	d-----w-	c:\program files (x86)\Common Files\Adobe Systems Shared
2013-01-07 16:15 . 2013-01-07 16:15	--------	d-----w-	c:\program files\Zugaben
2013-01-07 16:15 . 2013-01-07 16:15	--------	d-----w-	c:\program files\Technische Informationen
2013-01-07 16:15 . 2013-01-07 16:15	--------	d-----w-	c:\program files\Kundendienst
2013-01-07 16:15 . 2013-01-07 16:15	--------	d-----w-	c:\program files\Hilfe
2013-01-07 16:15 . 2013-01-07 16:15	--------	d-----w-	c:\program files\Adobe(R) Photoshop(R) CS2
2013-01-07 16:15 . 2013-01-07 16:15	--------	d-----w-	c:\program files\Adobe Solutions Network
2013-01-07 16:15 . 2013-01-07 16:15	--------	d-----w-	c:\program files\Adobe DNG Converter
2013-01-06 10:19 . 2013-01-06 10:21	--------	d-----w-	C:\Sonstiges (Ordner vom Desktop)
2013-01-05 11:09 . 2013-01-05 11:09	--------	d-----w-	c:\users\Martin\AppData\Local\Steganos
2013-01-05 11:09 . 2013-01-05 11:09	--------	d-----w-	c:\programdata\Steganos
2013-01-05 11:05 . 2013-01-06 11:05	--------	d-----w-	c:\users\Martin\AppData\Roaming\Steganos
2012-12-22 12:13 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-22 12:13 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 12:12 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 12:12 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-18 20:07 . 2012-07-30 21:52	103904	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-12-18 20:07 . 2012-07-30 21:52	103904	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 18:42 . 2012-04-02 06:19	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 18:42 . 2011-05-16 06:12	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 21:49 . 2010-08-16 08:02	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-22 03:26 . 2012-12-13 07:00	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-11-14 07:06 . 2012-12-13 21:46	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 21:46	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 21:46	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 21:46	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 21:46	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 21:46	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 21:46	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 21:46	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 21:46	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 21:46	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 21:46	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 21:46	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 21:46	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 21:46	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 21:46	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 21:46	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 21:46	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 21:46	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 21:46	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 21:46	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 21:46	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 21:46	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 07:00	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 07:00	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 06:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 06:59	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-10-17 17:30 . 2012-10-17 17:30	10744	----a-w-	c:\windows\SysWow64\vpncategories.dll
2012-10-17 17:30 . 2012-10-17 17:30	33784	----a-w-	c:\windows\SysWow64\vpnevents.dll
2012-10-17 17:13 . 2011-03-23 22:25	27048	----a-w-	c:\windows\system32\drivers\vpnva64.sys
2012-10-17 17:11 . 2011-03-23 22:25	107432	----a-r-	c:\windows\system32\drivers\acsock64.sys
2012-10-16 08:38 . 2012-11-28 10:42	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 10:42	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 10:42	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-03-24 08:02 . 2012-03-24 08:02	3993600	----a-w-	c:\program files (x86)\GUT96AF.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Martin\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\users\OC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-7-15 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-30 17:20	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 114560]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 250368]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-01-23 13352]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [2006-11-16 31248]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [2012-04-06 21200]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-21 1255736]
R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [2010-04-16 47616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-08-18 819976]
S2 AirPrint;AirPrint;c:\airprint\airprint.exe [2012-05-13 234784]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-12-24 116096]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 76288]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-01-23 34032]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-12-22 11392]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 78097463
*Deregistered* - 78097463
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:42]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 18:38]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 18:38]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3183987224-1095028075-2954487604-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 18:48]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3183987224-1095028075-2954487604-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 18:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 15:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 15:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 15:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 15:58	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4DCD71DF-0535-4651-8A97-1937535B4ED0}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{51099237-9ACA-46C6-B201-A017EA5F074C}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{F384CFFF-602A-4CF4-819F-FF28E3768200}: NameServer = 193.189.244.225 193.189.244.206
DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} - hxxp://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live%20Demo/nvUnifiedControl.ocx
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/#inbox
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
FF - prefs.js: network.proxy.ssl - 70.38.90.211
FF - prefs.js: network.proxy.ssl_port - 1080
FF - prefs.js: network.proxy.type - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Need for Speed High Stakes - c:\windows\ISUN0407.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-13  21:35:47
ComboFix-quarantined-files.txt  2013-01-13 20:35
.
Vor Suchlauf: 25 Verzeichnis(se), 81.295.560.704 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 80.748.138.496 Bytes frei
.
- - End Of File - - 4FE575BC14502FB7BA0661FA7D08234E
         
