Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Seth. avazutracking.net

Seth. avazutracking.net


Plagegeister aller Art und deren Bekämpfung: Seth. avazutracking.net

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 21.02.2013, 15:31   #1
Lukas1234
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


Moin allerseits,

seit einiger Zeit öffnen sich bei meinem Firefox manchmal neue Tabs, wo ich dann über die Seth.avazutracking.net auf Seiten von Browsergames oder dergleich weitergeleitet werde.
Daten zu meinem PC:
Ich benutze Mozilla Firefox 19.0.0.0 auf Windows Vista Home Premium 64-Bit

Ich würde mich freuen, wenn ihr mir bei der Entfernung dieses Störenfrieds helfen könntet

Grüße,
Lukas

Alt 21.02.2013, 15:53   #2
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 21.02.2013, 16:45   #3
Lukas1234
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


So, hier der erste log. Muss den zweiten separat posten, da er zu groß zum anhängen ist.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.02.2013 16:04:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mietke\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19400)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,07% Memory free
8,18 Gb Paging File | 6,12 Gb Available in Paging File | 74,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 16,59 Gb Free Space | 16,99% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 462,45 Gb Free Space | 55,46% Space Free | Partition Type: NTFS
 
Computer Name: MIETKE-PC | User Name: Mietke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mietke\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Users\Mietke\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Vtune\TBManage.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HiPatchService) -- D:\Program Files (x86)\Global Agenda\HiPatchService.exe (Hi-Rez Studios)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\DRIVERS\aswNdis.sys (ALWIL Software)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - SOFTWARE\Classes\CLSID\{fc01c2be-850b-4115-9b6b-9a427ddecc34}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6OyGIMUR6v&i=26
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2528046
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: %7BED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA%7D:1.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.199.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyGIMUR6v&&i=26&search="
FF - prefs.js..network.proxy.ftp: "81.27.79.181"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "81.27.79.181"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "81.27.79.181"
FF - prefs.js..network.proxy.ssl_port: 8080
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\Mietke\AppData\Roaming\5006 [2010.10.06 20:44:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.11 16:19:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 06:52:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.20 06:52:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\Mietke\AppData\Roaming\5006 [2010.10.06 20:44:18 | 000,000,000 | ---D | M]
 
[2011.05.24 16:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mietke\AppData\Roaming\mozilla\Extensions
[2011.05.24 16:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mietke\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.08.25 08:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mietke\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.01.28 10:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mietke\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013.02.20 18:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mietke\AppData\Roaming\mozilla\Firefox\Profiles\kz08tl84.default\extensions
[2010.05.08 09:35:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mietke\AppData\Roaming\mozilla\Firefox\Profiles\kz08tl84.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.01 15:08:43 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Mietke\AppData\Roaming\mozilla\Firefox\Profiles\kz08tl84.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.19 15:32:54 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Mietke\AppData\Roaming\mozilla\Firefox\Profiles\kz08tl84.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.02.24 20:06:38 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Mietke\AppData\Roaming\mozilla\Firefox\Profiles\kz08tl84.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2013.02.20 18:24:09 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Mietke\AppData\Roaming\mozilla\Firefox\Profiles\kz08tl84.default\extensions\battlefieldheroespatcher@ea.com
[2011.03.25 23:29:41 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Mietke\AppData\Roaming\mozilla\Firefox\Profiles\kz08tl84.default\extensions\engine@conduit.com
[2012.11.14 17:07:45 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.09.11 23:13:05 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.11.21 17:52:29 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\extensions\toolbar@web.de.xpi
[2013.01.07 15:51:03 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011.03.14 21:54:51 | 000,000,873 | ---- | M] () -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\searchplugins\conduit.xml
[2013.02.19 10:02:13 | 000,000,950 | ---- | M] () -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\searchplugins\icqplugin-1.xml
[2009.08.19 15:14:32 | 000,000,950 | ---- | M] () -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\searchplugins\icqplugin-2.xml
[2009.10.18 17:51:36 | 000,000,950 | ---- | M] () -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\searchplugins\icqplugin-3.xml
[2010.01.22 19:24:14 | 000,000,950 | ---- | M] () -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\searchplugins\icqplugin-4.xml
[2010.02.16 19:36:07 | 000,000,961 | ---- | M] () -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\searchplugins\icqplugin-5.xml
[2010.03.19 09:22:13 | 000,000,950 | ---- | M] () -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\searchplugins\icqplugin-6.xml
[2010.03.24 11:09:59 | 000,000,950 | ---- | M] () -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\searchplugins\icqplugin-7.xml
[2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\searchplugins\icqplugin.xml
[2012.07.02 14:24:13 | 000,002,203 | ---- | M] () -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\searchplugins\MyStart Search.xml
[2010.01.22 23:10:08 | 000,003,915 | ---- | M] () -- C:\Users\Mietke\AppData\Roaming\mozilla\firefox\profiles\kz08tl84.default\searchplugins\sweetim.xml
[2013.02.20 06:52:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.20 06:52:22 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.02.20 06:52:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.11 16:19:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010.10.06 20:44:18 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MIETKE\APPDATA\ROAMING\5006
[2013.02.20 06:52:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.03.25 11:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 20:28:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - Extension: No name found = C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: No name found = C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: No name found = C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: No name found = C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: No name found = C:\Users\Mietke\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
 
O1 HOSTS File: ([2010.08.15 19:23:21 | 000,000,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O2 - BHO: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files (x86)\jetztspielenob.de\tbjetz.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files (x86)\jetztspielenob.de\tbjetz.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (jetztspielenob.de Toolbar) - {FC01C2BE-850B-4115-9B6B-9A427DDECC34} - C:\Program Files (x86)\jetztspielenob.de\tbjetz.dll File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mietke\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [FreeCT] C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F17C83C-CB72-43C6-93CB-BA673E2A0AEE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Mietke\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{324b9718-a454-11de-b990-002354640c8c}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{324b971b-a454-11de-b990-002354640c8c}\Shell - "" = AutoRun
O33 - MountPoints2\{324b971b-a454-11de-b990-002354640c8c}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{3c401439-3413-11de-bdd8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3c401439-3413-11de-bdd8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Bin\ASSETUP.exe
O33 - MountPoints2\{7b5accbc-341f-11de-ab26-002354640c8c}\Shell\AutoRun\command - "" = K:\setupSNK.exe
O33 - MountPoints2\{dcc3c944-3544-11de-ab28-002354640c8c}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: NCsoft Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NvMediaCenter - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: sbitunesagent - hkey= - key= - C:\Program Files (x86)\Songbird\songbirditunesagent.exe ()
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.21 14:59:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mietke\Desktop\OTL.exe
[2013.02.21 14:40:11 | 000,000,000 | ---D | C] -- C:\Users\Mietke\Desktop\mbar
[2013.02.20 06:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.06 15:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEFIANCE
[2013.02.03 22:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.02.02 19:23:06 | 000,000,000 | ---D | C] -- C:\Users\Mietke\AppData\Local\Red 5 Studios
[2013.02.02 17:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
[2013.02.02 17:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org
[2013.02.02 17:28:00 | 000,000,000 | ---D | C] -- C:\Users\Mietke\Desktop\Fotos Abizeitung
[2013.01.30 14:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.30 14:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.30 14:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.30 14:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.30 14:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Users\Mietke\AppData\Roaming\*.tmp files -> C:\Users\Mietke\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.21 15:29:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.21 15:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.21 15:23:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 15:23:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 14:59:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mietke\Desktop\OTL.exe
[2013.02.21 14:18:02 | 001,474,544 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.21 14:18:02 | 000,639,210 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.21 14:18:02 | 000,604,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.21 14:18:02 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.21 14:18:02 | 000,108,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.21 14:11:47 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.02.21 14:11:35 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.21 14:11:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.20 21:10:42 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38A14B28-3686-4261-A0BB-BA949EC18DBC}.job
[2013.02.20 18:27:02 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.20 18:27:02 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.20 18:25:20 | 000,000,209 | ---- | M] () -- C:\Users\Mietke\Desktop\Battlefield Heroes.url
[2013.02.19 13:37:38 | 001,261,219 | ---- | M] () -- C:\Users\Mietke\Desktop\Koch.odp
[2013.02.18 22:07:45 | 000,020,614 | ---- | M] () -- C:\Users\Mietke\Desktop\Email-Liste.odt
[2013.02.14 12:05:57 | 004,815,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.08 12:00:00 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2013.02.07 19:03:07 | 000,255,457 | R--- | M] () -- C:\Users\Mietke\Desktop\Zimmer_FW_sprachl Gestaltung.pdf
[2013.02.06 15:57:34 | 000,000,788 | ---- | M] () -- C:\Users\Mietke\Desktop\DEFIANCE - Beta.lnk
[2013.02.04 09:23:12 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Mietke.job
[2013.02.03 22:02:15 | 000,000,904 | ---- | M] () -- C:\Users\Mietke\Desktop\TERA.lnk
[2013.02.02 23:16:21 | 359,586,499 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.02 18:34:51 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Play Firefall.lnk
[2013.01.31 16:33:38 | 000,009,853 | ---- | M] () -- C:\Users\Mietke\Desktop\Gw2 Handelstabelle.ods
[2013.01.30 14:01:19 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Mietke\AppData\Roaming\*.tmp files -> C:\Users\Mietke\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.20 18:25:20 | 000,000,209 | ---- | C] () -- C:\Users\Mietke\Desktop\Battlefield Heroes.url
[2013.02.17 17:41:32 | 001,261,219 | ---- | C] () -- C:\Users\Mietke\Desktop\Koch.odp
[2013.02.07 19:03:09 | 000,255,457 | R--- | C] () -- C:\Users\Mietke\Desktop\Zimmer_FW_sprachl Gestaltung.pdf
[2013.02.06 15:57:34 | 000,000,788 | ---- | C] () -- C:\Users\Mietke\Desktop\DEFIANCE - Beta.lnk
[2013.02.03 22:02:15 | 000,000,904 | ---- | C] () -- C:\Users\Mietke\Desktop\TERA.lnk
[2013.02.02 23:16:21 | 359,586,499 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.02 18:34:51 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Play Firefall.lnk
[2013.01.24 17:15:17 | 000,020,614 | ---- | C] () -- C:\Users\Mietke\Desktop\Email-Liste.odt
[2011.12.22 22:05:52 | 000,000,000 | ---- | C] () -- C:\Users\Mietke\AppData\Local\{51DBC201-423A-4A1C-9A40-1356F13C1E50}
[2011.08.27 22:43:55 | 000,009,374 | ---- | C] () -- C:\Users\Mietke\openssl.cnf
[2011.05.18 16:59:41 | 000,001,490 | ---- | C] () -- C:\Users\Mietke\.recently-used.xbel
[2011.04.30 21:19:13 | 000,084,760 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.04.20 11:29:45 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.11.15 17:31:17 | 000,000,000 | ---- | C] () -- C:\Users\Mietke\__ng3d.lock
[2010.08.15 13:49:11 | 000,000,094 | ---- | C] () -- C:\Users\Mietke\AppData\Local\fusioncache.dat
[2010.03.28 20:56:21 | 000,001,356 | ---- | C] () -- C:\Users\Mietke\AppData\Local\d3d9caps.dat
[2009.08.02 17:20:10 | 000,023,888 | ---- | C] () -- C:\Users\Mietke\AppData\Roaming\UserTile.png
[2009.07.25 23:20:32 | 000,000,902 | ---- | C] () -- C:\Users\Mietke\ICQ Password Changer.lnk
[2009.07.25 23:20:09 | 000,000,912 | ---- | C] () -- C:\Users\Mietke\ICQ 6 Password Hasher.lnk
[2009.05.19 20:52:34 | 000,075,264 | ---- | C] () -- C:\Users\Mietke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.28 17:55:19 | 000,001,460 | ---- | C] () -- C:\Users\Mietke\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.26 21:33:09 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\.minecraft
[2010.10.06 20:44:18 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\5006
[2010.11.03 21:50:38 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Akob
[2010.11.03 21:50:39 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Amhaki
[2010.01.08 14:06:51 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Amnaro
[2010.10.25 20:15:12 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Aruf
[2012.02.10 16:18:52 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\BigHugeEngine
[2010.11.03 21:50:45 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Bohu
[2010.11.03 21:50:45 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Byges
[2010.03.03 20:09:48 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Cayt
[2011.05.20 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.10.09 12:17:19 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Cigo
[2010.10.06 20:43:59 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\cock
[2011.05.20 14:20:14 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.04.20 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\DNA
[2012.06.25 10:38:57 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\DragonicaECB
[2012.01.09 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\DVDVideoSoft
[2011.09.21 21:35:12 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.07.27 05:12:02 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Ezqy
[2010.11.05 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\FOG Downloader
[2010.11.03 21:50:46 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Fokaod
[2012.02.20 15:35:36 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\FreePDF
[2010.01.16 22:18:24 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\GetRightToGo
[2011.05.18 16:57:22 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\gtk-2.0
[2010.11.15 17:20:56 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Hi-Rez Studios
[2012.09.25 22:39:36 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\ICQ
[2012.08.07 12:25:15 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Iminent
[2010.11.03 21:51:02 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Iptomy
[2011.02.06 18:09:12 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Iwkau
[2010.03.16 15:15:41 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\KeePass
[2010.11.03 21:51:02 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Kehe
[2010.03.22 22:37:55 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\kikin
[2010.11.03 21:35:07 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Lawo
[2011.05.01 20:08:46 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\LolClient
[2009.12.25 13:36:36 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\MobMapUpdater
[2009.08.04 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Nedem
[2011.08.30 21:29:44 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Nettalk
[2009.10.18 10:19:50 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\OpenCandy
[2010.12.05 15:15:23 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\OpenOffice.org
[2010.10.13 06:28:50 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Oqel
[2010.08.01 06:53:30 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Otovu
[2010.11.03 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Otowhu
[2009.11.16 16:29:19 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\PC Suite
[2009.08.02 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\PeerNetworking
[2010.04.16 16:23:14 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\ProtectDisc
[2012.01.03 11:57:24 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\PunkBuster
[2010.11.03 21:51:23 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Puuv
[2012.07.11 15:39:22 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Registry Mechanic
[2011.05.16 16:55:26 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Reviversoft
[2012.05.31 19:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\RIFT
[2011.11.30 23:12:20 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Riyk
[2011.07.06 16:21:21 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\runic games
[2009.11.16 15:56:53 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Samsung
[2012.06.08 15:20:22 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Songbird2
[2012.09.26 21:32:48 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\TS3Client
[2010.08.15 13:52:23 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Turbine
[2009.08.12 22:40:50 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Tyseh
[2012.01.06 23:43:29 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Ubisoft
[2011.12.01 15:41:06 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Ubyz
[2012.03.04 11:15:15 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Unity
[2010.06.19 09:36:36 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Usicc
[2009.06.06 23:45:26 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Utbeiz
[2010.11.02 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Utkea
[2010.11.03 21:51:27 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Uzoq
[2009.09.21 17:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Vihea
[2011.09.23 19:45:59 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\X-Chat 2
[2011.01.03 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\xmldm
[2010.11.03 21:51:41 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Yldohe
[2009.12.03 17:54:42 | 000,000,000 | ---D | M] -- C:\Users\Mietke\AppData\Roaming\Zylom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.03.28 12:35:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.11.10 18:32:03 | 000,000,000 | ---D | M] -- C:\1.2.2
[2010.04.03 18:28:30 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.02.13 21:51:58 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.05.08 16:59:51 | 000,000,000 | ---D | M] -- C:\Crash
[2009.08.27 18:48:01 | 000,000,000 | ---D | M] -- C:\CrashReport
[2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.04.28 17:53:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.02.21 22:21:43 | 000,000,000 | ---D | M] -- C:\Down
[2011.07.14 13:41:42 | 000,000,000 | ---D | M] -- C:\Download
[2010.05.30 11:11:43 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2010.08.15 20:42:06 | 000,000,000 | ---D | M] -- C:\forcefeedback
[2011.12.20 20:59:51 | 000,000,000 | ---D | M] -- C:\Games
[2011.03.28 14:24:04 | 000,000,000 | ---D | M] -- C:\HanbitOn
[2009.04.30 16:12:41 | 000,000,000 | ---D | M] -- C:\Intel
[2012.05.30 10:48:27 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.02.21 22:20:57 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.30 14:00:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.20 15:47:47 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.30 14:00:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.04.28 17:53:39 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.08.16 13:03:49 | 000,000,000 | ---D | M] -- C:\sounds
[2010.08.16 13:08:26 | 000,000,000 | ---D | M] -- C:\staticmeshes
[2010.08.21 15:55:48 | 000,000,000 | ---D | M] -- C:\system
[2013.02.21 16:06:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.08.16 13:18:12 | 000,000,000 | ---D | M] -- C:\systextures
[2011.03.15 14:59:55 | 000,000,000 | ---D | M] -- C:\t3fun
[2010.08.16 13:24:54 | 000,000,000 | ---D | M] -- C:\textures
[2012.07.10 14:37:12 | 000,000,000 | R--D | M] -- C:\Users
[2009.12.22 22:50:42 | 000,000,000 | ---D | M] -- C:\VivoxLogs
[2010.08.16 13:25:18 | 000,000,000 | ---D | M] -- C:\voice
[2013.02.07 11:52:16 | 000,000,000 | ---D | M] -- C:\Windows
[2009.10.26 15:11:04 | 000,000,000 | ---D | M] -- C:\_ISTMP1.DIR
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2006.11.02 16:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 16:42:03 | 000,032,558 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.12.03 18:01:22 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.12.03 18:01:22 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.09.23 15:32:30 | 000,000,526 | ---- | C] () -- C:\Windows\Tasks\One-Click Tweak.job
[2012.01.30 15:11:24 | 000,000,454 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for Mietke.job
[2012.05.30 11:09:12 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.01.09 19:44:08 | 000,000,440 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{38A14B28-3686-4261-A0BB-BA949EC18DBC}.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.04.20 17:29:56 | 000,394,776 | ---- | M] (Intel Corporation) MD5=8BD53925C5675BC9A5EFE12E2A42BE31 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.20 17:29:56 | 000,394,776 | ---- | M] (Intel Corporation) MD5=8BD53925C5675BC9A5EFE12E2A42BE31 -- C:\Windows\SysNative\drivers\iaStor.sys
[2008.04.20 17:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.05.18 16:59:41 | 000,001,490 | ---- | M] () -- C:\Users\Mietke\.recently-used.xbel
[2009.07.25 23:20:09 | 000,000,912 | ---- | M] () -- C:\Users\Mietke\ICQ 6 Password Hasher.lnk
[2009.07.25 23:20:32 | 000,000,902 | ---- | M] () -- C:\Users\Mietke\ICQ Password Changer.lnk
[2013.02.21 16:12:10 | 003,145,728 | -HS- | M] () -- C:\Users\Mietke\NTUSER.DAT
[2013.02.21 16:12:10 | 000,262,144 | -H-- | M] () -- C:\Users\Mietke\ntuser.dat.LOG1
[2009.04.28 17:55:16 | 000,000,000 | -H-- | M] () -- C:\Users\Mietke\ntuser.dat.LOG2
[2012.06.26 20:50:11 | 000,065,536 | -HS- | M] () -- C:\Users\Mietke\NTUSER.DAT{9bc13d54-b6e9-11e1-bfff-001ee5e1a5d7}.TM.blf
[2012.06.26 20:50:11 | 000,524,288 | -HS- | M] () -- C:\Users\Mietke\NTUSER.DAT{9bc13d54-b6e9-11e1-bfff-001ee5e1a5d7}.TMContainer00000000000000000001.regtrans-ms
[2012.06.15 21:38:45 | 000,524,288 | -HS- | M] () -- C:\Users\Mietke\NTUSER.DAT{9bc13d54-b6e9-11e1-bfff-001ee5e1a5d7}.TMContainer00000000000000000002.regtrans-ms
[2013.02.21 13:37:31 | 000,065,536 | -HS- | M] () -- C:\Users\Mietke\NTUSER.DAT{bab5bcc6-c063-11e1-9b97-001ee5e1a5d7}.TM.blf
[2013.02.21 13:37:31 | 000,524,288 | -HS- | M] () -- C:\Users\Mietke\NTUSER.DAT{bab5bcc6-c063-11e1-9b97-001ee5e1a5d7}.TMContainer00000000000000000001.regtrans-ms
[2012.06.27 15:38:00 | 000,524,288 | -HS- | M] () -- C:\Users\Mietke\NTUSER.DAT{bab5bcc6-c063-11e1-9b97-001ee5e1a5d7}.TMContainer00000000000000000002.regtrans-ms
[2012.06.14 12:06:45 | 000,065,536 | -HS- | M] () -- C:\Users\Mietke\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.10.07 12:10:35 | 000,524,288 | -HS- | M] () -- C:\Users\Mietke\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2012.06.14 12:06:45 | 000,524,288 | -HS- | M] () -- C:\Users\Mietke\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2009.04.28 17:55:16 | 000,000,020 | -HS- | M] () -- C:\Users\Mietke\ntuser.ini
[2009.07.23 16:39:12 | 000,009,374 | ---- | M] () -- C:\Users\Mietke\openssl.cnf
[2010.11.15 17:31:17 | 000,000,000 | ---- | M] () -- C:\Users\Mietke\__ng3d.lock
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Mietke\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D20FFA63
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B1FBBD09

< End of report >
__________________
Alt 21.02.2013, 16:49   #4
Lukas1234
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


Und hier der zweite.

