Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computer gesperrt GVU Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.01.2013, 15:12   #1
craphere
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



Hier die dateien, hoffenlich bekomme ich schnelle hilfe

Schritt 1 ausgeführt

hier Schritt 2-3
Schritt 2 :
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.01.2013 14:36:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\DATA\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 14,59 Gb Available Physical Memory | 91,33% Memory free
31,96 Gb Paging File | 30,67 Gb Available in Paging File | 95,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 443,11 Gb Free Space | 47,57% Space Free | Partition Type: NTFS
Drive D: | 6,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: LUKASTOWER | User Name: Lukas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.10 14:36:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\DATA\Downloads\OTL.exe
PRC - [2012.12.12 16:36:15 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012.08.30 20:22:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\DATA\Progamme\firefox.exe
PRC - [2012.08.30 20:22:30 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\DATA\Progamme\plugin-container.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.12 16:36:14 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012.08.30 20:22:30 | 002,242,528 | ---- | M] () -- C:\DATA\Progamme\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 14:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.09 03:39:34 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.19 20:17:25 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.30 20:22:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010.09.02 16:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe -- (SmartViewService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012.10.13 20:56:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.25 18:08:02 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012.04.24 22:28:28 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.05.10 15:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.03.04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.10.19 13:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 9F C9 A7 34 EF CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{DCC4C677-CE06-41d8-811B-BA49DA2D36CF}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=logo"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3.1
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\DATA\Progamme\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\DATA\Progamme\components [2012.08.30 20:22:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\DATA\Progamme\plugins
 
[2012.04.24 22:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2012.12.12 17:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions
[2012.09.20 21:50:28 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions\battlefieldplay4free@ea.com
[2012.12.12 17:52:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions\ich@maltegoetz.de
[2012.12.08 21:39:45 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\1zop6hfg.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (SmartView VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll (DeviceVM, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SmartViewAgent] C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToUcamVProperty] C:\PROGRA~2\PHILIP~1\VProperty.exe File not found
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [ASRockXTU]  File not found
O4 - HKCU..\Run: [Steam] C:\DATA\Progamme\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BB66921-147F-41AE-9B7A-825D2BD2F90D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{69b90abb-136f-11e2-8110-bc5ff41ef57a}\Shell - "" = AutoRun
O33 - MountPoints2\{69b90abb-136f-11e2-8110-bc5ff41ef57a}\Shell\AutoRun\command - "" = E:\SETUP.EXE -autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 14:19:01 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Programs
[2013.01.09 03:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC Tool
[2013.01.07 10:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.07 10:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.07 10:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.07 10:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.24 11:00:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\ts3overlay_hook_win64
[2012.12.16 22:11:51 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\.minecraft
[2012.12.16 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\rigonauts
[2012.12.12 17:49:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.12 16:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.12.12 16:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.12 16:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.12 16:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.12.12 16:39:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\HP