--- --- ---

Alt 14.01.2013, 20:40   #8
markusg
/// Malware-holic
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.01.2013, 21:02   #9
MadInn
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hey, danke schon mal soweit

Hier die Liste mit den Programmen:
Code:
ATTFilter
notwendig: ABBYY FineReader 11	ABBYY	15.06.2012	715MB	11.0.289
(glaube ich) notwendig: Adobe AIR	Adobe Systems Incorporated	08.04.2012		3.2.0.2070
(glaube ich) notwendig: Adobe Digital Editions		28.04.2012		
notwendig: Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146
notwendig: Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146
notwendig: Adobe Photoshop CS2	Adobe Systems, Inc.	07.01.2013		9.0
notwendig: Adobe Reader 9.5.2 - Deutsch	Adobe Systems Incorporated	18.08.2012	118MB	9.5.2
notwendig: Adobe Shockwave Player 11.5	Adobe Systems, Inc.	15.01.2011		11.5.9.615
unbekannt: Akamai NetSession Interface	Akamai Technologies, Inc	13.11.2012		
unbekannt: Akamai NetSession Interface Service	Akamai Technologies, Inc	13.11.2012		
notwendig: Allway Sync version 10.5.8	Botkind Inc	15.10.2010	21,4MB	
unbekannt: Anki		05.09.2011		
notwendig: Apple Application Support	Apple Inc.	15.09.2012	64,5MB	2.2.2
notwendig: Apple Mobile Device Support	Apple Inc.	15.09.2012	23,7MB	6.0.0.59
notwendig: Apple Software Update	Apple Inc.	12.01.2012	2,38MB	2.1.3.127
notwendig: ASIO4ALL	Michael Tippach	07.11.2010		2.10
notwendig: Avira Free Antivirus	Avira	15.11.2012	108MB	12.1.9.1236
unnötig: AVM FRITZ!Box USB-Fernanschluss	AVM Berlin	24.12.2010		2.2.1.0
notwendig: Bonjour	Apple Inc.	12.01.2012	2,00MB	3.0.0.10
notwendig: BPM-Studio 4 Demo	AlcaTech	30.12.2010	18,4MB	4.9.93
notwendig: Bullzip PDF Printer 7.2.0.1304	Bullzip	11.04.2011	8,89MB	7.2.0.1304
notwendig: Canon MF Toolbox 4.9.1.1.mf09	Canon	16.06.2011		3.2.0
notwendig: Canon MF4360-4390		16.06.2011		
notwendig: Canon MG3100 series MP Drivers		01.09.2012		
notwendig: CCleaner	Piriform	19.12.2012		3.26
notwendig: Cisco AnyConnect Secure Mobility Client	Cisco Systems, Inc.	29.10.2012		3.1.01065
notwendig: Citavi	Swiss Academic Software	09.05.2012	69,2MB	3.2.0.0
notwendig: DarkWave Studio 3.0.7	ExperimentalScene	16.09.2010		3.0.7
notwendig: DivX-Setup	DivX, LLC	23.03.2012		2.6.1.8
notwendig: Dropbox	Dropbox, Inc.	22.12.2012		1.6.10
notwendig: EES - Engineering Equation Solver	F-Chart Software	01.11.2012		9
notwendig: eLicenser Control	Steinberg Media Technologies GmbH	06.04.2012		
notwendig: ffdshow [rev 2946] [2009-05-15]		09.12.2010		1.0
unnötig: Firebird SQL Server - MAGIX Edition	MAGIX AG	12.10.2012	11,5MB	2.1.31.0
notwendig: GIMP 2.6.8		18.05.2011		
notwendig: Google Chrome	Google Inc.	12.09.2011		23.0.1271.97
notwendig: Google Drive	Google, Inc.	30.11.2012	16,0MB	1.6.3837.2778
notwendig:Google Gears	Google	29.06.2011	9,05MB	0.5.3600
notwendig: GPL Ghostscript	Artifex Software Inc.	30.07.2012		9.05
notwendig: GPL Ghostscript Lite 8.70		11.04.2011	12,8MB	
notwendig: ICQ7.2	ICQ	20.01.2011		7.2
unbekannt: Intel® Matrix Storage Manager	Intel Corporation	15.07.2010		
unbekannt: Interlok driver setup x64	PACE Anti-Piracy	08.09.2010	161KB	5.8.13
notwendig: IrfanView (remove only)	Irfan Skiljan	15.07.2010	1,50MB	4.27
notwendig: iTunes	Apple Inc.	15.09.2012	180MB	10.7.0.21
notwendig: Java(TM) 6 Update 22	Sun Microsystems, Inc.	15.07.2010	97,2MB	6.0.220
unnötig: Kaminfeuer Comprehensive Edition Free		03.12.2012		
notwendig: Logitech SetPoint	Logitech	15.07.2010	17,0KB	4.80
notwendig: Logitech Touch Mouse Server 1.0	Logitech Inc.	06.03.2012		1.0
notwendig: Lotus Notes 7.0	IBM	04.06.2011	314MB	7.00.5244