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.02.2013 16:04:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mietke\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19400)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,07% Memory free
8,18 Gb Paging File | 6,12 Gb Available in Paging File | 74,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 16,59 Gb Free Space | 16,99% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 462,45 Gb Free Space | 55,46% Space Free | Partition Type: NTFS
 
Computer Name: MIETKE-PC | User Name: Mietke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 9D FD 95 07 53 D3 CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{122AAA2D-6E6F-439B-8E98-F0F3623A66A0}" = lport=80 | protocol=6 | dir=in | name=80 | 
"{16B80F8C-A9EC-4215-8513-DD55EA680666}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1AC9981D-8B34-45D1-BE34-0346A61B1D48}" = rport=138 | protocol=17 | dir=out | app=system | 
"{30A0FF71-075E-4CA4-BD3C-C06AA544BCE8}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface | 
"{32BF6F53-7171-4C82-A9B1-5EF2FA175BC5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{473B54CA-07A7-49FB-96FD-EFFD660B9CAC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{610C3A41-D8B2-474C-A035-4AABB9476A76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6552DB67-DC1E-4E39-AB14-5E5AB756BE5D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{690F2164-3C58-4EA9-ABC1-789252A019A0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{752D0D2E-E94F-4866-BB03-26DA6AE7B79C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{760D1A8B-D081-4A2E-9C38-FFEED2B6FB32}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7801EF9E-C5BF-472D-8DDB-46E55F6C9C32}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{7F8A49B4-585F-4A1F-AA84-7CFC0F3ABD30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{8C3D9147-F76F-4125-9129-DC832D658B99}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8D21325F-6512-4EA5-812F-59659159F8B7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8FEC2E8A-3C5E-40C9-93F7-DEC09772CFA1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{96A8DCAC-3119-4E53-BB01-684C9F41455E}" = lport=443 | protocol=17 | dir=in | name=443 | 
"{9E10A676-5505-4433-B2A7-8FFD8B1739E8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A1C3FA18-DFBB-451D-A7EA-95CFE9D8C0F5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A8DF3D30-AFAF-40B7-B593-49C79B3CDD01}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB8C7FA2-B46C-4978-B0FB-EAB176D3490B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AF334440-3098-4D58-96DE-D1B4CF7D0877}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B9792C3D-7359-46BE-BD45-05DF06E96140}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BD04CC98-F19E-449A-9552-F400A5587FAC}" = lport=6112 | protocol=6 | dir=in | name=6112 | 
"{C70B5DB9-1C9A-4208-A017-08EF867FFB84}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CCDE89E1-2D65-49C3-8750-391938773CA2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9DE6AE1-586C-4B5D-B585-5DFFA2717DA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DECDD96D-1C8B-4480-A693-F0E0876AC4BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E527D0E2-1875-4AFF-930F-173307D3EA2A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EC2493FE-9E52-4C17-AEDC-D9274D26DDB1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{ED866B5E-3D1B-48B4-ADC1-3BB628342B8D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F4294954-64B1-4E78-A0B4-F5E3AB722892}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FC95C9DA-F2F7-4917-91AB-0F0AFBD615C2}" = lport=6600 | protocol=6 | dir=in | name=6600 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00422E22-5646-4239-BCE9-61ED840189CD}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{02016DD0-ADD5-4991-90DE-1D8B106AD6C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{02A60A59-5D20-483A-A56C-1B8B689B5A3C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{02AC291F-3011-4511-8C88-BEE28392B2A4}" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{0300E943-2DE6-497B-ACCA-75474A6AED75}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{073AD34B-BF88-4F73-98C6-1DB7FF5B14A2}" = protocol=17 | dir=in | app=d:\program files (x86)\acrmp.exe | 
"{08C939F0-053A-4B05-8EC6-7E4C477DB0F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{095C44E8-36F6-48E2-A674-272D10330222}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{09D4B54C-B3E8-49E6-B809-C3AA4CC643BE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{0CD32F72-7D1F-41B3-849E-DA19E219CAE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0DDC88CB-431D-480A-89F5-07F7D60C64DF}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{0E9072B7-3167-4984-AAB1-4EA8C1EA12EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0FD7C1AE-85BA-41E2-AECD-394617DAF3E3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{12DBBBD4-B773-475C-97CE-65340ED71B49}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{137025F3-E3BD-43A9-8A9A-6143E1A0CAA8}" = protocol=6 | dir=in | app=d:\program files (x86)\wow\world of warcraft\launcher.exe | 
"{15C94F45-4572-42AC-AEA1-FB75102FA71A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{16C69E7F-DEAB-4D1B-8992-37DBE7DAE046}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{1A15982B-14FB-43CF-9B54-A093854F4834}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{1AAB6D1A-F861-4F18-9C69-35FA3E8FDF16}" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"{1E33BC22-1467-4F7C-9A29-E198C0FACED5}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{1E9A6955-923F-4273-8078-39DCB8C29809}" = protocol=6 | dir=in | app=d:\program files (x86)\wow\world of warcraft 3.3.5a\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{1E9A8DA2-3863-432A-AE47-4CAC05FD240D}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{1EE7B44A-4200-4A61-9AF0-9B0012CF35ED}" = protocol=17 | dir=in | app=d:\program files (x86)\assasins creed revelations\acrmp.exe | 
"{1FE062FB-5C43-41F9-B9A2-20249B15EEF7}" = protocol=6 | dir=in | app=d:\program files (x86)\assasins creed revelations\acrsp.exe | 
"{20CC9CBB-3153-465C-9A81-14FBF5A7C2EE}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{2222EE8E-8398-494B-8CC3-B36ED22FF89B}" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{223F503F-D241-4380-A104-70CCCB1A4CF2}" = protocol=6 | dir=in | app=d:\program files (x86)\wow\world of warcraft\launcher.patch.exe | 
"{224E9D27-978B-4169-B3B7-B03DC2C24B1E}" = protocol=6 | dir=in | app=d:\program files (x86)\neuer ordner\assassinscreedii.exe | 
"{22660AC9-BEA0-4C3F-9E07-061C79002A3F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{23BEB22E-64BF-4BD0-9489-839E1765C997}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{2417018A-DE4D-4BFF-9968-F0C138E2841A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{270E2F5B-801A-4233-82BD-5F3612773E78}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{28828682-40E3-496E-8C62-265B595A6624}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{297D2036-E93D-439D-A997-08964D018F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{2ADDF77A-E734-47F1-B7A1-4A27D038D79F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{2D674A93-78E2-4C2E-80D5-CD092A65498C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2DACBCE7-7ED7-495E-8008-36036BA2DA83}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{30A6A474-6C7F-4E3C-AB3C-F3095C90CE76}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{327DC022-2406-48E0-849E-E0F4D6FF2751}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{3351A289-B133-4DB9-94C9-339A481678F3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{359D9865-7823-4CC8-A605-3A2DA2593B30}" = protocol=17 | dir=in | app=d:\program files (x86)\ac brotherhood\acbsp.exe | 
"{38B8430E-1943-4E58-A21C-89EBD214E067}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3A032246-1821-4404-8F7C-8F823DC37482}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{3A71D473-DBD7-48D2-95B0-B07D5CD6DB24}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{3C6DC44F-2A57-4E8F-AA65-82ECCBB0BAB7}" = protocol=17 | dir=in | app=d:\program files (x86)\ac brotherhood\uplaybrowser.exe | 
"{3E457B84-B664-488F-837F-9410C32F4B3E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3E716F60-12E4-4E5D-811A-0C4608518FB1}" = protocol=6 | dir=in | app=d:\program files (x86)\sacred 2\system\s2gs.exe | 
"{3F184B12-ED96-42AB-9DB9-E2EEED18B48C}" = protocol=17 | dir=in | app=d:\program files (x86)\wow\world of warcraft\launcher.exe | 
"{3F5E160A-A357-476A-B0B6-79A3BC1096E6}" = dir=in | app=c:\users\mietke\documents\the war z\warz.exe | 
"{418A3655-B732-43B7-970E-CA4897C72992}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{41E94682-6F32-4EB0-A3A5-31A5CA202A20}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{4354104E-0957-41F6-9C8D-63848E12399F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{4396D046-0C11-449E-BFCF-2C169811AC83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{44E24F0E-0AC2-4C2C-8FEF-B7C16FD9DFD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{45653469-F2E5-46F3-B5B2-87C4F3DDC1B2}" = protocol=17 | dir=in | app=d:\program files (x86)\assasins creed revelations\assassinscreedrevelations.exe | 
"{4617717D-D95F-4293-AE63-5353209725B2}" = protocol=6 | dir=in | app=d:\program files (x86)\sacred 2\system\sacred2.exe | 
"{461E8412-899C-42DA-B51C-D44F3CB84D67}" = protocol=17 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii\diablo iii.exe | 
"{46616836-B707-42EB-92FD-9EB2B31D37B2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{48D49006-08A8-456D-A31E-A49210F0B270}" = protocol=6 | dir=in | app=d:\program files (x86)\assasins creed revelations\assassinscreedrevelations.exe | 
"{4A45BA93-F1CF-47E4-BA68-68000DEF4EE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B6EDCF6-9762-46EF-BC93-ABA28A2FE191}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{4F98365A-9817-470C-8960-22DAD0AB48D8}" = protocol=6 | dir=out | app=system | 
"{4FA9E540-9435-45CD-B858-5A499C099CBC}" = protocol=17 | dir=in | app=d:\program files (x86)\neuer ordner\assassinscreedii.exe | 
"{4FD4C054-19F0-4CFE-AD84-1A1BBC31BB51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{50D434D8-4321-4305-BD5D-19C52CD48E21}" = protocol=17 | dir=in | app=d:\program files (x86)\sacred 2\system\s2gs.exe | 
"{5100DCC4-AE56-4FEA-8E6C-518A6906E51C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5767D03C-1DA1-49A1-9F12-A9EF1BC0258B}" = protocol=6 | dir=in | app=d:\program files (x86)\ac brotherhood\assassinscreedbrotherhood.exe | 
"{5B6A24D7-1BC5-4772-8A60-A3B6EC092501}" = protocol=6 | dir=in | app=d:\program files (x86)\ac brotherhood\acbmp.exe | 
"{5EA8FDA3-7458-4672-93A9-A98F1A21C540}" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.exe | 
"{5F6A4CE9-EFA3-4F8E-A04C-576F2209B400}" = protocol=6 | dir=in | app=d:\program files (x86)\assasins creed revelations\acrmp.exe | 
"{630F2D3C-FEEB-4D42-85BA-D444A0AC8626}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{67D3696E-06BC-4160-83CD-27D10691B0C3}" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.exe | 
"{69F2D80D-C813-486B-872A-C740A54AD12F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6BA485B7-0D34-441C-B4D2-BBD3E2414C74}" = protocol=17 | dir=in | app=d:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | 
"{6C77CADC-6F0C-418C-93C6-185A8F9BED95}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{6E391E5B-D922-4CE0-AB56-715C0E1840D4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{6FA95A42-09AF-4501-B6F1-330222FCCE33}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{755CD24F-A3CD-4581-A6B0-34242FCC9B8D}" = protocol=17 | dir=in | app=d:\program files (x86)\wow\world of warcraft 3.3.5a\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{78EB0E66-37CC-4793-8986-5FC6C3E2124E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{7A17D88D-0D22-40BB-A0DE-7C0404FBA2D8}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{7D1E4466-1240-4809-80A3-98FAA3C8AD47}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{7E496F92-AC80-4656-B1E2-21E57523C841}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{80E5DAB6-A70D-4614-9048-5327BA59843B}" = protocol=6 | dir=in | app=d:\program files (x86)\ac brotherhood\acbsp.exe | 
"{86F967E5-957C-43BE-A65F-C297CC535F7A}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{8779F16D-20D2-4BE8-82BC-B44F4931B9AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{89131592-4C9F-4408-A79C-9250BE756803}" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.exe | 
"{8AC4713F-85B8-4DF7-B80B-A34D5485415F}" = protocol=6 | dir=in | app=d:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | 
"{8B07CEF5-0C0A-4798-BDBF-F474F4C6C299}" = protocol=6 | dir=in | app=d:\program files (x86)\neuer ordner\assassinscreediigame.exe | 
"{8B21BC8E-22EE-48F2-863E-6752F40AC298}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{8C12DA00-F3A3-499E-B1E6-1D01E332B1B8}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{8D1C6FD8-A58B-4FFB-815A-D6EA8B09EEB8}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{8E5148BC-D004-49FA-9550-C7316065AAAC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{8E517092-1E96-43DE-9DAA-9C507519E3EE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{8FEA12CC-ED05-4A16-9F6B-67C9EEB80CF1}" = protocol=17 | dir=in | app=d:\program files (x86)\neuer ordner\assassinscreediigame.exe | 
"{981BE964-C4C6-4240-925D-3A6C0C1FB6A5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{995B7B85-5811-478D-866A-C380950AAC86}" = protocol=17 | dir=in | app=d:\program files (x86)\ac brotherhood\acbmp.exe | 
"{9BB0BBEC-BB64-4219-9AEB-937793272ACB}" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{9C32A715-8180-4B90-B5E4-7FDF4C046838}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{A1208F18-A214-456D-8D00-EDB2621CC693}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{A1BF98F2-4584-4060-AFEE-D959527CF0C9}" = protocol=17 | dir=in | app=d:\program files (x86)\sacred 2\system\sacred2.exe | 
"{A20D38CB-A043-4080-A8AC-45082DB16E01}" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.exe | 
"{A430D13E-EE71-4849-8111-AABCCEC81BE6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A7473C6E-F49E-4B9F-98CD-5461DC490731}" = protocol=6 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii\diablo iii.exe | 
"{AA677B7F-F6EF-46BE-9EA2-C2D39E66882B}" = protocol=6 | dir=in | app=d:\program files (x86)\acrmp.exe | 
"{ACAB93CD-06D5-4ABC-8D6A-4BCEA3EE8C15}" = protocol=17 | dir=in | app=d:\program files (x86)\ac brotherhood\assassinscreedbrotherhood.exe | 
"{AFDFEDD2-CA86-4D90-A55D-75DBD556B67B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B216A7C5-3BE4-487E-8B18-B11029905BD6}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{B256903B-3599-4693-935D-518B7BDF1B00}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3FC3E7E-76E2-4E59-891C-0665FFDCD2B8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{B457A1D7-61F1-4E78-A2FE-C5D1F8C11338}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B582423E-AE76-4515-8F5D-33AF33802689}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{B58D2FF8-B11A-47A7-9EEB-0B60CD55325F}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{B9574416-C207-4EBF-980F-F4585D7FBC68}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{B9C659E2-6B9B-4D3E-BD0B-3F4B3E9A5849}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{BD254C76-21D7-4BB2-BA56-147F1664861D}" = protocol=6 | dir=in | app=d:\program files (x86)\ac brotherhood\uplaybrowser.exe | 
"{BE269C0B-B7D1-42DB-AC54-537E901C53EA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C3BCDB93-1C51-4CC3-99E4-C5C3A6404D54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA01AF18-72FB-44ED-A0A1-CA58F235730E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC14FB1C-EB89-4F55-938F-3A2A4200652C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{CD4C51AA-0234-49E8-B85F-B23C6B6B73EC}" = protocol=17 | dir=in | app=d:\program files (x86)\wow\world of warcraft\launcher.patch.exe | 
"{CE661D62-51FC-4A4B-8359-F4E2EFB3908C}" = protocol=17 | dir=in | app=d:\program files (x86)\the secret world\the secret world\clientpatcher.exe | 
"{D086F8D9-D68E-4E61-AEB7-4AE978CB5D73}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{D2B15D91-C452-4C17-A211-3C2D14B83121}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D306FB45-7AC2-45E9-B596-281DF7558E49}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D31C9792-382D-493A-9A40-B91625AA92D6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{D5FABB7B-06D1-46B9-B7CC-20DCDED6D777}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{D8C17D2A-A39B-498E-A14F-C9E07C8E15C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"{D954B6DC-B90E-47DF-8471-2337D172FF11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DC5B9889-4D9B-4007-8470-E0DC9B172CCD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DC7593F4-A39E-4264-A587-329FC38C049B}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{DD2CDD4C-7DEF-4B6D-AAD9-865452A464E2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DDDA5300-131C-4B35-AF80-1D5D226B5644}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DE52241B-7F2C-4FCE-A7D8-87B2E4982805}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{DEFACD4E-A16C-4F79-A0C7-11C2480B2B43}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E77420CB-FCD5-45B3-8027-734EA5472E29}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{E7B8C834-F6E7-417B-973C-84320DDE3529}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E9D8ADF6-FDE0-4783-8639-CB1864928BF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EC212DB7-7726-4E56-9FF4-33F7B74B00C6}" = protocol=6 | dir=in | app=d:\program files (x86)\the secret world\the secret world\clientpatcher.exe | 
"{EEAA4BF2-F07F-44D9-982D-1F5EF5B34E6F}" = protocol=17 | dir=in | app=d:\program files (x86)\assasins creed revelations\acrsp.exe | 
"{F0461068-F068-4E2E-8BBD-F7A83F7AD1C9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{F4AFE3C2-5199-4107-A9C9-AA587FE6E96C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F53DE81C-0679-42CB-875E-D18CDA6346B2}" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{F5F336FC-E477-4057-A0F1-BD98AB9F675E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F78B0CC2-6611-410C-821C-124954D8A82A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{F9A4CA0D-60BB-4562-808E-7EFB811160B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FAA59D2A-9F9A-4F77-8A5B-AA14DFF15891}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FB44856E-9A6A-4DE6-A135-6AE9B2897E9F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{FD077FDA-1A1C-46F7-891E-C504A5398E8D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{FE78C3D2-23EB-4C81-BDF3-45CEEE3EEB32}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"TCP Query User{0055F7C3-C9B4-4D96-94BC-60D983F013E7}C:\users\public\games\runic games\torchlight 2 beta\tl2.beta.launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\runic games\torchlight 2 beta\tl2.beta.launcher.exe | 
"TCP Query User{045FDB31-93BE-4922-82AF-C2EE9D5B992D}D:\program files (x86)\tera\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tera\tera\tera-launcher.exe | 
"TCP Query User{0C5AD6A6-FA29-415F-9B5D-D52E13D92295}C:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe | 
"TCP Query User{0CC0A3F4-5A5B-45A2-BE59-9069456AB5D3}D:\program files (x86)\lan\cs\hl.exe" = protocol=6 | dir=in | app=d:\program files (x86)\lan\cs\hl.exe | 
"TCP Query User{1BB82989-7113-4C03-91DD-B07BE29ABE83}D:\program files (x86)\ac brotherhood\acbsp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ac brotherhood\acbsp.exe | 
"TCP Query User{1E58BE57-E704-4C73-BCFD-EAF1B3ECC40B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{2445AE74-255F-422B-8B7A-D5C1042CF8B4}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"TCP Query User{31351099-3341-45A7-BEC8-D6E925CEE6C8}C:\users\mietke\desktop\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\users\mietke\desktop\funcom\age of conan\conanpatcher.exe | 
"TCP Query User{37B92F23-7C32-4DFB-BBC0-78DD92DBDE5D}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"TCP Query User{38BBACF2-925D-40FB-A110-99172ACE7C35}C:\users\mietke\desktop\gw2.exe" = protocol=6 | dir=in | app=c:\users\mietke\desktop\gw2.exe | 
"TCP Query User{38C544CE-5676-47E9-986A-67F5DAF0B751}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"TCP Query User{38ED5F6F-37EA-4DC2-B45A-5090B9D1EA44}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{39630308-A61D-4D36-81DD-78BB43E5D034}C:\users\mietke\downloads\gw2.exe" = protocol=6 | dir=in | app=c:\users\mietke\downloads\gw2.exe | 