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.10 14:36:05 | 000,000,168 | ---- | M] () -- C:\Users\Lukas\defogger_reenable
[2013.01.10 14:19:10 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.10 14:18:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.10 14:18:12 | 4278,960,126 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 14:16:08 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.10 08:58:35 | 000,016,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 08:58:35 | 000,016,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 08:46:48 | 000,001,412 | ---- | M] () -- C:\Users\Lukas\Desktop\Games.lnk
[2013.01.09 03:25:46 | 000,000,997 | ---- | M] () -- C:\Users\Lukas\Desktop\ACTool.exe - Verknüpfung.lnk
[2013.01.07 10:43:16 | 000,001,701 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.03 16:55:42 | 008,538,422 | ---- | M] () -- C:\Users\Lukas\Desktop\PEET VBT SPLASH! 2012 INSTRUMENTALS -Achtelfinale - Splifftastic (vs. Smoke T) 99BPM.mp3
[2012.12.26 10:19:20 | 000,065,024 | ---- | M] () -- C:\Users\Lukas\Desktop\Elite 1.9.39.exe
[2012.12.20 16:42:34 | 001,642,216 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.20 16:42:34 | 000,707,316 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.20 16:42:34 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.20 16:42:34 | 000,152,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.20 16:42:34 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.17 16:57:45 | 000,272,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.12 16:39:42 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.10 14:36:05 | 000,000,168 | ---- | C] () -- C:\Users\Lukas\defogger_reenable
[2013.01.10 14:19:10 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.10 14:16:08 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 03:25:46 | 000,000,997 | ---- | C] () -- C:\Users\Lukas\Desktop\ACTool.exe - Verknüpfung.lnk
[2013.01.07 10:43:16 | 000,001,701 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.03 18:23:31 | 008,538,422 | ---- | C] () -- C:\Users\Lukas\Desktop\PEET VBT SPLASH! 2012 INSTRUMENTALS -Achtelfinale - Splifftastic (vs. Smoke T) 99BPM.mp3
[2012.12.28 02:50:54 | 000,065,024 | ---- | C] () -- C:\Users\Lukas\Desktop\Elite 1.9.39.exe
[2012.12.16 16:40:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.16 16:38:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.14 15:42:46 | 000,001,412 | ---- | C] () -- C:\Users\Lukas\Desktop\Games.lnk
[2012.12.13 06:33:28 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.12.12 16:39:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.12.10 23:03:10 | 000,010,113 | ---- | C] () -- C:\Users\Lukas\AppData\Local\recently-used.xbel
[2012.10.13 20:58:38 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2012.10.11 13:21:55 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.09.07 05:16:49 | 000,000,093 | ---- | C] () -- C:\Users\Lukas\AppData\Local\fusioncache.dat
[2012.09.07 05:13:48 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.08.01 19:26:03 | 000,004,906 | ---- | C] () -- C:\ProgramData\gvpgdylr.gft
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.30 06:09:43 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.30 06:09:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.30 06:09:41 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.04.29 03:19:35 | 000,007,601 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
[2012.04.25 17:31:21 | 001,668,578 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.24 22:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.24 22:17:36 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.16 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.minecraft
[2012.08.24 16:59:47 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Awesomium
[2012.10.13 20:58:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DAEMON Tools Lite
[2012.04.24 22:31:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DeviceVm
[2012.04.26 18:15:25 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Hi-Rez Studios
[2012.08.17 16:46:59 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Kalypso Media
[2012.04.26 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient
[2012.05.25 12:34:35 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient2
[2012.07.10 17:02:20 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Need for Speed World
[2012.12.02 02:20:49 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin
[2012.12.16 16:43:54 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\rigonauts
[2012.07.31 20:09:19 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\RotMG.Production
[2013.01.03 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TeamViewer
[2012.04.25 19:33:31 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ts3overlay