unnötig: MAGIX Goya burnR 2.3.1.3 (D)	MAGIX AG	23.08.2010		2.3.1.3
unnötig: MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D)	MAGIX AG	23.08.2010		4.0.0.10
unnötig: MAGIX Online Druck Service 2.3.2.0 (D)	MAGIX AG	23.08.2010		2.3.2.0
unnötig: MAGIX Screenshare	MAGIX AG	16.09.2010	1,43MB	4.3.6.1987
unnötig: MAGIX Speed burnR (MSI)	MAGIX AG	12.10.2012		7.0.2.6
notwendig: Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	13.01.2013	18,4MB	1.70.0.1100
notwendig: Media Go	Sony	27.10.2010	107MB	1.5.312
(glaube ich) notwendig: Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	16.08.2010	38,8MB	4.0.30319
(glaube ich) notwendig: Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	16.08.2010	2,93MB	4.0.30319
notwendig: Microsoft Office Home and Student 2010	Microsoft Corporation	29.09.2011		14.0.6029.1000
(glaube ich) notwendig: Microsoft Silverlight	Microsoft Corporation	11.05.2012	199MB	4.1.10329.0
(glaube ich) notwendig: Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	30.08.2010	1,72MB	3.1.0000
(glaube ich) notwendig: Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	16.07.2010	260KB	8.0.50727.4053
(glaube ich) notwendig: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	16.07.2010	252KB	8.0.50727.4053
(glaube ich) notwendig: Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	19.06.2011	300KB	8.0.56336
(glaube ich) notwendig: Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	15.07.2010	708KB	8.0.61000
(glaube ich) notwendig: Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	24.04.2011	580KB	8.0.51011
(glaube ich) notwendig: Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	16.07.2010	212KB	9.0.30729.4148
(glaube ich) notwendig: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	17.09.2010	200KB	9.0.30729.4148
(glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	24.04.2011	790KB	9.0.30729.5570
(glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	24.04.2011	598KB	9.0.30729.5570
(glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	15.07.2010	2,52MB	9.0.21022
(glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	19.06.2011	788KB	9.0.30729.6161
(glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	16.09.2010	596KB	9.0.30729
(glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	27.10.2010	594KB	9.0.30729.4148
(glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	19.06.2011	600KB	9.0.30729.6161
(glaube ich) notwendig: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	09.02.2012	16,5MB	10.0.40219
notwendig: Mobile Partner	Huawei Technologies Co.,Ltd	11.10.2010		11.302.09.04.382
notwendig: Mozilla Firefox 16.0.2 (x86 de)	Mozilla	31.10.2012	44,4MB	16.0.2
(glaube ich) notwendig: Mozilla Maintenance Service	Mozilla	05.12.2012	329KB	17.0
notwendig: Mozilla Thunderbird 17.0 (x86 de)	Mozilla	05.12.2012	41,9MB	17.0
unbekannt: MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	25.08.2010	1,27MB	4.20.9870.0
unbekannt: MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25.08.2010	1,33MB	4.20.9876.0
unbekannt: MSXML 4.0 SP3 Parser	Microsoft Corporation	12.10.2012	1,47MB	4.30.2100.0
unbekannt: MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	13.10.2012	1,53MB	4.30.2114.0
unbekannt: MSXML 4.0 SP3 Parser (KB2758694)	Microsoft Corporation	13.01.2013	1,54MB	4.30.2117.0
unnötig: Need for Speed		01.03.2011		
unnötig: Need For Speed™ World	Electronic Arts	13.11.2012	12,5MB	1.0.0.659
notwendig: NVIDIA Drivers	NVIDIA Corporation	15.07.2010		1.9
notwendig: OpenOffice.org 3.2	OpenOffice.org	15.07.2010	380MB	3.2.9502