"TCP Query User{3C9844CE-3F55-4C1B-953B-DEF5A5B3AEA8}C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"TCP Query User{3DB29C4A-8068-42D3-B3D2-D7512733A012}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{3EAC8E07-5641-469D-955A-8B8E678ACD57}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{3F0EFE39-6F93-4DF6-B1BA-D502957BF5C1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{40520A68-DE26-4586-BD67-5A761112C483}D:\program files (x86)\diablo iii\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii\diablo iii.exe | 
"TCP Query User{46D2CBEE-BF63-42BA-A5B7-9690C9063A55}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe | 
"TCP Query User{4EC5AC1F-4C33-468F-888B-6C3811ACB7F2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{520D549F-A78F-463D-8FA1-8357B5F79329}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe | 
"TCP Query User{52409037-6D08-414D-8ACD-D6983DEC97D8}D:\program files (x86)\tera\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tera\tera\tera-launcher.exe | 
"TCP Query User{56056887-F101-48CE-B0ED-3978A3BC5C7F}C:\users\mietke\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mietke\program files (x86)\dna\btdna.exe | 
"TCP Query User{5E9B5861-B482-4691-A376-C0FE69AC6796}D:\program files (x86)\lan\warcraft\war3.exe" = protocol=6 | dir=in | app=d:\program files (x86)\lan\warcraft\war3.exe | 
"TCP Query User{5F8DEE61-2BF8-425F-B266-EA8C38832695}D:\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\der herr der ringe online\lotroclient.exe | 
"TCP Query User{5FD1EF46-3615-459A-A0D9-F0AD7759F6D9}D:\program files (x86)\ac ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ac ii\assassinscreediigame.exe | 
"TCP Query User{67E83D7F-8BE0-4818-AEB9-BFAFCF88D8FA}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"TCP Query User{6943A8CB-4B57-4FCC-BE72-5809A75134D8}C:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe | 
"TCP Query User{704B4E3B-E7C6-4485-BFC3-81AF61C17539}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe | 
"TCP Query User{7181EDC0-3BE9-4EB2-B639-F8CBD5556BE9}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{71EC83D6-19B1-4132-89D0-7C5826FAF226}C:\users\mietke\downloads\diablo-iii-setup-dede(1).exe" = protocol=6 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede(1).exe | 
"TCP Query User{74FD9176-AB72-43CA-A792-6A3792C6BFD8}D:\program files (x86)\games\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=d:\program files (x86)\games\global agenda live\binaries\globalagenda.exe | 
"TCP Query User{7810EE1C-F5F5-4ABF-9A02-1D6CF7A2E229}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{7ED19A5B-C924-400B-A1BD-8792169D572B}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 
"TCP Query User{7F50859E-2AF2-4DD8-8B2B-51136A25CB2F}D:\program files (x86)\guild wars 2\gw2(1).exe" = protocol=6 | dir=in | app=d:\program files (x86)\guild wars 2\gw2(1).exe | 
"TCP Query User{80DC45BB-5538-4AB8-A258-7FA1B97D8E70}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{8256D58C-60A7-4C53-824E-15A6E92CC496}D:\program files (x86)\lan\cs\hl.exe" = protocol=6 | dir=in | app=d:\program files (x86)\lan\cs\hl.exe | 
"TCP Query User{83637D34-4C5F-4486-A9A6-FA56218FC7D6}D:\program files (x86)\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\planetside 2\planetside2.exe | 
"TCP Query User{863EB155-E72A-4248-B8C6-A0445F29E82B}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{88ED6C11-5555-4AEC-9C4A-691727BDC621}D:\program files (x86)\assasins creed revelations\acrpr.exe" = protocol=6 | dir=in | app=d:\program files (x86)\assasins creed revelations\acrpr.exe | 
"TCP Query User{8A87C4C5-0E8A-4F45-9344-8A4CBD63C1F9}C:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe | 
"TCP Query User{8C9EA17D-D702-40BB-BA74-6A043A2D6BAF}C:\users\mietke\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede.exe | 
"TCP Query User{8DA5322D-4FF9-469D-AE81-E920E8A9B3E1}D:\program files (x86)\firefall\system\bin\firefallclient.exe" = protocol=6 | dir=in | app=d:\program files (x86)\firefall\system\bin\firefallclient.exe | 
"TCP Query User{8FE7D32E-5F16-441F-8E0B-A02321D8FFA4}C:\users\mietke\desktop\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\users\mietke\desktop\funcom\age of conan\ageofconan.exe | 
"TCP Query User{9188DE74-6822-479E-B89D-58D52C7E42FD}C:\users\mietke\downloads\diablo-iii-setup-dede(2).exe" = protocol=6 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede(2).exe | 
"TCP Query User{92B3CA12-AB58-4E60-84F9-68427C28366D}C:\users\mietke\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mietke\program files (x86)\dna\btdna.exe | 
"TCP Query User{9544EC87-E219-4168-9ABD-A23A4AF2EB68}C:\users\mietke\downloads\diablo-iii-setup-dede(3).exe" = protocol=6 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede(3).exe | 
"TCP Query User{96D03992-B15E-4811-BEB1-69727EE1529B}C:\users\mietke\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\mietke\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{99546314-C652-496B-A897-10800E6433C6}D:\program files (x86)\loco\alaplaya\system\loco.exe" = protocol=6 | dir=in | app=d:\program files (x86)\loco\alaplaya\system\loco.exe | 
"TCP Query User{AA8FCD32-1621-4663-9770-8EF31A4540D5}C:\users\mietke\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede.exe | 
"TCP Query User{ABCC4AA7-FD90-4F97-A80C-EDC7B08DC706}D:\program files (x86)\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\age of conan\conanpatcher.exe | 
"TCP Query User{ABEEE888-C2F7-4C4B-BAB8-0F639EBE2FF5}D:\program files (x86)\wow\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\program files (x86)\wow\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{B0A8FB15-06F8-46CA-885F-8D8E02E28529}C:\users\mietke\appdata\local\temp\dsoclient\app.n3app" = protocol=6 | dir=in | app=c:\users\mietke\appdata\local\temp\dsoclient\app.n3app | 
"TCP Query User{B25973AD-ED9E-4088-9638-DA97AE421A4C}D:\program files (x86)\dc universe\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=d:\program files (x86)\dc universe\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{B953D6F6-F390-42CB-9F7B-CA8D1363133A}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"TCP Query User{D5389D9B-9DE5-44E9-BA8E-5168A0370125}C:\users\mietke\desktop\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\users\mietke\desktop\funcom\age of conan\conanpatcher.exe | 
"TCP Query User{E0F0C799-065D-4CDE-9CE0-7A70FFBA8AB9}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"TCP Query User{E89B8545-58F2-4110-992D-E6050CC8C928}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"TCP Query User{EB9300FF-54D3-4846-8947-07566F8CB274}C:\users\mietke\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\mietke\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{F5336F2F-28CF-492F-9FB5-0685510FDC99}C:\users\mietke\downloads\diablo-iii-setup-dede(1).exe" = protocol=6 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede(1).exe | 
"UDP Query User{0EA3A69C-411C-41BC-A9DC-46000B5CCB77}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{133476A7-EC82-4184-9207-2F678A63B093}D:\program files (x86)\lan\cs\hl.exe" = protocol=17 | dir=in | app=d:\program files (x86)\lan\cs\hl.exe | 
"UDP Query User{15753EFC-AE28-4657-B832-B425662FFA08}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"UDP Query User{15D5D84E-B655-4370-A1F3-98787D72939C}C:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe | 
"UDP Query User{1788B2AB-25F5-4B52-86C6-726415D6297D}D:\program files (x86)\assasins creed revelations\acrpr.exe" = protocol=17 | dir=in | app=d:\program files (x86)\assasins creed revelations\acrpr.exe | 
"UDP Query User{1B8D03F6-3678-4718-9776-4B633DDBA030}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe | 
"UDP Query User{25307595-B031-4D7A-B5B0-634B60E31E7C}C:\users\mietke\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede.exe | 
"UDP Query User{2548434B-E8C7-4B1B-B370-D76C46F292AD}D:\program files (x86)\loco\alaplaya\system\loco.exe" = protocol=17 | dir=in | app=d:\program files (x86)\loco\alaplaya\system\loco.exe | 
"UDP Query User{26710288-5625-4E6A-A04E-463AE84AF134}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe | 
"UDP Query User{28B27BB4-0C70-499B-8815-BCBFAC3217D1}C:\users\mietke\desktop\gw2.exe" = protocol=17 | dir=in | app=c:\users\mietke\desktop\gw2.exe | 
"UDP Query User{2E910192-C0DB-4998-9633-C91792DB3BC1}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{342206FD-1CF4-4866-AE79-FA9A419E81B3}D:\program files (x86)\ac ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ac ii\assassinscreediigame.exe | 
"UDP Query User{36627D58-32C0-4C51-A956-3FE1A43A92F0}D:\program files (x86)\games\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=d:\program files (x86)\games\global agenda live\binaries\globalagenda.exe | 
"UDP Query User{41D3642B-8EB5-476F-92FA-2652F8794046}D:\program files (x86)\lan\warcraft\war3.exe" = protocol=17 | dir=in | app=d:\program files (x86)\lan\warcraft\war3.exe | 
"UDP Query User{436AF128-A2A8-4590-A437-6C8E1F828C0D}D:\program files (x86)\tera\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tera\tera\tera-launcher.exe | 
"UDP Query User{45F020F9-0117-49B2-B921-70F54BE5B944}C:\users\mietke\downloads\diablo-iii-setup-dede(2).exe" = protocol=17 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede(2).exe | 
"UDP Query User{466D1F6F-D8EE-4A65-A89C-979F373A97C9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{4A5FFA62-AB20-426B-AEB9-D0B84E0457F5}C:\users\mietke\downloads\gw2.exe" = protocol=17 | dir=in | app=c:\users\mietke\downloads\gw2.exe | 
"UDP Query User{507A1CC8-7498-4969-B5F5-BAEC6F6A4DBD}D:\program files (x86)\dc universe\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=d:\program files (x86)\dc universe\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{52FF089C-5491-464D-AA18-CCFB9838DB6E}C:\users\mietke\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\mietke\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{5C7E00E3-510B-47AE-8F01-C87EFA436D7D}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{5DF9EFD1-A349-489D-A4D4-3E7D59C3BCFB}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{62E33FB9-8B6D-446D-94DB-E902E63646C8}C:\users\mietke\desktop\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\users\mietke\desktop\funcom\age of conan\conanpatcher.exe | 
"UDP Query User{64970E59-17AC-4154-B408-D5F3FA9FAB18}D:\program files (x86)\guild wars 2\gw2(1).exe" = protocol=17 | dir=in | app=d:\program files (x86)\guild wars 2\gw2(1).exe | 
"UDP Query User{68A1FA23-3286-4464-9EE6-A4A39A15CB1F}C:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe | 
"UDP Query User{6954CD05-960A-464B-AFFC-1B968186E9AD}C:\users\mietke\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mietke\program files (x86)\dna\btdna.exe | 
"UDP Query User{6EA23496-FF46-4886-B6C3-4827CDE1F446}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe | 
"UDP Query User{721C050D-7C03-446D-8B0E-9118D3FE37ED}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{78FECB18-A4B4-44AB-8B5B-DD513209633E}C:\users\public\games\runic games\torchlight 2 beta\tl2.beta.launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\runic games\torchlight 2 beta\tl2.beta.launcher.exe | 
"UDP Query User{7E50503F-2AB8-4E61-B8B8-49272917D87A}C:\users\mietke\downloads\diablo-iii-setup-dede(1).exe" = protocol=17 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede(1).exe | 
"UDP Query User{7F45056F-BEF4-4CD8-9AF4-81C68EE6AE54}C:\users\mietke\downloads\diablo-iii-setup-dede(3).exe" = protocol=17 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede(3).exe | 
"UDP Query User{7F88F28E-2056-44B7-8C72-6CBFD8CC6BE4}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"UDP Query User{7FD107CF-A0D7-469C-88A7-0247EABA4B5A}D:\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\der herr der ringe online\lotroclient.exe | 
"UDP Query User{81AA9E81-5109-4922-BF5E-E6C1F3768435}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"UDP Query User{84FC2E95-C5B3-4F4A-8394-FD4E12E34369}D:\program files (x86)\lan\cs\hl.exe" = protocol=17 | dir=in | app=d:\program files (x86)\lan\cs\hl.exe | 
"UDP Query User{89034CC9-A947-4257-ADE7-FCDCD8E648ED}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{8D672767-B243-425A-8617-60223390A1A8}D:\program files (x86)\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\age of conan\conanpatcher.exe | 
"UDP Query User{8F0ED4CE-61EB-4783-B360-230026030509}D:\program files (x86)\wow\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\program files (x86)\wow\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{92E33265-9104-4C94-8C89-62F25C635DF0}D:\program files (x86)\ac brotherhood\acbsp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ac brotherhood\acbsp.exe | 
"UDP Query User{943E141F-EAD8-47C6-B4A9-F6ECBCE7123F}D:\program files (x86)\diablo iii\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii\diablo iii.exe | 
"UDP Query User{9D23EF9F-C013-47B7-A11F-F54D0B2B33F2}C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"UDP Query User{9FEE2C56-294C-4D53-9480-4F7AB42EA2B0}D:\program files (x86)\firefall\system\bin\firefallclient.exe" = protocol=17 | dir=in | app=d:\program files (x86)\firefall\system\bin\firefallclient.exe | 
"UDP Query User{A5554A27-2A3B-4354-A4B6-117FC81ACCE1}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"UDP Query User{A7DDB418-2DDD-4224-A372-92D0BA9D1E91}D:\program files (x86)\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\planetside 2\planetside2.exe | 
"UDP Query User{AA06FBA0-4D46-4067-838F-E55FD9D9CF8F}C:\users\mietke\downloads\diablo-iii-setup-dede(1).exe" = protocol=17 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede(1).exe | 
"UDP Query User{AB88AF3D-8C5B-47E4-B3B6-51B1350F1CF1}C:\users\mietke\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\mietke\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{B765E87C-FF6D-42E9-A5C7-B5DF435E7765}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"UDP Query User{B7867310-B8B6-48A1-9896-5CEAF9ADAF0F}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"UDP Query User{BD0285DF-23FF-4AFB-99A8-4C7059E7DD5F}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{C3DA8F8F-4D7A-4F28-8473-B7056C27B468}C:\users\mietke\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\mietke\downloads\diablo-iii-setup-dede.exe | 
"UDP Query User{C52734D7-D04F-4063-854E-B03DBA938B6B}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 
"UDP Query User{C58F49F0-5F82-424D-BF7D-F1ACCAC4CF46}C:\users\mietke\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mietke\program files (x86)\dna\btdna.exe | 
"UDP Query User{D73996AA-F4EA-472D-B4E0-EC60D20F73E8}C:\users\mietke\appdata\local\temp\dsoclient\app.n3app" = protocol=17 | dir=in | app=c:\users\mietke\appdata\local\temp\dsoclient\app.n3app | 
"UDP Query User{D7A4C968-4839-45E3-85EF-B283B77ED767}D:\program files (x86)\tera\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tera\tera\tera-launcher.exe | 
"UDP Query User{D8EE98A5-CC26-4F8B-A08C-9778DCFFDC67}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"UDP Query User{E29F42DA-7535-4933-87F4-10DA3CE0E9CF}C:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe | 
"UDP Query User{E3AA5720-1CF6-4F1A-A02F-5174912594B7}C:\users\mietke\desktop\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\users\mietke\desktop\funcom\age of conan\ageofconan.exe | 
"UDP Query User{E5552611-DE04-4AAB-89D4-31C3AFBB2E2C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{E9F909DC-FFAF-45FE-A3A6-95F0925E4561}C:\users\mietke\desktop\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\users\mietke\desktop\funcom\age of conan\conanpatcher.exe | 
"UDP Query User{EBAA2BA9-6C6E-4315-925E-3F851663A098}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"CCleaner" = CCleaner
"Fix Helpmate_is1" = Fix Helpmate v1.0
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"WNLT" = Web Optimizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{27117C04-2614-40D6-B4E0-746642B70733}_is1" = DEFIANCE - Beta
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF001}" = Global Agenda Live
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3CA2B4FD-AEF2-ED4F-F5E5-0095DDA47AC7}" = Adobe Download Assistant
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.7.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{55F50591-42BD-4E98-8957-A427819DF660}" = Crazy Machines II - Gold
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}" = DefianceRuntimes
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}" = Firefall
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.9
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AION Free-To-Play" = AION Free-To-Play
"Akamai" = Akamai NetSession Interface
"avast" = avast! Internet Security
"CDCE6956-DD16-4F82-ACA0-E4C7BAD6B26A_is1" = Divinity II - DKS
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.9.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"Guild Wars" = GUILD WARS
"ICQToolbar" = ICQ Toolbar
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"ManiaPlanet_is1" = ManiaPlanet
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MobMap_is1" = MobMap 3.55
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = Vtune 7.21
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Neffy" = Neffy 1,3,29,0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"Plants vs. Zombies" = Plants vs. Zombies
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Songbird-release-1959" = Songbird 1.9.3 (Build 1959)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Secret World_is1" = The Secret World
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Mietke)
"Akamai" = Akamai NetSession Interface
"BitTorrent DNA" = DNA
"NCsoft-AionEU" = Aion
"NCsoft-GuildWars" = Guild Wars
"SOE-D:/Program Files (x86)/Planetside 2" = gamelauncher-ps2-psg (x86)-Planetside 2
"SOE-DC Universe Online Live" = DC Universe Online Live
"soe-PlanetSide 2 PSG" = PlanetSide 2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.02.2013 07:33:54 | Computer Name = Mietke-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.02.2013 07:33:54 | Computer Name = Mietke-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.02.2013 07:33:54 | Computer Name = Mietke-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.02.2013 07:33:54 | Computer Name = Mietke-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.02.2013 07:33:54 | Computer Name = Mietke-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.02.2013 07:33:56 | Computer Name = Mietke-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.02.2013 07:33:56 | Computer Name = Mietke-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.02.2013 07:33:56 | Computer Name = Mietke-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.02.2013 07:33:56 | Computer Name = Mietke-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.02.2013 09:12:58 | Computer Name = Mietke-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 22.12.2010 07:37:50 | Computer Name = Mietke-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 02.01.2011 07:11:27 | Computer Name = Mietke-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 15.02.2011 09:43:38 | Computer Name = Mietke-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 16.05.2011 12:50:07 | Computer Name = Mietke-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 15.07.2011 15:30:28 | Computer Name = Mietke-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.11.2011 15:33:37 | Computer Name = Mietke-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.11.2011 15:54:46 | Computer Name = Mietke-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 16.05.2012 04:03:45 | Computer Name = Mietke-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 02.07.2012 14:28:27 | Computer Name = Mietke-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 02.07.2012 15:34:01 | Computer Name = Mietke-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 20.02.2013 10:49:09 | Computer Name = Mietke-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.02.2013 02:26:43 | Computer Name = Mietke-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.02.2013 02:27:51 | Computer Name = Mietke-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 21.02.2013 02:27:51 | Computer Name = Mietke-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.02.2013 06:47:32 | Computer Name = Mietke-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.02.2013 06:48:30 | Computer Name = Mietke-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 21.02.2013 06:48:30 | Computer Name = Mietke-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.02.2013 09:12:59 | Computer Name = Mietke-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.02.2013 09:14:02 | Computer Name = Mietke-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 21.02.2013 09:14:02 | Computer Name = Mietke-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---