[2012.12.24 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ts3overlay_hook_win64
[2012.05.22 03:00:56 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\wargaming.net
[2012.09.04 21:21:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Waveform
[2012.10.13 00:11:08 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\xrecode2
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.01.2013 14:36:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\DATA\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 14,59 Gb Available Physical Memory | 91,33% Memory free
31,96 Gb Paging File | 30,67 Gb Available in Paging File | 95,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 443,11 Gb Free Space | 47,57% Space Free | Partition Type: NTFS
Drive D: | 6,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: LUKASTOWER | User Name: Lukas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\DATA\Progamme\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DE2040-34F0-40BE-A349-D2304DF8F93A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1EC3EC63-5C89-4522-AD64-33DA747225EE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4853EA97-BA25-41DD-BECA-71AF0E6C6119}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4BB5EE3E-F1A2-4D2D-8885-3A6627CD50A0}" = lport=56905 | protocol=17 | dir=in | name=pando media booster | 
"{68339B0E-C363-46FF-9A76-3ACA3033DDCA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{84FD3E62-84F9-4768-A392-76DC02843D8E}" = lport=56905 | protocol=6 | dir=in | name=pando media booster | 
"{85D01122-E2D1-456A-9AE0-D871164FAE0B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{91A24CB9-9C3F-4F6E-9331-7458F3122C5B}" = lport=56905 | protocol=6 | dir=in | name=pando media booster | 
"{C96E5E2B-6DA5-42B9-BE4D-27732E98519A}" = lport=56905 | protocol=17 | dir=in | name=pando media booster | 
"{D9723B78-A2D7-4FA3-AFB3-F202CC595CCB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F127044F-B0D5-4C17-A222-B9DF56439FBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F3AAB98C-7AD3-4FFE-A9B8-6C8A03701480}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FCF8AEA3-F82E-4C02-8AC3-DD010F7803AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0190B8F2-ECF6-49F0-A62E-87878CEF3EA7}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{0203D484-2278-4668-9108-40394BD7C1E3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{02BFE566-5BA0-43C3-B257-EEB4EECE265B}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike\hl.exe | 
"{038AB480-DA16-4110-B38D-F76788B9C69C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{03D2A100-FA27-4C92-BD6F-B8B392EBF675}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{0417E220-12F9-4232-AC3B-621EE77E5994}" = dir=in | app=c:\data\progamme\itunes\itunes.exe | 
"{054CB269-90BE-45B7-8060-8466987D5D4D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{067879F2-A7CC-488A-8B6F-00D28B21D4EA}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\rigonauts\rigonauts.exe | 
"{08D27C94-92CF-4330-8FB9-B82126EB0BEE}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{0ADB434F-19E4-40E1-838E-E012C673E109}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0E6308B6-2B2A-4DC9-9C0C-7F5DFE26ECFC}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\waveform\waveform.exe | 
"{0EF77934-BE18-40E4-AF70-B71DF45E4C8E}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{0F035D16-99B3-4C8C-B635-097FD84FE069}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{10749F9E-6C86-47AE-98BE-F057F52055C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1131B5A3-3D4D-425A-956D-994979141F7E}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steam.exe | 
"{12557F05-063E-4650-91F0-FFDE27DB96B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{137C95E6-0315-4DAA-889A-AFCACD9D9242}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{147F09DA-8F37-4994-8E5E-C40D865B8234}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{180DC147-ED24-46BC-9593-364FA9A1F979}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{19DE4522-2F79-4066-9C9D-AA5206E564F2}" = protocol=6 | dir=in | app=c:\data\progamme\battleforge\bootstrapper.exe | 
"{1B3124DA-3C20-456D-9883-A3AA3E46AA40}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1B643765-5A40-4B2D-BCCF-9D60F30CBF80}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic 3\gothic3.exe | 
"{1DDF788D-D6B6-41C9-A41F-2D109E584F39}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{20681CEA-7C2F-4983-9C6F-C24DC303FFDA}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{24116389-180C-4F2B-836A-ADBA00ABAE9A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{28248E69-2246-4A45-890F-06D359FAFD05}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{2A45CFE2-3CC4-4CC7-9743-029064974F0A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dota 2 beta\dota.exe | 
"{2AC7AC05-005F-4106-989A-6BB679A3771F}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\metro 2033\metro2033.exe | 