notwendig: Opera 12.12	Opera Software ASA	20.12.2012		12.12.1707
notwendig: PC Connectivity Solution	Nokia	17.11.2010	15,0MB	8.15.1.0
unnötig: PCSX2 - Playstation 2 Emulator		10.11.2012		
notwendig: PDF Blender		11.04.2011		
unnötig: PlayStation(R)Network Downloader	Sony Computer Entertainment Inc.	27.10.2010	682KB	2.03.00126
unnötig: PlayStation(R)Store	Sony Computer Entertainment Inc.	27.10.2010	3,64MB	3.2.11.09227
notwendig: QuickTime	Apple Inc.	15.09.2012	73,2MB	7.72.80.56
notwendig: Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	15.07.2010		6.0.1.5964
notwendig: RWTH OpenVPN Client 2.1_rc19c		31.12.2011		2.1_rc19c
notwendig: Samplitude Music Studio 15 15.0.1.0 (D)	MAGIX AG	30.10.2010		15.0.1.0
notwendig: Samplitude Music Studio 17 Download-Version	MAGIX AG	16.09.2010		17.0.0.0
notwendig: Sandboxie 3.66 (64-bit)	SANDBOXIE L.T.D	25.03.2012		3.66
notwendig: Secure Download Manager	e-academy Inc.	27.08.2012	935KB	3.0.5
notwendig: Setting Utility Series	Sony Corporation	15.07.2010		5.1.0.11200
notwendig: Shrew Soft VPN Client		11.09.2012		
unnötig: Skype Click to Call	Skype Technologies S.A.	16.05.2012	14,3MB	5.9.9216
notwendig: Skype™ 6.0	Skype Technologies S.A.	09.12.2012	20,3MB	6.0.126
notwendig: Sony Ericsson PC Companion 2.01.078	Sony Ericsson	23.01.2011	16,4MB	2.01.078
notwendig: Sony Ericsson PC Suite 6.011.00	Sony Ericsson	06.08.2010		6.011.00
notwendig: Sony Ericsson Update Service	Sony Ericsson Mobile Communications AB	23.01.2011		2.11.1.9
notwendig: Spotify	Spotify AB	04.11.2012		0.8.5.1333.g822e0de8
notwendig: Steinberg Cubase LE 4	Steinberg Media Technologies GmbH	21.10.2010	199MB	4.0.3.2233
notwendig: Synaptics Pointing Device Driver	Synaptics Incorporated	27.07.2010		14.0.3.0
notwendig: t@x 2009 Standard	Buhl Data Service GmbH	26.12.2010		16.00.6228
notwendig: t@x 2010 Standard	Buhl Data Service GmbH	31.12.2010		17.00.6531
notwendig: t@x 2011	Buhl Data Service GmbH	31.12.2010		18.00.6928
notwendig: t@x 2012	Buhl Data Service GmbH	29.04.2012		19.00.7303
notwendig: TELL ME MORE	Auralog	02.01.2012		
unbekannt: Text-To-Speech-Runtime	Magix Development GmbH	23.08.2010	260KB	1.0.0.0
notwendig: TmNationsForever	Nadeo	04.10.2010		
notwendig: TrueCrypt	TrueCrypt Foundation	05.06.2011		7.0a
notwendig: TuxGuitar	Herac	16.05.2012	10,6MB	1.2
notwendig: VAIO Control Center	Sony Corporation	16.07.2010		4.1.0.10160
notwendig: VAIO Event Service	Sony Corporation	15.07.2010		5.1.0.11300
notwendig: Virtual DJ Home - Atomix Productions		30.12.2010		
notwendig: VLC media player 2.0.2	VideoLAN	11.09.2012		2.0.2
Vnotwendig: ST Bridge 1.1		08.09.2010		
notwendig: WIDCOMM Bluetooth Software	Broadcom Corporation	15.07.2010	144MB	6.2.1.500
notwendig: Winamp	Nullsoft, Inc	13.06.2012		5.623 
notwendig: Winamp Erkennungs-Plug-in	Nullsoft, Inc	13.06.2012	75,0KB	1.0.0.1
(glaube ich) notwendig: Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)	Broadcom	15.07.2010		09/09/2009 6.2.0.9405
(glaube ich) notwendig: Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)	Broadcom	15.07.2010		07/28/2009 6.2.0.9800
(glaube ich) notwendig: Windows Live Essentials	Microsoft Corporation	07.04.2012		15.4.3555.0308
(glaube ich) notwendig: Windows Live Sync	Microsoft Corporation	26.07.2010	2,79MB	14.0.8117.416
(glaube ich) notwendig: Windows Mobile-Gerätecenter		27.01.2012		
(glaube ich) notwendig: Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)	Nokia	17.11.2010		10/12/2007 6.85.4.0
notwendig: WinRAR		26.09.2010		
notwendig: XMind	XMind Ltd.	07.10.2011		3.2.1
notwendig: Zattoo4 4.0.5	Zattoo Inc.	02.06.2012		4.0.5
         