was ich vorhin vergessen hatte zu erwähnen: ich habe vorhin noch mal mbar laufen lassen und hab da zwei Dinge entfernen lassen. Ich weiß aber eben nicht, ob es wirklich die entsprechenden Objekte waren... Hoffe ich hab da jetzt nicht irgendwie Murks gemacht :/
ICh häng dir einfach mal den entsprechenden mbar-Log an

PHP-Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database versionv2013.02.21.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19400
Mietke :: MIETKE-PC [administrator]

21.02.2013 14:53:02
mbar-log-2013-02-21 (14-53-02).txt

Scan typeQuick scan
Scan options enabledMemory Startup Registry File System Heuristics/Extra Heuristics/Shuriken PUP PUM P2P
Scan options disabled
Objects scanned31051
Time elapsed10 minute(s), 57 second(s)

Memory Processes Detected0
(No malicious items detected)

Memory Modules Detected0
(No malicious items detected)

Registry Keys Detected2
HKCU\SOFTWARE\CLASSES\linkrdr.AIEbho (Trojan.Banker) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\linkrdr.AIEbho.1 (Trojan.Banker) -> Delete on reboot.

Registry Values Detected0
(No malicious items detected)

Registry Data Items Detected0
(No malicious items detected)

Folders Detected0
(No malicious items detected)

Files Detected0
(No malicious items detected)

(end
Danke das du dir Zeit nimmst

Alt 21.02.2013, 17:05   #5
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


Hi,
otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKLM..\Run: [NPSStartup]  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (jetztspielenob.de Toolbar) - {FC01C2BE-850B-4115-9B6B-9A427DDECC34} - C:\Program Files (x86)\jetztspielenob.de\tbjetz.dll
File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found
O3 - HKLM\..\Toolbar: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files (x86)\jetztspielenob.de\tbjetz.dll File not
found
O2 - BHO: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files (x86)\jetztspielenob.de\tbjetz.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
File not found
O33 - MountPoints2\{324b9718-a454-11de-b990-002354640c8c}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{324b971b-a454-11de-b990-002354640c8c}\Shell - "" = AutoRun
O33 - MountPoints2\{324b971b-a454-11de-b990-002354640c8c}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{3c401439-3413-11de-bdd8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3c401439-3413-11de-bdd8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Bin\ASSETUP.exe
O33 - MountPoints2\{7b5accbc-341f-11de-ab26-002354640c8c}\Shell\AutoRun\command - "" = K:\setupSNK.exe
O33 - MountPoints2\{dcc3c944-3544-11de-ab28-002354640c8c}\Shell\AutoRun\command - "" = G:\setupSNK.exe
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.02.2013, 17:20   #6
Lukas1234
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


Hier der Inhalt des Textdokuments

PHP-Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FC01C2BE-850B-4115-9B6B-9A427DDECC34not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC01C2BE-850B-4115-9B6B-9A427DDECC34}\ not found.
File C:\Program Files (x86)\jetztspielenob.de\tbjetz.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc01c2be-850b-4115-9b6b-9a427ddecc34not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc01c2be-850b-4115-9b6b-9a427ddecc34}\ not found.
File C:\Program Files (x86)\jetztspielenob.de\tbjetz.dll File not not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc01c2be-850b-4115-9b6b-9a427ddecc34}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc01c2be-850b-4115-9b6b-9a427ddecc34}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{324b9718-a454-11de-b990-002354640c8c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{324b9718-a454-11de-b990-002354640c8c}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{324b971b-a454-11de-b990-002354640c8c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{324b971b-a454-11de-b990-002354640c8c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{324b971b-a454-11de-b990-002354640c8c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{324b971b-a454-11de-b990-002354640c8c}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c401439-3413-11de-bdd8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c401439-3413-11de-bdd8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c401439-3413-11de-bdd8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c401439-3413-11de-bdd8-806e6f6e6963}\ not found.
File F:\Bin\ASSETUP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b5accbc-341f-11de-ab26-002354640c8c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b5accbc-341f-11de-ab26-002354640c8c}\ not found.
File K:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcc3c944-3544-11de-ab28-002354640c8c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcc3c944-3544-11de-ab28-002354640c8c}\ not found.
File G:\setupSNK.exe not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
UserAll Users
 
UserAppData
 
User: Default
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
->Flash cache emptied0 bytes
 
User: Default User
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
->Flash cache emptied0 bytes
 
UserMietke
->Temp folder emptied2453416708 bytes
->Temporary Internet Files folder emptied44977139 bytes
->Java cache emptied23417606 bytes
->FireFox cache emptied269003992 bytes
->Google Chrome cache emptied14336519 bytes
->Apple Safari cache emptied1080320 bytes
->Flash cache emptied77190 bytes
 
User: Public
 
UserUpdatusUser
->Temp folder emptied0 bytes
->Flash cache emptied56466 bytes
 
UserUpdatusUser.Mietke-PC
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied33170 bytes
->Flash cache emptied56466 bytes
 
%systemdrive% .tmp files removed0 bytes
%systemroot% .tmp files removed667648 bytes
%systemroot%\System32 .tmp files removed1564672 bytes
%systemroot%\System32 (64bit) .tmp files removed0 bytes
%systemroot%\System32\drivers .tmp files removed0 bytes
Windows Temp folder emptied487931821 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied66340 bytes
RecycleBin emptied0 bytes
 
Total Files Cleaned 3.144,00 mb
 
 
OTL by OldTimer Version 3.2.69.0 log created on 02212013_171444

Files\Folders moved on Reboot...
C:\Windows\temp\_avast_\Webshlock.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot... 

Alt 21.02.2013, 17:22   #7
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.02.2013, 17:36   #8
Lukas1234
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