"{2E155F36-DBD8-4E3F-A597-471F9C4ED2E9}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\game.exe | 
"{30169DE0-C222-4E60-BA97-58851833FF3D}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons\dungeonsstarter.exe | 
"{3299061F-F72A-4736-9491-6B833C673B71}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\limbo\limbo.exe | 
"{3418DB52-C718-426D-A61F-D4A560231DD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{38E2D0B5-84D8-464A-8A01-DB6C83CB9699}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\castlecrashers\castle.exe | 
"{3C79D155-5252-4A06-9EC8-380925769A39}" = dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{3DCE2C08-3C37-4CF8-86A1-C34C65485A58}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\metro 2033\metro2033.exe | 
"{40E7A826-61A8-41F6-A3F8-422F000498CE}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic\system\gothic.exe | 
"{41A8163C-2015-4731-A78A-2C44CE1FA73D}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{45C51373-81BC-467F-9ABA-3F46429619E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C0A4C31-1FB6-406D-80AE-34E78B0DE7F0}" = protocol=17 | dir=in | app=c:\data\progamme\battleforge\battleforge.exe | 
"{4D32492B-85F0-419F-98EF-3CED400EE134}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4D414EC4-2917-48C7-B4B1-D29A35350AEC}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\just cause 2\justcause2.exe | 
"{4EF4BC53-C732-4424-9880-6C6A414F159F}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons\dungeonsstarter.exe | 
"{51979352-BB4F-4D05-8381-7E1F773C49D2}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{53A62015-A753-44FA-8DF9-BD14CDBE854C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\nexuiz.exe | 
"{54DB65B3-B6D5-4B08-9F7F-4D2784AA0261}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{59644C8C-284A-4CE6-BE2C-F3403281095B}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\keyconfig.exe | 
"{5B81157B-186C-4B20-ABB8-40B2A8BE4FAB}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | 
"{5C425B7A-7ED4-4286-A5B1-2C90BC2C7088}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5CED1244-9D9B-4647-A008-9175C1383296}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic ii\system\gothic2.exe | 
"{5E6FB4E9-D0F5-4B1A-9AC2-9D7EC5C0550E}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\game.exe | 
"{60CCCB52-274E-4246-B7B3-01E4995F2EE5}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\editor.exe | 
"{6357F36D-D6BE-41FF-BBE6-C833B3B749F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{65A09951-2877-40EE-AB34-13DB08EC8EA8}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{67149AB3-EC03-4BB4-8AFE-2887498BA979}" = protocol=6 | dir=out | app=system | 
"{6EA5A4FB-1833-45E7-A5FF-E304BAD43C4A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{6F792640-08EB-4F5C-A195-C5B981F4D879}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{71446CB9-715F-47B1-84D7-0BA6FF18357C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\hunted.exe | 
"{7334230A-9E98-40D6-944C-2B87A3140A0F}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steam.exe | 
"{78151A80-57E3-4CED-8B08-F07F3082EFCA}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terraria.exe | 
"{7AEE5DD1-D1B8-460B-B48A-50F8A724EEEE}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\hunted.exe | 
"{7E1FD1AB-BE88-4487-872B-FF2238DCD253}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe | 
"{8E669FBA-0840-466A-8F81-776E9C66A280}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | 
"{9132ACDF-4439-4353-9E31-ECCCFB4D7BE1}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\brink\brink.exe | 
"{9564CCBD-D838-41BB-8FDA-41190B6032E3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic ii\system\gothic2.exe | 
"{96A05312-06E3-4CCC-85D9-3A7E30A2B9B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C8D6F85-0ABF-43AF-9E77-5000B9FC12E8}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{9D43AFAE-E749-4A88-A059-39D5FAB2A77D}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania gothic 4\arcania.exe | 
"{A0AD4644-E593-4F5C-A68A-B55E64061EFB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A205872A-79F9-4122-89CF-8C3138D67903}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeons-server.exe | 
"{A3C546A1-9207-431D-8605-BABC8DDA09E4}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania fall of setarrif\arcania addon.exe | 
"{A517AB83-E68C-4C0B-B4E4-2FADB9F31202}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A8097684-8BB1-44A8-9264-D041F27E54C0}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{A852320D-D3E9-46D0-B8CA-BD5F6AA1A406}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania fall of setarrif\arcania addon.exe | 
"{A9B67152-2068-43EF-844C-21FA52FEF823}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A9F205D2-2667-47A7-A337-C70EDA5D83B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AAE565B2-B43F-4ED2-BD75-60563BA73C62}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\brink\brink.exe | 