Alt 15.01.2013, 21:24   #10
markusg
/// Malware-holic
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Anki
AVM
Firebird
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Kaminfeuer
MAGIX : alle
Need for : alle
PCSX2
PlayStation: alle
Skype Click

öffne ccleaner, analysieren, starten, pc neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 22:07   #11
MadInn
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hey Markus,
habe soweit alles gemacht, wie du beschrieben hast.

Hier der log von Adwcleaner:

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 15/01/2013 um 22:04:30 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Martin - MARTINSPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-3.xml
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\Martin\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v16.0.2 (de)

Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\prefs.js

Gefunden : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/#inbox");
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=");

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.12.1707.0

Datei : C:\Users\Martin\AppData\Roaming\Opera\Opera\operaprefs.ini

Gefunden : application/x-winampx-1.0.0.1=6,,C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll,Winamp A[...]
Gefunden : application/x-winampx-1.0.0.1=,0

*************************

AdwCleaner[R1].txt - [2662 octets] - [15/01/2013 22:04:30]

########## EOF - C:\AdwCleaner[R1].txt - [2722 octets] ##########
         

Alt 15.01.2013, 22:16   #12
markusg
/// Malware-holic
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



hi


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten bitte, teste, wie der PC läuft + programme, auch alle instalierten Browser
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 22:37   #13
MadInn
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Hier die Log-Datei

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 15/01/2013 um 22:18:52 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Martin - MARTINSPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-3.xml
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (de)

Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\prefs.js

Gelöscht : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/#inbox");
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=");