Hier der Log

PHP-Code:
17:32:26.0549 2280  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:32:26.0720 2280  ============================================================
17:32:26.0720 2280  Current date time2013/02/21 17:32:26.0720
17:32:26.0720 2280  SystemInfo:
17:32:26.0720 2280  
17:32:26.0720 2280  OS Version6.0.6002 ServicePack2.0
17:32:26.0720 2280  Product typeWorkstation
17:32:26.0720 2280  ComputerNameMIETKE-PC
17:32:26.0720 2280  UserNameMietke
17:32:26.0720 2280  Windows directoryC:\Windows
17:32:26.0720 2280  System windows directoryC:\Windows
17:32:26.0720 2280  Running under WOW64
17:32:26.0720 2280  Processor architectureIntel x64
17:32:26.0720 2280  Number of processors4
17:32:26.0720 2280  Page size0x1000
17:32:26.0720 2280  Boot typeNormal boot
17:32:26.0720 2280  ============================================================
17:32:27.0224 2280  Drive \Device\Harddisk0\DR0 Size0xE8E0DB6000 (931.51 Gb), SectorSize0x200Cylinders0x1DB01SectorsPerTrack0x3FTracksPerCylinder0xFFType 'K0'Flags 0x00000040
17:32:27.0248 2280  ============================================================
17:32:27.0248 2280  \Device\Harddisk0\DR0:
17:32:27.0257 2280  MBR partitions:
17:32:27.0257 2280  \Device\Harddisk0\DR0\Partition1MBRType 0x7StartLBA 0x800BlocksNum 0xC350000
17:32:27.0257 2280  \Device\Harddisk0\DR0\Partition2MBRType 0x7StartLBA 0xC350800BlocksNum 0x683B5800
17:32:27.0257 2280  ============================================================
17:32:27.0285 2280  C: <-> \Device\Harddisk0\DR0\Partition1
17:32:27.0316 2280  D: <-> \Device\Harddisk0\DR0\Partition2
17:32:27.0316 2280  ============================================================
17:32:27.0316 2280  Initialize success
17:32:27.0317 2280  ============================================================
17:33:43.0591 4552  ============================================================
17:33:43.0591 4552  Scan started
17:33:43.0591 4552  ModeManualSigCheckTDLFS
17:33:43.0591 4552  ============================================================
17:33:43.0930 4552  ================ Scan system memory ========================
17:33:43.0930 4552  System memory ok
17:33:43.0930 4552  ================ Scan services =============================
17:33:44.0039 4552  1394hub ok
17:33:44.0101 4552  6CE02D42183CDF31315F208AE35F153F acedrv11        C:\Windows\system32\drivers\acedrv11.sys
17:33:44.0253 4552  acedrv11 ok
17:33:44.0274 4552  1965AAFFAB07E3FB03C77F81BEBA3547 ACPI            C:\Windows\system32\drivers\acpi.sys
17:33:44.0295 4552  ACPI ok
17:33:44.0384 4552  62B7936F9036DD6ED36E6A7EFA805DC0 AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:33:44.0396 4552  AdobeARMservice ok
17:33:44.0486 4552  EC807244904FA170C299AB06D87FBDBE AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:33:44.0510 4552  AdobeFlashPlayerUpdateSvc ok
17:33:44.0545 4552  F14215E37CF124104575073F782111D2 adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:33:44.0585 4552  adp94xx ok
17:33:44.0608 4552  7D05A75E3066861A6610F7EE04FF085C adpahci         C:\Windows\system32\drivers\adpahci.sys
17:33:44.0631 4552  adpahci ok
17:33:44.0647 4552  820A201FE08A0C345B3BEDBC30E1A77C adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:33:44.0664 4552  adpu160m ok
17:33:44.0684 4552  9B4AB6854559DC168FBB4C24FC52E794 adpu320         C:\Windows\system32\drivers\adpu320.sys
17:33:44.0702 4552  adpu320 ok
17:33:44.0741 4552  0F421175574BFE0BF2F4D8E910A253BB AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:33:44.0817 4552  AeLookupSvc ok
17:33:44.0857 4552  C4F6CE6087760AD70960C9EB130E7943 AFD             C:\Windows\system32\drivers\afd.sys
17:33:44.0939 4552  AFD ok
17:33:44.0964 4552  F6F6793B7F17B550ECFDBD3B229173F7 agp440          C:\Windows\system32\drivers\agp440.sys
17:33:44.0980 4552  agp440 ok
17:33:45.0003 4552  222CB641B4B8A1D1126F8033F9FD6A00 aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:33:45.0020 4552  aic78xx ok
17:33:45.0140 4552  B9B98E08EC127900025F42462D3D0A66 Akamai          c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
17:33:45.0140 4552  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dllmd5B9B98E08EC127900025F42462D3D0A66
17:33:45.0149 4552  Akamai HiddenFile.Multi.Generic ) - warning
17:33:45.0149 4552  Akamai detected HiddenFile.Multi.Generic (1)
17:33:45.0176 4552  5922F4F59B7868F3D74BBBBEB7B825A3 ALG             C:\Windows\System32\alg.exe
17:33:45.0237 4552  ALG ok
17:33:45.0258 4552  157D0898D4B73F075CE9FA26B482DF98 aliide          C:\Windows\system32\drivers\aliide.sys
17:33:45.0273 4552  aliide ok
17:33:45.0278 4552  970FA5059E61E30D25307B99903E991E amdide          C:\Windows\system32\drivers\amdide.sys
17:33:45.0292 4552  amdide ok
17:33:45.0312 4552  CDC3632A3A5EA4DBB83E46076A3165A1 AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:33:45.0373 4552  AmdK8 ok
17:33:45.0415 4552  9C37B3FD5615477CB9A0CD116CF43F5C Appinfo         C:\Windows\System32\appinfo.dll
17:33:45.0442 4552  Appinfo ok
17:33:45.0502 4552  A5299D04ED225D64CF07A568A3E1BF8C Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:33:45.0516 4552  Apple Mobile Device ok
17:33:45.0531 4552  BA8417D4765F3988FF921F30F630E303 arc             C:\Windows\system32\drivers\arc.sys
17:33:45.0547 4552  arc ok
17:33:45.0564 4552  9D41C435619733B34CC16A511E644B11 arcsas          C:\Windows\system32\drivers\arcsas.sys
17:33:45.0580 4552  arcsas ok
17:33:45.0636 4552  aspnet_state ok
17:33:45.0672 4552  4FCAEF0C5BE7629AEB878998E0FE959B aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
17:33:45.0686 4552  aswFsBlk ok
17:33:45.0705 4552  9FFC732E12FF53E05FE9E02C8C00CE87 aswFW           C:\Windows\system32\drivers\aswFW.sys
17:33:45.0721 4552  aswFW ok
17:33:45.0748 4552  6B91E6D483AADB3FC4E13E2355200611 aswKbd          C:\Windows\system32\drivers\aswKbd.sys
17:33:45.0762 4552  aswKbd ok
17:33:45.0806 4552  B50CDD87772D6A11CB90924AAD399DF8 aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
17:33:45.0821 4552  aswMonFlt ok
17:33:45.0842 4552  518B8D447A1975AB46DA093A2E743256 aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
17:33:45.0857 4552  aswNdis ok
17:33:45.0887 4552  5A832BBB1B563B6B3FDA46239B630037 aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
17:33:45.0908 4552  aswNdis2 ok
17:33:45.0919 4552  A4096B90F21BBD2973AFAB8EEE01CD25 aswRdr          C:\Windows\system32\drivers\aswRdr.sys
17:33:45.0933 4552  aswRdr ok
17:33:45.0960 4552  E71D826A1F3CE9C9DE3E77F2D02AFFBF aswSnx          C:\Windows\system32\drivers\aswSnx.sys
17:33:46.0009 4552  aswSnx ok
17:33:46.0033 4552  538A32E2C99BF073D4CA76C30BEDAA60 aswSP           C:\Windows\system32\drivers\aswSP.sys
17:33:46.0055 4552  aswSP ok
17:33:46.0070 4552  6EDC79D73745FD44C41B55B2D13D0B70 aswTdi          C:\Windows\system32\drivers\aswTdi.sys
17:33:46.0084 4552  aswTdi ok
17:33:46.0101 4552  22D13FF3DAFEC2A80634752B1EAA2DE6 AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:33:46.0153 4552  AsyncMac ok
17:33:46.0172 4552  E68D9B3A3905619732F7FE039466A623 atapi           C:\Windows\system32\drivers\atapi.sys
17:33:46.0189 4552  atapi ok
17:33:46.0228 4552  79318C744693EC983D20E9337A2F8196 AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:33:46.0302 4552  AudioEndpointBuilder ok
17:33:46.0311 4552  79318C744693EC983D20E9337A2F8196 AudioSrv        C:\Windows\System32\Audiosrv.dll
17:33:46.0364 4552  AudioSrv ok
17:33:46.0458 4552  8FA553E9AE69808D99C164733A0F9590 avastAntivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:33:46.0471 4552  avastAntivirus ok
17:33:46.0495 4552  BC0E07A768A0A14C48E3CE1875F2C377 avastFirewall C:\Program Files\AVAST Software\Avast\afwServ.exe
17:33:46.0510 4552  avastFirewall ok
17:33:46.0541 4552  FFB96C2589FFA60473EAD78B39FBDE29 BFE             C:\Windows\System32\bfe.dll
17:33:46.0600 4552  BFE ok
17:33:46.0637 4552  6D316F4859634071CC25C4FD4589AD2C BITS            C:\Windows\System32\qmgr.dll
17:33:46.0729 4552  BITS ok
17:33:46.0757 4552  79FEEB40056683F8F61398D81DDA65D2 blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:33:46.0799 4552  blbdrive ok
17:33:46.0847 4552  EBBCD5DFBB1DE70E8F4AF8FA59E401FD Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:33:46.0868 4552  Bonjour Service ok
17:33:46.0892 4552  2348447A80920B2493A9B582A23E81E1 bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:33:46.0916 4552  bowser ok
17:33:46.0935 4552  F09EEE9EDC320B5E1501F749FDE686C8 BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:33:46.0969 4552  BrFiltLo ok
17:33:46.0982 4552  B114D3098E9BDB8BEA8B053685831BE6 BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:33:47.0019 4552  BrFiltUp ok
17:33:47.0047 4552  A1B39DE453433B115B4EA69EE0343816 Browser         C:\Windows\System32\browser.dll
17:33:47.0094 4552  Browser ok
17:33:47.0113 4552  F0F0BA4D815BE446AA6A4583CA3BCA9B Brserid         C:\Windows\system32\drivers\brserid.sys
17:33:47.0170 4552  Brserid ok
17:33:47.0210 4552  A6ECA2151B08A09CACECA35C07F05B42 BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:33:47.0270 4552  BrSerWdm ok
17:33:47.0286 4552  B79968002C277E869CF38BD22CD61524 BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:33:47.0364 4552  BrUsbMdm ok
17:33:47.0380 4552  A87528880231C54E75EA7A44943B38BF BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:33:47.0435 4552  BrUsbSer ok
17:33:47.0454 4552  E0777B34E05F8A82A21856EFC900C29F BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:33:47.0522 4552  BTHMODEM ok
17:33:47.0572 4552  2BD001601496AE87F7CB86F1FCD6F1EC Cardex          C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
17:33:47.0584 4552  Cardex ok
17:33:47.0594 4552  B4D787DB8D30793A4D4DF9FEED18F136 cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:33:47.0633 4552  cdfs ok
17:33:47.0654 4552  C025AA69BE3D0D25C7A2E746EF6F94FC cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:33:47.0703 4552  cdrom ok
17:33:47.0731 4552  5A268127633C7EE2A7FB87F39D748D56 CertPropSvc     C:\Windows\System32\certprop.dll
17:33:47.0771 4552  CertPropSvc ok
17:33:47.0790 4552  02EA568D498BBDD4BA55BF3FCE34D456 circlass        C:\Windows\system32\drivers\circlass.sys
17:33:47.0828 4552  circlass ok
17:33:47.0873 4552  3DCA9A18B204939CFB24BEA53E31EB48 CLFS            C:\Windows\system32\CLFS.sys
17:33:47.0902 4552  CLFS ok
17:33:47.0924 4552  8EE772032E2FE80A924F3B8DD5082194 clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:33:47.0940 4552  clr_optimization_v2.0.50727_32 ok
17:33:47.0985 4552  CE07A466201096F021CD09D631B21540 clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:33:47.0999 4552  clr_optimization_v2.0.50727_64 ok
17:33:48.0061 4552  C5A75EB48E2344ABDC162BDA79E16841 clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:33:48.0075 4552  clr_optimization_v4.0.30319_32 ok
17:33:48.0104 4552  C6F9AF94DCD58122A4D7E89DB6BED29D clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:33:48.0117 4552  clr_optimization_v4.0.30319_64 ok
17:33:48.0130 4552  E5D5499A1C50A54B5161296B6AFE6192 cmdide          C:\Windows\system32\drivers\cmdide.sys
17:33:48.0142 4552  cmdide ok
17:33:48.0163 4552  7FB8AD01DB0EABE60C8A861531A8F431 Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:33:48.0176 4552  Compbatt ok
17:33:48.0181 4552  COMSysApp ok
17:33:48.0197 4552  A8585B6412253803CE8EFCBD6D6DC15C crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:33:48.0211 4552  crcdisk ok
17:33:48.0237 4552  CA78B312C44E4D52E842C2C8BD48E452 CryptSvc        C:\Windows\system32\cryptsvc.dll
17:33:48.0279 4552  CryptSvc ok
17:33:48.0322 4552  CF8B9A3A5E7DC57724A89D0C3E8CF9EF DcomLaunch      C:\Windows\system32\rpcss.dll
17:33:48.0387 4552  DcomLaunch ok
17:33:48.0416 4552  8B722BA35205C71E7951CDC4CDBADE19 DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:33:48.0442 4552  DfsC ok
17:33:48.0469 4552  3ED0321127CE70ACDAABBF77E157C2A7 Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:33:48.0501 4552  Dhcp ok
17:33:48.0537 4552  B0107E40ECDB5FA692EBF832F295D905 disk            C:\Windows\system32\drivers\disk.sys
17:33:48.0553 4552  disk ok
17:33:48.0580 4552  06230F1B721494A6DF8D47FD395BB1B0 Dnscache        C:\Windows\System32\dnsrslvr.dll
17:33:48.0609 4552  Dnscache ok
17:33:48.0631 4552  1A7156DD1E850E9914E5E991E3225B94 dot3svc         C:\Windows\System32\dot3svc.dll
17:33:48.0676 4552  dot3svc ok
17:33:48.0706 4552  1583B39790DB3EAEC7EDB0CB0140C708 DPS             C:\Windows\system32\dps.dll
17:33:48.0757 4552  DPS ok
17:33:48.0783 4552  F1A78A98CFC2EE02144C6BEC945447E6 drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:33:48.0838 4552  drmkaud ok
17:33:48.0851 4552  dump_wmimmc ok
17:33:48.0887 4552  B8E554E502D5123BC111F99D6A2181B4 DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:33:48.0933 4552  DXGKrnl ok
17:33:48.0961 4552  264CEE7B031A9D6C827F3D0CB031F2FE E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
17:33:49.0000 4552  E1G60 ok
17:33:49.0018 4552  EagleX64 ok
17:33:49.0038 4552  C2303883FD9BE49DC36A6400643002EA EapHost         C:\Windows\System32\eapsvc.dll
17:33:49.0069 4552  EapHost ok
17:33:49.0084 4552  5F94962BE5A62DB6E447FF6470C4F48A Ecache          C:\Windows\system32\drivers\ecache.sys
17:33:49.0102 4552  Ecache ok
17:33:49.0143 4552  14CE384D2E27B64C256BDA4DC39C312D ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:33:49.0165 4552  ehRecvr ok
17:33:49.0180 4552  B93159C1313D66FDFBBE876F5189CD52 ehSched         C:\Windows\ehome\ehsched.exe
17:33:49.0209 4552  ehSched ok
17:33:49.0223 4552  F5EE2527D74449868E3C3227A59BCD28 ehstart         C:\Windows\ehome\ehstart.dll
17:33:49.0253 4552  ehstart ok
17:33:49.0273 4552  C4636D6E10469404AB5308D9FD45ED07 elxstor         C:\Windows\system32\drivers\elxstor.sys
17:33:49.0310 4552  elxstor ok
17:33:49.0339 4552  A9B18B63A4FD6BAAB83326706D857FAB EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:33:49.0413 4552  EMDMgmt ok
17:33:49.0423 4552  BC3A58E938BB277E46BF4B3003B01ABD ErrDev          C:\Windows\system32\drivers\errdev.sys
17:33:49.0469 4552  ErrDev ok
17:33:49.0499 4552  E12F22B73F153DECE721CD45EC05B4AF EventSystem     C:\Windows\system32\es.dll
17:33:49.0560 4552  EventSystem ok
17:33:49.0593 4552  486844F47B6636044A42454614ED4523 exfat           C:\Windows\system32\drivers\exfat.sys
17:33:49.0624 4552  exfat ok
17:33:49.0646 4552  1A4BEE34277784619DDAF0422C0C6E23 fastfat         C:\Windows\system32\drivers\fastfat.sys
17:33:49.0692 4552  fastfat ok
17:33:49.0705 4552  81B79B6DF71FA1D2C6D688D830616E39 fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:33:49.0757 4552  fdc ok
17:33:49.0769 4552  BB9267ACACD8B7533DD936C34A0CBA5E fdPHost         C:\Windows\system32\fdPHost.dll
17:33:49.0808 4552  fdPHost ok
17:33:49.0823 4552  300C80931EABBE1DB7591C516EFE8D0F FDResPub        C:\Windows\system32\fdrespub.dll
17:33:49.0896 4552  FDResPub ok
17:33:49.0913 4552  457B7D1D533E4BD62A99AED9C7BB4C59 FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:33:49.0930 4552  FileInfo ok
17:33:49.0948 4552  D421327FD6EFCCAF884A54C58E1B0D7F Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:33:49.0984 4552  Filetrace ok
17:33:49.0996 4552  230923EA2B80F79B0F88D90F87B87EBD flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:33:50.0028 4552  flpydisk ok
17:33:50.0053 4552  E3041BC26D6930D61F42AEDB79C91720 FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:33:50.0079 4552  FltMgr ok
17:33:50.0138 4552  BE1C5BD1CA7ED015BC6FA1AE67E592C8 FontCache       C:\Windows\system32\FntCache.dll
17:33:50.0198 4552  FontCache ok
17:33:50.0249 4552  BC5B0BE5AF3510B0FD8C140EE42C6D3E FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:33:50.0263 4552  FontCache3.0.0.0 ok
17:33:50.0286 4552  5779B86CD8B32519FBECB136394D946A Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:33:50.0312 4552  Fs_Rec ok
17:33:50.0326 4552  C8E416668D3DC2BE3D4FE4C79224997F gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:33:50.0342 4552  gagp30kx ok
17:33:50.0379 4552  8E98D21EE06192492A5671A6144D092F GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:33:50.0391 4552  GEARAspiWDM ok
17:33:50.0415 4552  A0E1B575BA8F504968CD40C0FAEB2384 gpsvc           C:\Windows\System32\gpsvc.dll
17:33:50.0458 4552  gpsvc ok
17:33:50.0532 4552  626A24ED1228580B9518C01930936DF9 gupdate1ca743942b03ae0 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:33:50.0545 4552  gupdate1ca743942b03ae0 ok
17:33:50.0570 4552  626A24ED1228580B9518C01930936DF9 gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:33:50.0583 4552  gupdatem ok
17:33:50.0613 4552  CC839E8D766CC31A7710C9F38CF3E375 gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:33:50.0627 4552  gusvc ok
17:33:50.0656 4552  68E732382B32417FF61FD663259B4B09 HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:33:50.0677 4552  HdAudAddService ok
17:33:50.0715 4552  F942C5820205F2FB453243EDFEC82A3D HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:33:50.0777 4552  HDAudBus ok
17:33:50.0789 4552  B4881C84A180E75B8C25DC1D726C375F HidBth          C:\Windows\system32\drivers\hidbth.sys
17:33:50.0870 4552  HidBth ok
17:33:50.0880 4552  4E77A77E2C986E8F88F996BB3E1AD829 HidIr           C:\Windows\system32\drivers\hidir.sys
17:33:50.0944 4552  HidIr ok
17:33:50.0969 4552  59361D38A297755D46A540E450202B2A hidserv         C:\Windows\system32\hidserv.dll
17:33:51.0021 4552  hidserv ok
17:33:51.0042 4552  443BDD2D30BB4F00795C797E2CF99EDF HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:33:51.0079 4552  HidUsb ok
17:33:51.0174 4552  7388756BC5F9FE857C400E340B878AF2 HiPatchService  D:\Program Files (x86)\Global Agenda\HiPatchService.exe
17:33:51.0186 4552  HiPatchService UnsignedFile.Multi.Generic ) - warning
17:33:51.0186 4552  HiPatchService detected UnsignedFile.Multi.Generic (1)
17:33:51.0205 4552  B12F367EA39C0795FD57E31242CE1A5A hkmsvc          C:\Windows\system32\kmsvc.dll
17:33:51.0240 4552  hkmsvc ok
17:33:51.0258 4552  D7109A1E6BD2DFDBCBA72A6BC626A13B HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:33:51.0273 4552  HpCISSs ok
17:33:51.0306 4552  098F1E4E5C9CB5B0063A959063631610 HTTP            C:\Windows\system32\drivers\HTTP.sys
17:33:51.0344 4552  HTTP ok
17:33:51.0367 4552  DA94C854CEA5FAC549D4E1F6E88349E8 i2omp           C:\Windows\system32\drivers\i2omp.sys
17:33:51.0381 4552  i2omp ok
17:33:51.0397 4552  CBB597659A2713CE0C9CC20C88C7591F i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:33:51.0430 4552  i8042prt ok
17:33:51.0483 4552  E03216D695CDC2D223AFC0CAB4498888 IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:33:51.0515 4552  IAANTMON ok
17:33:51.0549 4552  8BD53925C5675BC9A5EFE12E2A42BE31 iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:33:51.0581 4552  iaStor ok
17:33:51.0606 4552  3E3BF3627D886736D0B4E90054F929F6 iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:33:51.0626 4552  iaStorV ok
17:33:51.0680 4552  848EDEBB3C1D6FEC50E09EDA95C21E84 ICQ Service     C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
17:33:51.0697 4552  ICQ Service ok
17:33:51.0774 4552  6F95324909B502E2651442C1548AB12F IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:33:51.0801 4552  IDriverT UnsignedFile.Multi.Generic ) - warning