"{AB7E949A-865C-45F1-BFA7-A0026E550E4C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\waveform\waveform.exe | 
"{AF4E6237-6174-49D4-AB84-00A1F00E9751}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic 3\gothic3.exe | 
"{AFFF83BA-18B9-423C-BDC8-45AAAA4B8B2D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B1D270FD-7C67-49F1-8786-559713DBA08B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B2639FBF-8E3C-470F-BFFF-26E7E68E25A3}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{B4F60EED-E4E8-4FC7-8AE9-5BA0079EBA63}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B63C5DD4-4D47-42EA-940B-8A5B5E5A49D3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\editor.exe | 
"{B6DAA123-779C-4814-86A4-1CAF3D326293}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B86D52AF-1113-4E8C-8B57-475161515252}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BB972050-0565-40DF-B99D-8302EC06660F}" = protocol=6 | dir=in | app=c:\data\progamme\battleforge\battleforge.exe | 
"{BC64734E-FA47-4E67-9F1F-F5DEBB53A39A}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{BC75740F-B164-4F46-8A23-3AC881B7307C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{BFA063AC-45DC-48FD-852D-446503AF3645}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\keyconfig.exe | 
"{C013A593-30F0-436C-9518-B03047118751}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terraria.exe | 
"{C3462BFA-0E31-4D16-A97B-E39D1742F6AF}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{C4234DE6-1929-4E60-8D21-3ECBA76CD9D1}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hydrophobia\hydropc.exe | 
"{C523D03E-8B25-431A-A625-367DF02A29A7}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe | 
"{C56CEA91-0C44-45CD-97AA-EAAD93FEAB49}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{C5E36664-0A48-419D-9A1F-7E4648459085}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C6432406-826D-4BDB-B4F0-8A9544AFB8AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C9B0AE29-6707-4088-850B-99A8D87F5A84}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garrysmod\hl2.exe | 
"{CA93C3D4-3D5D-4B07-B913-7700F8403613}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\castlecrashers\castle.exe | 
"{CBDB54C0-192D-46AB-9C24-15A5A8924C74}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{CDDAC86D-365A-4085-AB49-EB0380A238E8}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D27EDAF2-F702-424A-883D-7565FE729812}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike\hl.exe | 
"{D3663536-245E-4BD0-886B-44C7955122A0}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeons-server.exe | 
"{D79F4617-D2E4-4F69-B322-2E6601FE5C20}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{DBCAC44A-F05E-4861-A3F5-3BE1E3619D36}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\rigonauts\rigonauts.exe | 
"{DE2D95BA-6690-4B60-8090-606288D49D14}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{E1A1BF54-9009-4296-AEBB-02A190D3555F}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\just cause 2\justcause2.exe | 
"{E22CB3E4-CCAD-48BD-84CC-BCA94A994B73}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{E4ACAEF2-CA5D-4C61-B8F6-07D666E2A9AB}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\limbo\limbo.exe | 
"{E54A591E-AD3C-4F04-8F6E-49829A43A02E}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{E6A5DFB0-703E-47BF-A640-633A3B277E31}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{E765D956-AD38-4AA3-970A-1A7141E3E688}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{E87DF3A5-37B2-4913-9CDC-0A8D45ED24DE}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{E8DF7E13-06ED-4EBA-9F00-2FC504A61F10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E9442BAF-FB3A-46DB-933E-E6ACF91C5B64}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\nexuiz.exe | 
"{EADAA737-9A9F-4CEC-A66F-0F7573FB7E78}" = protocol=17 | dir=in | app=c:\data\progamme\battleforge\bootstrapper.exe | 
"{EBBFE10F-47AB-4961-97DE-FBF094143189}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{EC7ECCD9-DAB8-4B58-9C49-786259809554}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{ECAD743F-F842-441E-A030-84F91364F9F3}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{EE3AC968-C025-4F85-BE63-029BC4B92EE1}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{EE6F1269-3EEA-4512-A15A-9A76A73FE16B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{EFBB2FB6-50C2-4535-9764-ED3785BF5F37}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F509185C-4520-427A-BCDC-E05084AEB8C3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{F8FCF343-04A1-4587-80A4-B05ED07D9238}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania gothic 4\arcania.exe | 
"{FBFEDCE2-5162-4489-A1EF-5D3869884339}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garrysmod\hl2.exe | 
"{FD0636D0-317A-4E11-BD50-4868A7DFCCD7}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hydrophobia\hydropc.exe | 