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.12.1707.0

Datei : C:\Users\Martin\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : application/x-winampx-1.0.0.1=6,,C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll,Winamp A[...]
Gelöscht : application/x-winampx-1.0.0.1=,0

*************************

AdwCleaner[R1].txt - [2789 octets] - [15/01/2013 22:04:30]
AdwCleaner[S1].txt - [2634 octets] - [15/01/2013 22:18:52]

########## EOF - C:\AdwCleaner[S1].txt - [2694 octets] ##########
         
PC und Programme scheinen soweit zu laufen (mir ist jetzt nichts negatives aufgefallen).
Browser funktionieren auch alle, jedoch sagt mir der Internet Explorer, dass ich den neusten flashplayer installieren muss (auf youtube getestet). Bei Chrome, Firefox und Opera geht der Flashplayer jedoch.

Alt 15.01.2013, 22:38   #14
markusg
/// Malware-holic
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



kannst du instaliern.
öffne otl, bereinigen, PC startet neu, remover werden gelöscht.
lösche über gebliebene Logs, Remover, Setups, leere den Papierkorb.
sichere den Pc ab:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2013, 22:54   #15
MadInn
 
GVU Trojaner entfernen - Standard

GVU Trojaner entfernen



Ja, super!
Sind wir dann soweit durch und der PC ist erstmal wieder sicher??

Ich danke dir auf jeden Fall ganz herzlich für deine Hilfe Ihr macht hier echt nen super Job mit euren Hilfestellungen und den ausführlich beschriebenen Anleitungen zu jedem Schritt.

Was ist denn von Kaspersky als Sicherheitssoftware zu halten? Das hatte ich früher mal und fand das eigtl. immer ganz gut...
Ich werde mir aber definitiv deine genannten Programme alle mal anschauen und dann entscheiden, welches ich zukünftig nehme.

Antwort

Themen zu GVU Trojaner entfernen
akamai, antivir, avg, avira, bho, bonjour, canon, ccsetup, cubase, entfernen, error, failed, fehler, firefox, flash player, format, install.exe, logfile, object, photoshop, plug-in, port, realtek, registry, richtlinie, rundll, security, software, svchost.exe, systemwiederherstellung gemacht, trojaner, udp




Ähnliche Themen: GVU Trojaner entfernen


  1. Babylon toolbar entfernen, BrowserCompanion entfernen, DealPly entfernen, GinyasBrowserCompanions entfernen
    Log-Analyse und Auswertung - 17.12.2014 (9)
  2. GVU Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (13)
  3. GVU Trojaner entfernen
    Log-Analyse und Auswertung - 08.07.2013 (9)
  4. GVU-Trojaner. Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (2)
  5. GUV Trojaner 2.07 entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (6)
  6. Windows Uptdate Trojaner "Neuer Verschlüsselung Trojaner" Verschlüsseung entfernen, WIE?
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (3)
  7. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (3)
  8. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Mülltonne - 04.08.2012 (1)
  9. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  10. BKA Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (5)
  11. GVU-Trojaner v2.04 entfernen (Windows XP) Trojaner mit Urheberrechtsverletzung
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (1)
  12. wie BKA trojaner entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (2)
  13. BKA-Trojaner entfernen
    Log-Analyse und Auswertung - 23.07.2011 (6)
  14. Trojaner Kozy - desktop schwarz daten weg - wie kann ich den trojaner entfernen?
    Log-Analyse und Auswertung - 30.04.2011 (1)
  15. Trojaner TR/crypt.xpack.gen u. win32.dnschanger entfernen entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.02.2009 (14)
  16. Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.10.2008 (1)
  17. Trojaner entfernen...
    Plagegeister aller Art und deren Bekämpfung - 10.01.2007 (3)

Zum Thema GVU Trojaner entfernen - Hallo, bin leider auch Opfer des GVU Trojaners geworden. Habe daraufhin eine Systemwiederherstellung gemacht und nun läuft soweit eigentlich auch alles wieder, ich bin mir jedoch sehr unsicher ob evtl - GVU Trojaner entfernen...
Archiv
Du betrachtest: GVU Trojaner entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.