17:33:51.0801 4552  IDriverT detected UnsignedFile.Multi.Generic (1)
17:33:51.0850 4552  749F5F8CEDCA70F2A512945325FC489D idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:33:51.0904 4552  idsvc ok
17:33:51.0920 4552  8C3951AD2FE886EF76C7B5027C3125D3 iirsp           C:\Windows\system32\drivers\iirsp.sys
17:33:51.0934 4552  iirsp ok
17:33:51.0962 4552  0C9EA6E654E7B0471741E343A6C671AF IKEEXT          C:\Windows\System32\ikeext.dll
17:33:52.0039 4552  IKEEXT ok
17:33:52.0102 4552  BAA12AECED01041FFE309048CFDD573A IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:33:52.0171 4552  IntcAzAudAddService ok
17:33:52.0207 4552  DF797A12176F11B2D301C5B234BB200E intelide        C:\Windows\system32\drivers\intelide.sys
17:33:52.0223 4552  intelide ok
17:33:52.0239 4552  BFD84AF32FA1BAD6231C4585CB469630 intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:33:52.0283 4552  intelppm ok
17:33:52.0312 4552  5624BC1BC5EEB49C0AB76A8114F05EA3 IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:33:52.0366 4552  IPBusEnum ok
17:33:52.0392 4552  D8AABC341311E4780D6FCE8C73C0AD81 IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:33:52.0434 4552  IpFilterDriver ok
17:33:52.0477 4552  BF0DBFA9792C5C14FA00F61C75116C1B iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:33:52.0503 4552  iphlpsvc ok
17:33:52.0508 4552  IpInIp ok
17:33:52.0526 4552  9C2EE2E6E5A7203BFAE15C299475EC67 IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:33:52.0564 4552  IPMIDRV ok
17:33:52.0583 4552  B7E6212F581EA5F6AB0C3A6CEEEB89BE IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:33:52.0636 4552  IPNAT ok
17:33:52.0690 4552  0F261EC4F514926177C70C1832374231 iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:33:52.0727 4552  iPod Service ok
17:33:52.0744 4552  8C42CA155343A2F11D29FECA67FAA88D IRENUM          C:\Windows\system32\drivers\irenum.sys
17:33:52.0795 4552  IRENUM ok
17:33:52.0812 4552  0672BFCEDC6FC468A2B0500D81437F4F isapnp          C:\Windows\system32\drivers\isapnp.sys
17:33:52.0827 4552  isapnp ok
17:33:52.0844 4552  E4FDF99599F27EC25D2CF6D754243520 iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:33:52.0864 4552  iScsiPrt ok
17:33:52.0875 4552  63C766CDC609FF8206CB447A65ABBA4A iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:33:52.0890 4552  iteatapi ok
17:33:52.0912 4552  1281FE73B17664631D12F643CBEA3F59 iteraid         C:\Windows\system32\drivers\iteraid.sys
17:33:52.0926 4552  iteraid ok
17:33:52.0941 4552  423696F3BA6472DD17699209B933BC26 kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:33:52.0957 4552  kbdclass ok
17:33:52.0973 4552  DBDF75D51464FBC47D0104EC3D572C05 kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:33:53.0010 4552  kbdhid ok
17:33:53.0039 4552  260BF9C43EE12C6898A9F5AAB0FB0E5D KeyIso          C:\Windows\system32\lsass.exe
17:33:53.0063 4552  KeyIso ok
17:33:53.0089 4552  88956AD9FA510848AD176777A6C6C1F5 KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:33:53.0133 4552  KSecDD ok
17:33:53.0137 4552  1D419CF43DB29396ECD7113D129D94EB ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:33:53.0179 4552  ksthunk ok
17:33:53.0209 4552  1FAF6926F3416D3DA05C5B265491BDAE KtmRm           C:\Windows\system32\msdtckrm.dll
17:33:53.0288 4552  KtmRm ok
17:33:53.0311 4552  463A1F864924736015017A8D4F90A577 L1E             C:\Windows\system32\DRIVERS\L1E60x64.sys
17:33:53.0324 4552  L1E ok
17:33:53.0348 4552  50C7A3CB427E9BB5ED0708A669956AB5 LanmanServer    C:\Windows\system32\srvsvc.dll
17:33:53.0376 4552  LanmanServer ok
17:33:53.0403 4552  CAF86FC1388BE1E470F1A7B43E348ADB LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:33:53.0431 4552  LanmanWorkstation ok
17:33:53.0448 4552  96ECE2659B6654C10A0C310AE3A6D02C lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:33:53.0494 4552  lltdio ok
17:33:53.0519 4552  961CCBD0B1CCB5675D64976FAE37D092 lltdsvc         C:\Windows\System32\lltdsvc.dll
17:33:53.0576 4552  lltdsvc ok
17:33:53.0595 4552  A47F8080CACC23C91FE823AD19AA5612 lmhosts         C:\Windows\System32\lmhsvc.dll
17:33:53.0647 4552  lmhosts ok
17:33:53.0669 4552  ACBE1AF32D3123E330A07BFBC5EC4A9B LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:33:53.0694 4552  LSI_FC ok
17:33:53.0707 4552  799FFB2FC4729FA46D2157C0065B3525 LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:33:53.0724 4552  LSI_SAS ok
17:33:53.0736 4552  F445FF1DAAD8A226366BFAF42551226B LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:33:53.0753 4552  LSI_SCSI ok
17:33:53.0771 4552  52F87B9CC8932C2A7375C3B2A9BE5E3E luafv           C:\Windows\system32\drivers\luafv.sys
17:33:53.0826 4552  luafv ok
17:33:53.0851 4552  92EB844D90615CB266F84C3202B8786E MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:33:53.0864 4552  MBAMProtector ok
17:33:53.0887 4552  1ACAA67676E9E7BDA5E0C41B6E0DECAF MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:33:53.0905 4552  MBAMScheduler - ok
17:33:53.0927 4552  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:33:53.0964 4552  MBAMService ok
17:33:53.0990 4552  76A58DF02BD4EA29F189B82D0BEF17F8 Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:33:54.0008 4552  Mcx2Svc ok
17:33:54.0036 4552  5C5CD6AACED32FB26C3FB34B3DCF972F megasas         C:\Windows\system32\drivers\megasas.sys
17:33:54.0052 4552  megasas ok
17:33:54.0081 4552  859BC2436B076C77C159ED694ACFE8F8 MegaSR          C:\Windows\system32\drivers\megasr.sys
17:33:54.0107 4552  MegaSR ok
17:33:54.0136 4552  624D717B11E5004F68442B5740F17F21 mferkdk         C:\Windows\system32\drivers\mferkdk.sys
17:33:54.0149 4552  mferkdk ok
17:33:54.0186 4552  0CD9DE7B96735F33F078C4EA044E8B34 mfesmfk         C:\Windows\system32\drivers\mfesmfk.sys
17:33:54.0198 4552  mfesmfk ok
17:33:54.0211 4552  3CBE4995E80E13CCFBC42E5DCF3AC81A MMCSS           C:\Windows\system32\mmcss.dll
17:33:54.0260 4552  MMCSS ok
17:33:54.0278 4552  59848D5CC74606F0EE7557983BB73C2E Modem           C:\Windows\system32\drivers\modem.sys
17:33:54.0329 4552  Modem ok
17:33:54.0367 4552  C247CC2A57E0A0C8C6DCCF7807B3E9E5 monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:33:54.0418 4552  monitor ok
17:33:54.0441 4552  9367304E5E412B120CF5F4EA14E4E4F1 mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:33:54.0456 4552  mouclass ok
17:33:54.0476 4552  C2C2BD5C5CE5AAF786DDD74B75D2AC69 mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:33:54.0515 4552  mouhid ok
17:33:54.0526 4552  11BC9B1E8801B01F7F6ADB9EAD30019B MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:33:54.0542 4552  MountMgr ok
17:33:54.0589 4552  5C5E45DDABEFBC9F564F1D5C83258B8F MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:33:54.0606 4552  MozillaMaintenance ok
17:33:54.0632 4552  F8276EB8698142884498A528DFEA8478 mpio            C:\Windows\system32\drivers\mpio.sys
17:33:54.0650 4552  mpio ok
17:33:54.0667 4552  C92B9ABDB65A5991E00C28F13491DBA2 mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:33:54.0704 4552  mpsdrv ok
17:33:54.0747 4552  897E3BAF68BA406A61682AE39C83900C MpsSvc          C:\Windows\system32\mpssvc.dll
17:33:54.0791 4552  MpsSvc ok
17:33:54.0806 4552  3C200630A89EF2C0864D515B7A75802E Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:33:54.0832 4552  Mraid35x ok
17:33:54.0850 4552  7C1DE4AA96DC0C071611F9E7DE02A68D MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:33:54.0876 4552  MRxDAV ok
17:33:54.0893 4552  1485811B320FF8C7EDAD1CAEBB1C6C2B mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:33:54.0924 4552  mrxsmb ok
17:33:54.0954 4552  3B929A60C833FC615FD97FBA82BC7632 mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:33:54.0998 4552  mrxsmb10 ok
17:33:55.0003 4552  C64AB3E1F53B4F5B5BB6D796B2D7BEC3 mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:33:55.0032 4552  mrxsmb20 ok
17:33:55.0057 4552  AA459F2AB3AB603C357FF117CAE3D818 msahci          C:\Windows\system32\drivers\msahci.sys
17:33:55.0074 4552  msahci ok
17:33:55.0092 4552  264BBB4AAF312A485F0E44B65A6B7202 msdsm           C:\Windows\system32\drivers\msdsm.sys
17:33:55.0109 4552  msdsm ok
17:33:55.0133 4552  7EC02CE772F068ED0BEAFA3DA341A9BC MSDTC           C:\Windows\System32\msdtc.exe
17:33:55.0181 4552  MSDTC ok
17:33:55.0190 4552  704F59BFC4512D2BB0146AEC31B10A7C Msfs            C:\Windows\system32\drivers\Msfs.sys
17:33:55.0236 4552  Msfs ok
17:33:55.0253 4552  00EBC952961664780D43DCA157E79B27 msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:33:55.0269 4552  msisadrv ok
17:33:55.0285 4552  366B0C1F4478B519C181E37D43DCDA32 MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:33:55.0336 4552  MSiSCSI ok
17:33:55.0340 4552  msiserver ok
17:33:55.0361 4552  0EA73E498F53B96D83DBFCA074AD4CF8 MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:33:55.0408 4552  MSKSSRV ok
17:33:55.0420 4552  52E59B7E992A58E740AA63F57EDBAE8B MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:33:55.0457 4552  MSPCLOCK ok
17:33:55.0469 4552  49084A75BAE043AE02D5B44D02991BB2 MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:33:55.0504 4552  MSPQM ok
17:33:55.0525 4552  DC6CCF440CDEDE4293DB41C37A5060A5 MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:33:55.0545 4552  MsRPC ok
17:33:55.0561 4552  855796E59DF77EA93AF46F20155BF55B mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:33:55.0574 4552  mssmbios ok
17:33:55.0589 4552  86D632D75D05D5B7C7C043FA3564AE86 MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:33:55.0635 4552  MSTEE ok
17:33:55.0658 4552  6936198F2CC25B39CF5262436C80DF46 MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
17:33:55.0670 4552  MTsensor ok
17:33:55.0683 4552  0CC49F78D8ACA0877D885F149084E543 Mup             C:\Windows\system32\Drivers\mup.sys
17:33:55.0698 4552  Mup ok
17:33:55.0715 4552  A5B10C845E7538C60C0F5D87A57CB3F5 napagent        C:\Windows\system32\qagentRT.dll
17:33:55.0765 4552  napagent ok
17:33:55.0798 4552  2007B826C4ACD94AE32232B41F0842B9 NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:33:55.0825 4552  NativeWifiP ok
17:33:55.0863 4552  65950E07329FCEE8E6516B17C8D0ABB6 NDIS            C:\Windows\system32\drivers\ndis.sys
17:33:55.0914 4552  NDIS ok
17:33:55.0918 4552  64DF698A425478E321981431AC171334 NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:33:55.0956 4552  NdisTapi ok
17:33:55.0974 4552  8BAA43196D7B5BB972C9A6B2BBF61A19 Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:33:56.0027 4552  Ndisuio ok
17:33:56.0044 4552  F8158771905260982CE724076419EF19 NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:33:56.0086 4552  NdisWan ok
17:33:56.0101 4552  9CB77ED7CB72850253E973A2D6AFDF49 NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:33:56.0135 4552  NDProxy ok
17:33:56.0140 4552  A499294F5029A7862ADC115BDA7371CE NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:33:56.0179 4552  NetBIOS ok
17:33:56.0197 4552  FC2C792EBDDC8E28DF939D6A92C83D61 netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:33:56.0237 4552  netbt ok
17:33:56.0248 4552  260BF9C43EE12C6898A9F5AAB0FB0E5D Netlogon        C:\Windows\system32\lsass.exe
17:33:56.0266 4552  Netlogon ok
17:33:56.0288 4552  9B63B29DEFC0F3115A559D2597BF5D75 Netman          C:\Windows\System32\netman.dll
17:33:56.0357 4552  Netman ok
17:33:56.0380 4552  7846D0136CC2B264926A73047BA7688A netprofm        C:\Windows\System32\netprofm.dll
17:33:56.0426 4552  netprofm ok
17:33:56.0462 4552  7D536AACB9329FE4B21C1870E3410BA6 netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
17:33:56.0495 4552  netr28ux ok
17:33:56.0509 4552  74751DDA198165947FD7454D83F49825 NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:33:56.0524 4552  NetTcpPortSharing ok
17:33:56.0536 4552  4AC08BD6AF2DF42E0C3196D826C8AEA7 nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:33:56.0551 4552  nfrd960 ok
17:33:56.0558 4552  F145BF4C4668E7E312069F81EF847CFC NlaSvc          C:\Windows\System32\nlasvc.dll
17:33:56.0611 4552  NlaSvc ok
17:33:56.0621 4552  B298874F8E0EA93F06EC40AA8D146478 Npfs            C:\Windows\system32\drivers\Npfs.sys
17:33:56.0650 4552  Npfs ok
17:33:56.0661 4552  npggsvc ok
17:33:56.0667 4552  NPPTNT2 ok
17:33:56.0692 4552  ACB62BAA1C319B17752553DF3026EEEB nsi             C:\Windows\system32\nsisvc.dll
17:33:56.0730 4552  nsi ok
17:33:56.0734 4552  1523AF19EE8B030BA682F7A53537EAEB nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:33:56.0775 4552  nsiproxy ok
17:33:56.0817 4552  BAC869DFB98E499BA4D9BB1FB43270E1 Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:33:56.0884 4552  Ntfs ok
17:33:56.0888 4552  DD5D684975352B85B52E3FD5347C20CB Null            C:\Windows\system32\drivers\Null.sys
17:33:56.0949 4552  Null ok
17:33:57.0182 4552  5104BAC2DA2A5BDD86AC6B0708B00F06 nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:33:57.0561 4552  nvlddmkm ok
17:33:57.0577 4552  2C040B7ADA5B06F6FACADAC8514AA034 nvraid          C:\Windows\system32\drivers\nvraid.sys
17:33:57.0592 4552  nvraid ok
17:33:57.0608 4552  F7EA0FE82842D05EDA3EFDD376DBFDBA nvstor          C:\Windows\system32\drivers\nvstor.sys
17:33:57.0622 4552  nvstor ok
17:33:57.0664 4552  DDFAFCE89A5C93D04712B86F94E9FCBA nvsvc           C:\Windows\system32\nvvsvc.exe
17:33:57.0715 4552  nvsvc ok
17:33:57.0773 4552  84E035225474E48CD3A6A3CE52332095 nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:33:57.0823 4552  nvUpdatusService ok
17:33:57.0839 4552  19067CA93075EF4823E3938A686F532F nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:33:57.0855 4552  nv_agp ok
17:33:57.0859 4552  NwlnkFlt ok
17:33:57.0864 4552  NwlnkFwd ok
17:33:57.0893 4552  B5B1CE65AC15BBD11C0619E3EF7CFC28 ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:33:57.0926 4552  ohci1394 ok
17:33:57.0961 4552  9AE31D2E1D15C10D91318E0EC149CEAC p2pimsvc        C:\Windows\system32\p2psvc.dll
17:33:58.0033 4552  p2pimsvc ok
17:33:58.0045 4552  9AE31D2E1D15C10D91318E0EC149CEAC p2psvc          C:\Windows\system32\p2psvc.dll
17:33:58.0097 4552  p2psvc ok
17:33:58.0112 4552  AECD57F94C887F58919F307C35498EA0 Parport         C:\Windows\system32\drivers\parport.sys
17:33:58.0174 4552  Parport ok
17:33:58.0194 4552  B43751085E2ABE389DA466BC62A4B987 partmgr         C:\Windows\system32\drivers\partmgr.sys
17:33:58.0209 4552  partmgr ok
17:33:58.0227 4552  9AB157B374192FF276C1628FBDBA2B0E PcaSvc          C:\Windows\System32\pcasvc.dll
17:33:58.0245 4552  PcaSvc ok
17:33:58.0268 4552  81B5E63131090879AD6EF9F32109B88D pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:33:58.0282 4552  pccsmcfd ok
17:33:58.0307 4552  47AB1E0FC9D0E12BB53BA246E3A0906D pci             C:\Windows\system32\drivers\pci.sys
17:33:58.0323 4552  pci ok
17:33:58.0342 4552  2657F6C0B78C36D95034BE109336E382 pciide          C:\Windows\system32\drivers\pciide.sys
17:33:58.0356 4552  pciide ok
17:33:58.0372 4552  037661F3D7C507C9993B7010CEEE6288 pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:33:58.0388 4552  pcmcia ok
17:33:58.0413 4552  58865916F53592A61549B04941BFD80D PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:33:58.0487 4552  PEAUTH ok
17:33:58.0532 4552  0ED8727EA0172860F47258456C06CAEA PerfHost        C:\Windows\SysWow64\perfhost.exe
17:33:58.0577 4552  PerfHost ok
17:33:58.0619 4552  E9E68C1A0F25CF4A7AC966EEA74EE89E pla             C:\Windows\system32\pla.dll
17:33:58.0692 4552  pla ok
17:33:58.0720 4552  FE6B0F59215C9FD9F9D26539C58C8B82 PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:33:58.0757 4552  PlugPlay ok
17:33:58.0762 4552  PnkBstrA ok
17:33:58.0778 4552  9AE31D2E1D15C10D91318E0EC149CEAC PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:33:58.0822 4552  PNRPAutoReg ok
17:33:58.0834 4552  9AE31D2E1D15C10D91318E0EC149CEAC PNRPsvc         C:\Windows\system32\p2psvc.dll
17:33:58.0864 4552  PNRPsvc ok
17:33:58.0885 4552  89A5560671C2D8B4A4B51F3E1AA069D8 PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:33:58.0927 4552  PolicyAgent ok
17:33:58.0961 4552  23386E9952025F5F21C368971E2E7301 PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:33:58.0998 4552  PptpMiniport ok
17:33:59.0013 4552  5080E59ECEE0BC923F14018803AA7A01 Processor       C:\Windows\system32\drivers\processr.sys
17:33:59.0058 4552  Processor ok
17:33:59.0085 4552  E058CE4FC2449D8BFA14739C83B7FF2A ProfSvc         C:\Windows\system32\profsvc.dll
17:33:59.0126 4552  ProfSvc ok
17:33:59.0134 4552  260BF9C43EE12C6898A9F5AAB0FB0E5D ProtectedStorage C:\Windows\system32\lsass.exe
17:33:59.0153 4552  ProtectedStorage ok
17:33:59.0189 4552  C5AB7F0809392D0DA027F4A2A81BFA31 PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:33:59.0221 4552  PSched ok
17:33:59.0250 4552  0B83F4E681062F3839BE2EC1D98FD94A ql2300          C:\Windows\system32\drivers\ql2300.sys
17:33:59.0306 4552  ql2300 ok
17:33:59.0319 4552  E1C80F8D4D1E39EF9595809C1369BF2A ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:33:59.0334 4552  ql40xx ok
17:33:59.0358 4552  90574842C3DA781E279061A3EFF91F07 QWAVE           C:\Windows\system32\qwave.dll
17:33:59.0390 4552  QWAVE ok
17:33:59.0403 4552  E8D76EDAB77EC9C634C27B8EAC33ADC5 QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:33:59.0423 4552  QWAVEdrv ok
17:33:59.0433 4552  1013B3B663A56D3DDD784F581C1BD005 RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:33:59.0481 4552  RasAcd ok
17:33:59.0508 4552  B2AE18F847D07F0044404DDF7CB04497 RasAuto         C:\Windows\System32\rasauto.dll
17:33:59.0550 4552  RasAuto ok
17:33:59.0558 4552  AC7BC4D42A7E558718DFDEC599BBFC2C Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:33:59.0587 4552  Rasl2tp ok
17:33:59.0609 4552  3AD83E4046C43BE510DE681588ACB8AF RasMan          C:\Windows\System32\rasmans.dll
17:33:59.0644 4552  RasMan ok
17:33:59.0661 4552  4517FBF8B42524AFE4EDE1DE102AAE3E RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:33:59.0694 4552  RasPppoe ok
17:33:59.0699 4552  C6A593B51F34C33E5474539544072527 RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:33:59.0723 4552  RasSstp ok
17:33:59.0737 4552  322DB5C6B55E8D8EE8D6F358B2AAABB1 rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:33:59.0767 4552  rdbss ok
17:33:59.0771 4552  603900CC05F6BE65CCBF373800AF3716 RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:33:59.0806 4552  RDPCDD ok
17:33:59.0825 4552  C045D1FB111C28DF0D1BE8D4BDA22C06 rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:33:59.0873 4552  rdpdr ok
17:33:59.0877 4552  CAB9421DAF3D97B33D0D055858E2C3AB RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:33:59.0914 4552  RDPENCDD ok
17:33:59.0943 4552  AE4BD9E1C33D351D8E607FC81F15160C RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:33:59.0974 4552  RDPWD ok
17:33:59.0990 4552  C612B9557DA73F70D41F8A6FBC8E5344 RemoteAccess    C:\Windows\System32\mprdim.dll
17:34:00.0032 4552  RemoteAccess ok
17:34:00.0044 4552  44B9D8EC2F3EF3A0EFB00857AF70D861 RemoteRegistry  C:\Windows\system32\regsvc.dll
17:34:00.0081 4552  RemoteRegistry ok
17:34:00.0103 4552  F46C457840D4B7A4DAAFEE739CE04102 RpcLocator      C:\Windows\system32\locator.exe
17:34:00.0119 4552  RpcLocator ok
17:34:00.0148 4552  CF8B9A3A5E7DC57724A89D0C3E8CF9EF RpcSs           C:\Windows\system32\rpcss.dll
17:34:00.0185 4552  RpcSs ok
17:34:00.0196 4552  22A9CB08B1A6707C1550C6BF099AAE73 rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:34:00.0236 4552  rspndr ok
17:34:00.0254 4552  260BF9C43EE12C6898A9F5AAB0FB0E5D SamSs           C:\Windows\system32\lsass.exe
17:34:00.0272 4552  SamSs ok
17:34:00.0286 4552  CD9C693589C60AD59BBBCFB0E524E01B sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:34:00.0300 4552  sbp2port ok
17:34:00.0331 4552  FD1CDCF108D5EF3366F00D18B70FB89B SCardSvr        C:\Windows\System32\SCardSvr.dll
17:34:00.0370 4552  SCardSvr ok
17:34:00.0404 4552  0F838C811AD295D2A4489B9993096C63 Schedule        C:\Windows\system32\schedsvc.dll
17:34:00.0470 4552  Schedule ok
17:34:00.0486 4552  5A268127633C7EE2A7FB87F39D748D56 SCPolicySvc     C:\Windows\System32\certprop.dll
17:34:00.0513 4552  SCPolicySvc ok
17:34:00.0539 4552  4FF71B076A7760FE75EA5AE2D0EE0018 SDRSVC          C:\Windows\System32\SDRSVC.dll
17:34:00.0565 4552  SDRSVC ok
17:34:00.0583 4552  3EA8A16169C26AFBEB544E0E48421186 secdrv          C:\Windows\system32\drivers\secdrv.sys
17:34:00.0640 4552  secdrv ok
17:34:00.0658 4552  5ACDCBC67FCF894A1815B9F96D704490 seclogon        C:\Windows\system32\seclogon.dll
17:34:00.0714 4552  seclogon ok
17:34:00.0728 4552  90973A64B96CD647FF81C79443618EED SENS            C:\Windows\System32\sens.dll
17:34:00.0781 4552  SENS ok
17:34:00.0803 4552  2449316316411D65BD2C761A6FFB2CE2 Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:34:00.0850 4552  Serenum ok
17:34:00.0868 4552  4B438170BE2FC8E0BD35EE87A960F84F Serial          C:\Windows\system32\DRIVERS\serial.sys
17:34:00.0916 4552  Serial ok
17:34:00.0941 4552  A842F04833684BCEEA7336211BE478DF sermouse        C:\Windows\system32\drivers\sermouse.sys
17:34:01.0003 4552  sermouse ok
17:34:01.0039 4552  9D38320BB32230349379DF5DDBBF7FCE ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
17:34:01.0072 4552  ServiceLayer UnsignedFile.Multi.Generic ) - warning
17:34:01.0072 4552  ServiceLayer detected UnsignedFile.Multi.Generic (1)
17:34:01.0096 4552  A8E4A4407A09F35DCCC3771AF590B0C4 SessionEnv      C:\Windows\system32\sessenv.dll
17:34:01.0139 4552  SessionEnv ok
17:34:01.0161 4552  14D4B4465193A87C127933978E8C4106 sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:34:01.0221 4552  sffdisk ok
17:34:01.0235 4552  7073AEE3F82F3D598E3825962AA98AB2 sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:34:01.0271 4552  sffp_mmc ok
17:34:01.0282 4552  35E59EBE4A01A0532ED67975161C7B82 sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:34:01.0323 4552  sffp_sd ok
17:34:01.0339 4552  6B7838C94135768BD455CBDC23E39E5F sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:34:01.0387 4552  sfloppy ok
17:34:01.0422 4552  4C5AEE179DA7E1EE9A9CCB9DA289AF34 SharedAccess    C:\Windows\System32\ipnathlp.dll
17:34:01.0475 4552  SharedAccess ok
17:34:01.0502 4552  56793271ECDEDD350C5ADD305603E963 ShellHWDetection C:\Windows\System32\shsvcs.dll
17:34:01.0523 4552  ShellHWDetection ok
17:34:01.0537 4552  7A5DE502AEB719D4594C6471060A78B3 SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:34:01.0552 4552  SiSRaid2 ok
17:34:01.0563 4552  3A2F769FAB9582BC720E11EA1DFB184D SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:34:01.0577 4552  SiSRaid4 ok
17:34:01.0709 4552  388AE59FE75F1B959DFA0900923C61BB Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:34:01.0786 4552  Skype C2C Service ok
17:34:01.0842 4552  F07AF60B152221472FBDB2FECEC4896D SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:34:01.0856 4552  SkypeUpdate ok
17:34:01.0910 4552  A9A27A8E257B45A604FDAD4F26FE7241 slsvc           C:\Windows\system32\SLsvc.exe
17:34:02.0064 4552  slsvc ok
17:34:02.0084 4552  FD74B4B7C2088E390A30C85A896FC3AF SLUINotify      C:\Windows\system32\SLUINotify.dll
17:34:02.0118 4552  SLUINotify ok
17:34:02.0140 4552  290B6F6A0EC4FCDFC90F5CB6D7020473 Smb             C:\Windows\system32\DRIVERS\smb.sys
17:34:02.0176 4552  Smb ok
17:34:02.0199 4552  F8F47F38909823B1AF28D60B96340CFF SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:34:02.0226 4552  SNMPTRAP ok
17:34:02.0246 4552  386C3C63F00A7040C7EC5E384217E89D spldr           C:\Windows\system32\drivers\spldr.sys
17:34:02.0262 4552  spldr ok
17:34:02.0287 4552  F66FF751E7EFC816D266977939EF5DC3 Spooler         C:\Windows\System32\spoolsv.exe
17:34:02.0312 4552  Spooler ok
17:34:02.0343 4552  880A57FCCB571EBD063D4DD50E93E46D srv             C:\Windows\system32\DRIVERS\srv.sys
17:34:02.0400 4552  srv ok
17:34:02.0426 4552  A1AD14A6D7A37891FFFECA35EBBB0730 srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:34:02.0451 4552  srv2 ok
17:34:02.0474 4552  4BED62F4FA4D8300973F1151F4C4D8A7 srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:34:02.0493 4552  srvnet ok
17:34:02.0510 4552  192C74646EC5725AEF3F80D19FF75F6A SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:34:02.0559 4552  SSDPSRV ok
17:34:02.0588 4552  2EE3FA0308E6185BA64A9A7F2E74332B SstpSvc         C:\Windows\system32\sstpsvc.dll
17:34:02.0618 4552  SstpSvc ok
17:34:02.0654 4552  B13695429E5C0832403F6DFC14E0293F ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
17:34:02.0668 4552  ss_bbus ok
17:34:02.0683 4552  02AEC2E12740FFD5602D52FB074E06D1 ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
17:34:02.0695 4552  ss_bmdfl ok
17:34:02.0714 4552  D8A587160188EFBEB0CF9E630E7926A6 ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
17:34:02.0729 4552  ss_bmdm ok
17:34:02.0781 4552  Steam Client Service ok
17:34:02.0818 4552  F0359F7CE712D69ACEF0886BDB4792ED Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:34:02.0858 4552  Stereo Service ok
17:34:02.0892 4552  15825C1FBFB8779992CB65087F316AF5 stisvc          C:\Windows\System32\wiaservc.dll
17:34:02.0955 4552  stisvc ok
17:34:02.0974 4552  8A851CA908B8B974F89C50D2E18D4F0C swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:34:02.0988 4552  swenum ok
17:34:03.0015 4552  6DE37F4DE19D4EFD9C48C43ADDBC949A swprv           C:\Windows\System32\swprv.dll
17:34:03.0093 4552  swprv ok
17:34:03.0109 4552  2F26A2C6FC96B29BEFF5D8ED74E6625B Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:34:03.0124 4552  Symc8xx ok
17:34:03.0139 4552  A909667976D3BCCD1DF813FED517D837 Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:34:03.0154 4552  Sym_hi ok
17:34:03.0168 4552  36887B56EC2D98B9C362F6AE4DE5B7B0 Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:34:03.0183 4552  Sym_u3 ok
17:34:03.0225 4552  92D7A8B0F87B036F17D25885937897A6 SysMain         C:\Windows\system32\sysmain.dll
17:34:03.0294 4552  SysMain ok
17:34:03.0323 4552  005CE42567F9113A3BCCB3B20073B029 TabletInputService C:\Windows\System32\TabSvc.dll
17:34:03.0391 4552  TabletInputService ok
17:34:03.0424 4552  CC2562B4D55E0B6A4758C65407F63B79 TapiSrv         C:\Windows\System32\tapisrv.dll
17:34:03.0468 4552  TapiSrv ok
17:34:03.0491 4552  TBPanel ok
17:34:03.0502 4552  CDBE8D7C1E201B911CDC346D06617FB5 TBS             C:\Windows\System32\tbssvc.dll
17:34:03.0543 4552  TBS ok
17:34:03.0581 4552  0E970F59D7FBB838316176B19A2ADB82 Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:34:03.0636 4552  Tcpip ok
17:34:03.0656 4552  0E970F59D7FBB838316176B19A2ADB82 Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:34:03.0705 4552  Tcpip6 ok
17:34:03.0732 4552  C7E72A4071EE0200E3C075DACFB2B334 tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:34:03.0758 4552  tcpipreg ok
17:34:03.0774 4552  1D8BF4AAA5FB7A2761475781DC1195BC TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:34:03.0819 4552  TDPIPE ok
17:34:03.0834 4552  7F7E00CDF609DF657F4CDA02DD1C9BB1 TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:34:03.0886 4552  TDTCP ok
17:34:03.0901 4552  458919C8C42E398DC4802178D5FFEE27 tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:34:03.0945 4552  tdx ok
17:34:03.0962 4552  8C19678D22649EC002EF2282EAE92F98 TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:34:03.0979 4552  TermDD ok
17:34:04.0019 4552  5CDD30BC217082DAC71A9878D9BFD566 TermService     C:\Windows\System32\termsrv.dll
17:34:04.0093 4552  TermService ok
17:34:04.0098 4552  TFsExDisk ok
17:34:04.0123 4552  56793271ECDEDD350C5ADD305603E963 Themes          C:\Windows\system32\shsvcs.dll
17:34:04.0144 4552  Themes ok
17:34:04.0154 4552  3CBE4995E80E13CCFBC42E5DCF3AC81A THREADORDER     C:\Windows\system32\mmcss.dll
17:34:04.0192 4552  THREADORDER ok
17:34:04.0214 4552  F4689F05AF472A651A7B1B7B02D200E7 TrkWks          C:\Windows\System32\trkwks.dll
17:34:04.0260 4552  TrkWks ok
17:34:04.0303 4552  66328B08EF5A9305D8EDE36B93930369 TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:34:04.0340 4552  TrustedInstaller ok
17:34:04.0357 4552  9E5409CD17C8BEF193AAD498F3BC2CB8 tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:04.0395 4552  tssecsrv ok
17:34:04.0408 4552  89EC74A9E602D16A75A4170511029B3C tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:34:04.0425 4552  tunmp ok
17:34:04.0461 4552  30A9B3F45AD081BFFC3BCAA9C812B609 tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:34:04.0478 4552  tunnel ok
17:34:04.0492 4552  FEC266EF401966311744BD0F359F7F56 uagp35          C:\Windows\system32\drivers\uagp35.sys
17:34:04.0508 4552  uagp35 ok
17:34:04.0537 4552  FAF2640A2A76ED03D449E443194C4C34 udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:34:04.0571 4552  udfs ok
17:34:04.0580 4552  060507C4113391394478F6953A79EEDC UI0Detect       C:\Windows\system32\UI0Detect.exe
17:34:04.0622 4552  UI0Detect ok
17:34:04.0635 4552  4EC9447AC3AB462647F60E547208CA00 uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:34:04.0652 4552  uliagpkx ok
17:34:04.0680 4552  697F0446134CDC8F99E69306184FBBB4 uliahci         C:\Windows\system32\drivers\uliahci.sys
17:34:04.0701 4552  uliahci ok
17:34:04.0720 4552  31707F09846056651EA2C37858F5DDB0 UlSata          C:\Windows\system32\drivers\ulsata.sys
17:34:04.0737 4552  UlSata ok
17:34:04.0752 4552  85E5E43ED5B48C8376281BAB519271B7 ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:34:04.0770 4552  ulsata2 ok
17:34:04.0789 4552  46E9A994C4FED537DD951F60B86AD3F4 umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:34:04.0827 4552  umbus ok
17:34:04.0857 4552  7093799FF80E9DECA0680D2E3535BE60 upnphost        C:\Windows\System32\upnphost.dll
17:34:04.0912 4552  upnphost ok
17:34:04.0937 4552  43228F8EDD1B0BCDD3145AD246E63D39 USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:34:04.0968 4552  USBAAPL64 ok
17:34:05.0013 4552  07E3498FC60834219D2356293DA0FECC usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:34:05.0042 4552  usbccgp ok
17:34:05.0051 4552  9247F7E0B65852C1F6631480984D6ED2 usbcir          C:\Windows\system32\drivers\usbcir.sys
17:34:05.0116 4552  usbcir ok
17:34:05.0121 4552  827E44DE934A736EA31E91D353EB126F usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:34:05.0162 4552  usbehci ok
17:34:05.0187 4552  BB35CD80A2ECECFADC73569B3D70C7D1 usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:34:05.0232 4552  usbhub ok
17:34:05.0251 4552  EBA14EF0C07CEC233F1529C698D0D154 usbohci         C:\Windows\system32\drivers\usbohci.sys
17:34:05.0320 4552  usbohci ok
17:34:05.0336 4552  ACFEE697AF477021BB3EC78C5431FED2 usbprint        C:\Windows\system32\drivers\usbprint.sys
17:34:05.0388 4552  usbprint ok
17:34:05.0407 4552  B854C1558FCA0C269A38663E8B59B581 USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:05.0433 4552  USBSTOR ok
17:34:05.0441 4552  B2872CBF9F47316ABD0E0C74A1ABA507 usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:34:05.0466 4552  usbuhci ok
17:34:05.0476 4552  D76E231E4850BB3F88A3D9A78DF191E3 UxSms           C:\Windows\System32\uxsms.dll
17:34:05.0504 4552  UxSms ok
17:34:05.0534 4552  294945381DFA7CE58CECF0A9896AF327 vds             C:\Windows\System32\vds.exe
17:34:05.0583 4552  vds ok
17:34:05.0607 4552  916B94BCF1E09873FFF2D5FB11767BBC vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:05.0639 4552  vga ok
17:34:05.0654 4552  B83AB16B51FEDA65DD81B8C59D114D63 VgaSave         C:\Windows\System32\drivers\vga.sys
17:34:05.0687 4552  VgaSave ok
17:34:05.0706 4552  8294B6C3FDB6C33F24E150DE647ECDAA viaide          C:\Windows\system32\drivers\viaide.sys
17:34:05.0719 4552  viaide ok
17:34:05.0739 4552  2B7E885ED951519A12C450D24535DFCA volmgr          C:\Windows\system32\drivers\volmgr.sys
17:34:05.0754 4552  volmgr ok
17:34:05.0789 4552  CEC5AC15277D75D9E5DEC2E1C6EAF877 volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:34:05.0812 4552  volmgrx ok
17:34:05.0834 4552  582F710097B46140F5A89A19A6573D4B volsnap         C:\Windows\system32\drivers\volsnap.sys
17:34:05.0853 4552  volsnap ok
17:34:05.0874 4552  A68F455ED2673835209318DD61BFBB0E vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:34:05.0889 4552  vsmraid ok
17:34:05.0931 4552  B75232DAD33BFD95BF6F0A3E6BFF51E1 VSS             C:\Windows\system32\vssvc.exe
17:34:05.0996 4552  VSS ok
17:34:06.0023 4552  F14A7DE2EA41883E250892E1E5230A9A W32Time         C:\Windows\system32\w32time.dll
17:34:06.0094 4552  W32Time ok
17:34:06.0116 4552  FEF8FE5923FEAD2CEE4DFABFCE3393A7 WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:34:06.0179 4552  WacomPen ok
17:34:06.0188 4552  B8E7049622300D20BA6D8BE0C47C0CFD Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:34:06.0222 4552  Wanarp ok
17:34:06.0225 4552  B8E7049622300D20BA6D8BE0C47C0CFD Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:34:06.0254 4552  Wanarpv6 ok
17:34:06.0274 4552  B4E4C37D0AA6100090A53213EE2BF1C1 wcncsvc         C:\Windows\System32\wcncsvc.dll
17:34:06.0331 4552  wcncsvc ok
17:34:06.0353 4552  EA4B369560E986F19D93F45A881484AC WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:34:06.0388 4552  WcsPlugInService ok
17:34:06.0408 4552  0C17A0816F65B89E362E682AD5E7266E Wd              C:\Windows\system32\drivers\wd.sys
17:34:06.0421 4552  Wd ok
17:34:06.0461 4552  442783E2CB0DA19873B7A63833FF4CB4 Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:34:06.0495 4552  Wdf01000 ok
17:34:06.0508 4552  C5EFDA73EBFCA8B02A094898DE0A9276 WdiServiceHost  C:\Windows\system32\wdi.dll
17:34:06.0545 4552  WdiServiceHost ok
17:34:06.0549 4552  C5EFDA73EBFCA8B02A094898DE0A9276 WdiSystemHost   C:\Windows\system32\wdi.dll
17:34:06.0590 4552  WdiSystemHost ok
17:34:06.0602 4552  3E6D05381CF35F75EBB055544A8ED9AC WebClient       C:\Windows\System32\webclnt.dll
17:34:06.0634 4552  WebClient ok
17:34:06.0647 4552  WebOptimizer ok
17:34:06.0674 4552  8D40BC587993F876658BF9FB0F7D3462 Wecsvc          C:\Windows\system32\wecsvc.dll
17:34:06.0706 4552  Wecsvc ok
17:34:06.0719 4552  9C980351D7E96288EA0C23AE232BD065 wercplsupport   C:\Windows\System32\wercplsupport.dll
17:34:06.0752 4552  wercplsupport ok
17:34:06.0760 4552  66B9ECEBC46683F47EDC06333C075FEF WerSvc          C:\Windows\System32\WerSvc.dll
17:34:06.0799 4552  WerSvc ok
17:34:06.0814 4552  WinDefend ok
17:34:06.0820 4552  WinHttpAutoProxySvc ok
17:34:06.0857 4552  D2E7296ED1BD26D8DB2799770C077A02 Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:34:06.0899 4552  Winmgmt ok
17:34:06.0951 4552  6CBB0C68F13B9C2EC1B16F5FA5E7C869 WinRM           C:\Windows\system32\WsmSvc.dll
17:34:07.0041 4552  WinRM ok
17:34:07.0084 4552  EC339C8115E91BAED835957E9A677F16 Wlansvc         C:\Windows\System32\wlansvc.dll
17:34:07.0130 4552  Wlansvc ok
17:34:07.0230 4552  98F138897EF4246381D197CB81846D62 wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:34:07.0319 4552  wlidsvc ok
17:34:07.0341 4552  E18AEBAAA5A773FE11AA2C70F65320F5 WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:34:07.0385 4552  WmiAcpi ok
17:34:07.0394 4552  21FA389E65A852698B6A1341F36EE02D wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:34:07.0428 4552  wmiApSrv ok
17:34:07.0440 4552  WMPNetworkSvc ok
17:34:07.0467 4552  CBC156C913F099E6680D1DF9307DB7A8 WPCSvc          C:\Windows\System32\wpcsvc.dll
17:34:07.0498 4552  WPCSvc ok
17:34:07.0522 4552  490A18B4E4D53DC10879DEAA8E8B70D9 WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:34:07.0543 4552  WPDBusEnum ok
17:34:07.0570 4552  5E2401B3FC1089C90E081291357371A9 WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:34:07.0587 4552  WpdUsb ok
17:34:07.0696 4552  991E2C2CF3BC204C2BB2EE1476149E4E WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:34:07.0763 4552  WPFFontCache_v0400 ok
17:34:07.0781 4552  8A900348370E359B6BFF6A550E4649E1 ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:34:07.0832 4552  ws2ifsl ok
17:34:07.0854 4552  9EA3E6D0EF7A5C2B9181961052A4B01A wscsvc          C:\Windows\System32\wscsvc.dll
17:34:07.0876 4552  wscsvc ok
17:34:07.0880 4552  WSearch ok
17:34:07.0958 4552  D9EF901DCA379CFE914E9FA13B73B4C4 wuauserv        C:\Windows\system32\wuaueng.dll
17:34:08.0067 4552  wuauserv ok
17:34:08.0101 4552  AB886378EEB55C6C75B4F2D14B6C869F WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:34:08.0126 4552  WudfPf ok
17:34:08.0146 4552  DDA4CAF29D8C0A297F886BFE561E6659 WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:08.0184 4552  WUDFRd ok
17:34:08.0189 4552  B20F051B03A966392364C83F009F7D17 wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:34:08.0222 4552  wudfsvc ok
17:34:08.0298 4552  X6va002 ok
17:34:08.0309 4552  X6va005 ok
17:34:08.0351 4552  ================ Scan global ===============================
17:34:08.0375 4552  060DC3A7A9A2626031EB23D90151428D C:\Windows\system32\basesrv.dll
17:34:08.0401 4552  AA137104CDFC81818A309CDE32ABB74A C:\Windows\system32\winsrv.dll
17:34:08.0418 4552  AA137104CDFC81818A309CDE32ABB74A C:\Windows\system32\winsrv.dll
17:34:08.0444 4552  934E0B7D77FF78C18D9F8891221B6DE3 C:\Windows\system32\services.exe
17:34:08.0450 4552  [Global] - ok
17:34:08.0451 4552  ================ Scan MBR ==================================
17:34:08.0464 4552  5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:34:08.0892 4552  \Device\Harddisk0\DR0 ok
17:34:08.0893 4552  ================ Scan VBR ==================================
17:34:08.0896 4552  4D686CA292BD7574854A0ACA71D74CC1 ] \Device\Harddisk0\DR0\Partition1
17:34:08.0897 4552  \Device\Harddisk0\DR0\Partition1 ok
17:34:08.0923 4552  AFB17FD287E83172B0D11CD1896E9301 ] \Device\Harddisk0\DR0\Partition2
17:34:08.0925 4552  \Device\Harddisk0\DR0\Partition2 ok
17:34:08.0925 4552  ============================================================
17:34:08.0925 4552  Scan finished
17:34:08.0925 4552  ============================================================
17:34:08.0938 3356  Detected object count4
17:34:08.0938 3356  Actual detected object count4
17:34:19.0032 3356  Akamai HiddenFile.Multi.Generic ) - skipped by user
17:34:19.0033 3356  Akamai HiddenFile.Multi.Generic ) - User select actionSkip 
17:34:19.0035 3356  HiPatchService UnsignedFile.Multi.Generic ) - skipped by user
17:34:19.0035 3356  HiPatchService UnsignedFile.Multi.Generic ) - User select actionSkip 
17:34:19.0037 3356  IDriverT UnsignedFile.Multi.Generic ) - skipped by user
17:34:19.0037 3356  IDriverT UnsignedFile.Multi.Generic ) - User select actionSkip 
17:34:19.0039 3356  ServiceLayer UnsignedFile.Multi.Generic ) - skipped by user
17:34:19.0039 3356  ServiceLayer UnsignedFile.Multi.Generic ) - User select actionSkip 

Alt 21.02.2013, 17:40   #9
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.02.2013, 18:05   #10
Lukas1234
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


Hey
Also ich habe mein Antivirus-Programm deaktiviert, aber jetzt erzählt mir comboFix noch was über McAfee, das angeblich noch aktiv sein soll. Ein Suchlauf auf meinem PC hat allerdings kein McAfee gefunden :P Trotzdem ComboFix starten?

Alt 21.02.2013, 18:06   #11
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


dann klicke auf ok bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.02.2013, 18:31   #12
Lukas1234
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


So, hier der Log

PHP-Code:
ComboFix 13-02-21.02 Mietke 21.02.2013  18:13:14.1.4 x64
Microsoft® Windows Vista&#8482; Home Premium   6.0.6002.2.1252.49.1031.18.4094.2026 [GMT 1:00]
ausgeführt von:: c:\users\Mietke\Desktop\ComboFix.exe
AVMcAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FWMcAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SPMcAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SPWindows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\file_list.txt
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\ie_kikin.dll.old
c:\program files (x86)\kikin\kikin.ico
c:\program files (x86)\kikin\kikin_updater_2.0.0.11.exe
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\programdata\0d5af0ae-d4e7-4b12-ba04-658f5165b97e.ico
c:\users\Mietke\AppData\Local\assembly\tmp
c:\users\Mietke\AppData\Roaming\AcroIEHelpe.txt
c:\users\Mietke\AppData\Roaming\Amnaro
c:\users\Mietke\AppData\Roaming\Amnaro\ketuf.cat
c:\users\Mietke\AppData\Roaming\Cayt
c:\users\Mietke\AppData\Roaming\Cayt\daluo.efl
c:\users\Mietke\AppData\Roaming\Cigo
c:\users\Mietke\AppData\Roaming\Cigo\idur.buq
c:\users\Mietke\AppData\Roaming\Ezqy
c:\users\Mietke\AppData\Roaming\Ezqy\hiluo.sou
c:\users\Mietke\AppData\Roaming\Help\coredb\storage
c:\users\Mietke\AppData\Roaming\kikin
c:\users\Mietke\AppData\Roaming\kikin\ff_kkes.xml
c:\users\Mietke\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Mietke\AppData\Roaming\kikin\ie_kkes.xml
c:\users\Mietke\AppData\Roaming\kikin\ie_settings.xml
c:\users\Mietke\AppData\Roaming\Nedem
c:\users\Mietke\AppData\Roaming\Nedem\geil.aty
c:\users\Mietke\AppData\Roaming\Oqel
c:\users\Mietke\AppData\Roaming\Oqel\udesu.nyv
c:\users\Mietke\AppData\Roaming\Otovu
c:\users\Mietke\AppData\Roaming\Otovu\axre.zuy
c:\users\Mietke\AppData\Roaming\srvblck2.tmp
c:\users\Mietke\AppData\Roaming\Tyseh
c:\users\Mietke\AppData\Roaming\Tyseh\kyer.xig
c:\users\Mietke\AppData\Roaming\Usicc
c:\users\Mietke\AppData\Roaming\Usicc\igtey.yta
c:\users\Mietke\AppData\Roaming\Utbeiz
c:\users\Mietke\AppData\Roaming\Utbeiz\icla.lio
c:\users\Mietke\AppData\Roaming\Vihea
c:\users\Mietke\AppData\Roaming\Vihea\alse.ryc
c:\windows\IsUn0407.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-21 bis 2013-02-21  ))))))))))))))))))))))))))))))
.
.
2013-02-21 17:25 2013-02-21 17:25    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-02-21 17:25 2013-02-21 17:25    --------    d-----w-    c:\users\UpdatusUser.Mietke-PC\AppData\Local\temp
2013-02-21 17:25 2013-02-21 17:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-21 16:50 2013-02-21 17:11    --------    d-----w-    C:\32788R22FWJFW
2013-02-21 16:10 2013-02-21 16:10    --------    d-----w-    C:\_OTL
2013-02-19 11:50 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FBC0AD9-5BA6-4E17-BDC8-5D16BE44A60E}\mpengine.dll
2013-02-13 19:48 2013-01-02 11:08    1027584    ----a-w-    c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-13 19:48 2013-01-02 07:37    759296    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-13 19:48 2013-01-04 11:31    1423720    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-13 19:48 2013-01-04 01:59    2773504    ----a-w-    c:\windows\system32\win32k.sys
2013-02-13 19:48 2013-01-05 13:44    9331200    ----a-w-    c:\windows\system32\mshtml.dll
2013-02-13 19:48 2013-01-05 13:42    2356736    ----a-w-    c:\windows\system32\iertutil.dll
2013-02-13 19:48 2013-01-05 13:42    12509184    ----a-w-    c:\windows\system32\ieframe.dll
2013-02-02 18:23 2013-02-02 18:23    --------    d-----w-    c:\users\Mietke\AppData\Local\Red 5 Studios
2013-02-02 16:41 2013-02-02 16:41    --------    d-----w-    c:\program files (x86)\Xiph.Org
2013-01-30 13:00 2013-01-30 13:00    --------    d-----w-    c:\program files\iPod
2013-01-30 13:00 2013-01-30 13:01    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-30 13:00 2013-01-30 13:01    --------    d-----w-    c:\program files\iTunes
2013-01-30 13:00 2013-01-30 13:01    --------    d-----w-    c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-20 17:27 2010-05-23 10:03    270240    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-02-20 17:27 2009-12-06 14:03    270240    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2013-02-13 20:52 2006-11-02 12:35    70004024    ----a-w-    c:\windows\system32\mrt.exe
2013-02-09 19:29 2012-05-30 10:09    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-09 19:29 2012-05-30 10:09    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 00:28 2011-04-22 19:44    273840    ------w-    c:\windows\system32\MpSigStub.exe
2012-12-26 19:48 2010-05-23 10:03    270240    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2012-12-16 13:31 2012-12-22 02:00    48128    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 13:12 2012-12-22 02:00    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 2012-12-22 02:00    368128    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 10:50 2012-12-22 02:00    293376    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-14 15:49 2013-01-09 18:54    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweisleere Einträge legitime Standardeinträge werden nicht angezeigt
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54    2607872    ----a-w-    c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}""c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Mietke\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 39408]
"FreeCT"="c:\program files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe" [2012-04-22 2053456]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-08-02 2248704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Mietke\Desktop\mbar\mbar.exe" [2013-02-05 1363528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"(0x0)
"EnableUIADesktopToggle"(0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 71009799
*Deregistered* - 71009799
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 16:26    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 19:29]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 16:54]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 16:54]
.
2013-02-20 c:\windows\Tasks\User_Feed_Synchronization-{38A14B28-3686-4261-A0BB-BA949EC18DBC}.job
c:\windows\system32\msfeedssync.exe [2013-02-13 08:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50    133400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-16 6440480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-20 178712]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page c:\windows\system32\blank.htm
uStart Page hxxp://search.iminent.com/?appId=86A427A2-1952-45A7-86C7-EAF17CD51250
mLocal Page c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
Trusted Zoneclonewarsadventures.com
Trusted Zonefreerealms.com
Trusted Zonesoe.com
Trusted Zonesony.com
TCPDhcpNameServer 192.168.0.1
FF ProfilePath c:\users\Mietke\AppData\Roaming\Mozilla\Firefox\Profiles\kz08tl84.default\
FF prefs.jsbrowser.search.defaulturl hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF prefs.jsbrowser.search.selectedEngine 
FF prefs.jsbrowser.startup.homepage www.web.de
FF prefs.jskeyword.URL hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyGIMUR6v&&i=26&search=
FF ExtSQL: !HIDDEN2009-06-24 11:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF ExtSQL: !HIDDEN2009-11-28 22:36; {800b5000-a755-47e1-992b-48a1c1357f07}; c:\program files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF ExtSQL: !HIDDEN2011-01-04 12:03; {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}; c:\users\Mietke\AppData\Roaming\5006
FF user.jsnetwork.cookie.cookieBehavior 0
FF user.jsprivacy.clearOnShutdown.cookies false
FF user.jssecurity.warn_viewing_mixed false
FF user.jssecurity.warn_viewing_mixed.show_once false
FF user.jssecurity.warn_submit_insecure false
FF user.jssecurity.warn_submit_insecure.show_once false
FF user.jsextensions.incredibar_i.newTab false
FF user.jsextensions.incredibar_i.tlbrSrchUrl hxxp://mystart.Incredibar.com/?a=6OyGIMUR6v&loc=IB_TB&i=26&search=
FF user.jsextensions.incredibar_i.id 442cdc36000000000000001ee5e1a5d7
FF user.jsextensions.incredibar_i.instlDay 15523
FF user.jsextensions.incredibar_i.vrsn 1.5.11.14
FF user.jsextensions.incredibar_i.vrsni 1.5.11.14
FF user.jsextensions.incredibar_i.vrsnTs 1.5.11.1415:24
FF user.jsextensions.incredibar_i.prtnrId Incredibar
FF user.jsextensions.incredibar_i.prdct incredibar
FF user.jsextensions.incredibar_i.aflt orgnl
FF user.jsextensions.incredibar_i.smplGrp none
FF user.jsextensions.incredibar_i.tlbrId base
FF user.jsextensions.incredibar_i.instlRef 
FF user.jsextensions.incredibar_i.dfltLng 
FF user.jsextensions.incredibar_i.excTlbr false
FF user.jsextensions.incredibar_i.ms_url_id 
FF user.jsextensions.incredibar_i.upn2 6OyGIMUR6v
FF user.jsextensions.incredibar_i.upn2n 92261686095990951
FF user.jsextensions.incredibar_i.productid 26
FF user.jsextensions.incredibar_i.installerproductid 26
FF user.jsextensions.incredibar_i.did 10657
FF user.jsextensions.incredibar_i.ppd 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Free Audio CD Burner_is1 c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free YouTube to iPod Converter_is1 c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Free YouTube to MP3 Converter_is1 c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-MobMap_is1 c:\program files (x86)\MobMapUpdater\unins000.exe
AddRemove-Neffy c:\program files (x86)\Neffy\uninst.exe
AddRemove-Pflanzen gegen Zombies c:\program files (x86)\PopCap Games\Pflanzen gegen Zombies\PopUninstall.exe
AddRemove-The Secret World_is1 d:\program files (x86)\The Secret World\The Secret World\unins000.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF001} - d:\program files (x86)\Global Agenda\HiRezGamesDiagAndSupport.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - d:\program files (x86)\Global Agenda\HiRezGamesDiagAndSupport.exe
AddRemove-{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1 c:\users\Mietke\Documents\The War Z\unins000.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
AddRemove-NCsoft-AionEU c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe
AddRemove-NCsoft-GuildWars c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe
AddRemove-Planetside 2 d:\program files (x86)\Planetside 2\Uninstaller.exe
AddRemove-soe-PlanetSide 2 PSG d:\program files (x86)\Planetside 2\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va002]
"ImagePath"="\??\c:\users\Mietke\AppData\Local\Temp\002A95A.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\Mietke\AppData\Local\Temp\005FA6B.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1126053746-1709790084-1523483457-1000\Software\SecuROM\!CAUTIONNEVER A OR CHANGE ANY KEY*]
"??"=hex:38,0c,9e,88,c5,7a,26,9f,85,ae,8b,25,4d,80,92,06,c2,9a,f6,ae,41,2f,51,
   cd,18,36,f9,a4,81,c6,09,73,dd,50,9c,ec,9a,e3,07,4f,cb,82,5d,5a,f7,ef,c2,d1,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1126053746-1709790084-1523483457-1000\Software\SecuROM\License information*]
"datasecu"=hex:69,14,a1,3b,98,0f,ee,be,42,4e,4c,4a,7a,7e,e3,3a,ca,53,f1,ce,ea,
   c7,0b,4a,6f,90,4f,35,d4,b1,1f,dc,7a,2a,06,b4,ed,88,4f,2d,4f,96,06,37,2e,be,\
"rkeysecu"=hex:29,ca,2a,2e,ea,ce,8d,fe,d0,5a,6b,1e,81,4f,b2,13
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung2013-02-21  18:28:36
ComboFix-quarantined-files.txt  2013-02-21 17:28
.
Vor Suchlauf28 Verzeichnis(se), 20.304.850.944 Bytes frei
Nach Suchlauf34 Verzeichnis(se), 22.944.645.120 Bytes frei

Alt 21.02.2013, 19:21   #13
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


hi
du hast Malwarebytes antirootkit genutzt kann ich das log bekommen, bzw die logs
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.02.2013, 19:34   #14
Lukas1234
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


Hey,
Hab ich vorhin schonmal gepostet, aber hier ists nochmal.
PHP-Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database versionv2013.02.21.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19400
Mietke :: MIETKE-PC [administrator]

21.02.2013 14:53:02
mbar-log-2013-02-21 (14-53-02).txt

Scan typeQuick scan
Scan options enabledMemory Startup Registry File System Heuristics/Extra Heuristics/Shuriken PUP PUM P2P
Scan options disabled
Objects scanned31051
Time elapsed10 minute(s), 57 second(s)

Memory Processes Detected0
(No malicious items detected)

Memory Modules Detected0
(No malicious items detected)

Registry Keys Detected2
HKCU\SOFTWARE\CLASSES\linkrdr.AIEbho (Trojan.Banker) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\linkrdr.AIEbho.1 (Trojan.Banker) -> Delete on reboot.

Registry Values Detected0
(No malicious items detected)

Registry Data Items Detected0
(No malicious items detected)

Folders Detected0
(No malicious items detected)

Files Detected0
(No malicious items detected)

(end
hab das danach nochmal laufen lassen, hier ist der zweite log
PHP-Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database versionv2013.02.21.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19400
Mietke :: MIETKE-PC [administrator]

21.02.2013 15:09:51
mbar-log-2013-02-21 (15-09-51).txt

Scan typeQuick scan
Scan options enabledMemory Startup Registry File System Heuristics/Extra Heuristics/Shuriken PUP PUM P2P
Scan options disabled
Objects scanned31072
Time elapsed11 minute(s), 25 second(s)

Memory Processes Detected0
(No malicious items detected)

Memory Modules Detected0
(No malicious items detected)

Registry Keys Detected0
(No malicious items detected)

Registry Values Detected0
(No malicious items detected)

Registry Data Items Detected0
(No malicious items detected)

Folders Detected0
(No malicious items detected)

Files Detected0
(No malicious items detected)

(end
wie vorhin schon gesagt, ich weiß halt nicht genau, ob die beiden entfernten objekte jetzt das problem lösen, oder nicht, da ich von sowas praktisch keine ahnung habe.

Alt 21.02.2013, 19:47   #15
markusg
/// Malware-holic
 
Seth. avazutracking.net - Standard

Seth. avazutracking.net


Sorry is mir entfallen.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort
Seite 1 von 3 1 23

Themen zu Seth. avazutracking.net
browsergames, einiger, entfernung, firefox, freue, home, home premium, könntet, mozilla, mozilla firefox, neue, neue tabs, premium, seite, seiten, seth.avazutracking.net, vista, vista home premium, weitergeleitet, windows, windows vista, windows vista home, würde, öffnen


« Der Virus TR/Sirefef.AB.78 lässt sich nicht löschen | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit »


Ähnliche Themen: Seth. avazutracking.net


  1. Avazutracking
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (17)
  2. Seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (11)
  3. Pop-Up von seth.avazurtracking und weiteren URL's
    Plagegeister aller Art und deren Bekämpfung - 11.11.2013 (23)
  4. Seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (12)
  5. Seth.avazutracking.net - Problem
    Log-Analyse und Auswertung - 14.10.2013 (7)
  6. seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (9)
  7. Avazutracking entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (17)
  8. seth.avazutracking.net Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (9)
  9. Windows 7: ca. 1 mal pro Woche öffnet sich seth.avazutracking von alleine
    Log-Analyse und Auswertung - 15.08.2013 (12)
  10. Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs
    Log-Analyse und Auswertung - 14.08.2013 (15)
  11. Seth Avazutracking.net
    Log-Analyse und Auswertung - 02.08.2013 (13)
  12. Seth.avazutracking.net
    Log-Analyse und Auswertung - 25.06.2013 (4)
  13. Avazutracking Virus
    Plagegeister aller Art und deren Bekämpfung - 22.06.2013 (9)
  14. http://seth.avazutracking.net/tracking/redirect/
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (1)
  15. Seth. avazutracking.net
    Log-Analyse und Auswertung - 12.04.2013 (20)
  16. Seth Avazutracking.net und ad.yieldmanager.com entfernen?
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (26)
  17. Seth.avazutrackingnet Virus entfernen?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Seth. avazutracking.net - Moin allerseits, seit einiger Zeit öffnen sich bei meinem Firefox manchmal neue Tabs, wo ich dann über die Seth.avazutracking.net auf Seiten von Browsergames oder dergleich weitergeleitet werde. Daten zu meinem - Seth. avazutracking.net...
Archiv
Du betrachtest: Seth. avazutracking.net auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131