"{FF347AF1-B9BC-4AB1-B2E0-551D4F1CD649}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic\system\gothic.exe | 
"TCP Query User{089F8B7B-F6ED-484B-8369-DA1B28DE2FF3}C:\data\progamme\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\data\progamme\guild wars 2\gw2.exe | 
"TCP Query User{0A408394-58E4-46A2-8564-4FD1B8CA8713}C:\data\progamme\nfsw\data\nfsw.exe" = protocol=6 | dir=in | app=c:\data\progamme\nfsw\data\nfsw.exe | 
"TCP Query User{2F5883D6-1A81-4DBE-AB75-AD648BF9DE6A}C:\users\lukas\desktop\mw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\lukas\desktop\mw2\iw4mp.exe | 
"TCP Query User{3D67F211-2568-4898-8D25-272284E2FB6A}C:\data\progamme\bfp4f\bfp4f.exe" = protocol=6 | dir=in | app=c:\data\progamme\bfp4f\bfp4f.exe | 
"TCP Query User{40831D31-4DB7-4BAC-B7D8-9B0D58F99C7A}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe | 
"TCP Query User{63C74B8C-FD23-482B-B509-D56A7AEFDEA2}C:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{6400BBF9-0FE9-4774-9AFA-93A0374B3F47}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe | 
"TCP Query User{6E48422A-9680-4E80-9FB8-D6CE6987B421}C:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"TCP Query User{706A6F1E-4B2B-4F1B-84EA-5EA36F241A73}C:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"TCP Query User{74BE9F20-4675-4F01-AF90-140A10FD3A0B}C:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll | 
"TCP Query User{89782CF8-015D-4147-9241-BB3ADE8B5994}C:\data\progamme\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\data\progamme\world_of_tanks\wotlauncher.exe | 
"TCP Query User{8E5467FA-6F31-4CE6-98DC-B3DD2A8CBED7}C:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe | 
"TCP Query User{AF218AB9-D336-45FC-B52F-9D9F86A6FD54}C:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | 
"TCP Query User{B6BB53DB-AD48-43E0-8135-C9FC5C45BF62}C:\data\progamme\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\data\progamme\world_of_tanks\worldoftanks.exe | 
"TCP Query User{BA959F43-76EC-475B-A32D-5345647848CF}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe | 
"TCP Query User{D07BA925-C062-43FC-A835-2B8160A3D3A1}C:\users\lukas\desktop\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\lukas\desktop\terrariaserver.exe | 
"TCP Query User{D685C2B6-C8EB-4748-BA47-EECD7372D4C0}C:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{D8D4A8A1-0B1C-4C72-8884-313DA74C25C9}C:\data\downloads\gw2.exe" = protocol=6 | dir=in | app=c:\data\downloads\gw2.exe | 
"TCP Query User{FEA8B25D-8682-47C4-AC62-A346D5E5475B}C:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{01E22073-96A3-4A3C-9A5B-25F73D425BAF}C:\data\progamme\nfsw\data\nfsw.exe" = protocol=17 | dir=in | app=c:\data\progamme\nfsw\data\nfsw.exe | 
"UDP Query User{02E6F9EE-7D7A-44EB-A34D-CC4579A23116}C:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe | 
"UDP Query User{0BA2A206-C4E5-413D-B690-4BC66CD376E0}C:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll | 
"UDP Query User{0D7E25BD-54B4-4EFE-9891-CB96E7B23825}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe | 
"UDP Query User{188DEA46-6328-4664-8E15-3D4DB841E66F}C:\data\progamme\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\data\progamme\world_of_tanks\wotlauncher.exe | 
"UDP Query User{29DBB655-DDB1-4DD1-9C91-2D49B831D625}C:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"UDP Query User{3C12D5CB-E89C-47C2-A140-FAD9DA97E53F}C:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{591D5530-2393-450E-836B-3F3384242485}C:\users\lukas\desktop\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\lukas\desktop\terrariaserver.exe | 
"UDP Query User{5ECBE185-8628-434B-BEB3-A8E26ED8C778}C:\data\downloads\gw2.exe" = protocol=17 | dir=in | app=c:\data\downloads\gw2.exe | 
"UDP Query User{68F1F29B-8317-4FAE-99C2-89EEA5B56602}C:\data\progamme\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\data\progamme\guild wars 2\gw2.exe | 
"UDP Query User{6FFC0810-98DD-4A47-BCCF-06ABF3947BCC}C:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{83DDCCBF-51D2-4362-AA4E-FBDCF0D33C64}C:\users\lukas\desktop\mw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\lukas\desktop\mw2\iw4mp.exe | 
"UDP Query User{93B69857-7F1C-4EFF-8424-5707512427D8}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe | 
"UDP Query User{950998F5-55B3-4F34-8872-31AA7A6CEE50}C:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"UDP Query User{A641D2E8-473B-400D-AD66-A5231BF119F2}C:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{A6EA7BA9-FD03-40B9-BA62-0728FE4BD863}C:\data\progamme\bfp4f\bfp4f.exe" = protocol=17 | dir=in | app=c:\data\progamme\bfp4f\bfp4f.exe | 
"UDP Query User{AF18B27F-765C-44F1-90A9-D780991977C4}C:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | 
"UDP Query User{CCF00E5C-89D4-437D-8CA5-E90EDAFB6B1C}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe | 
"UDP Query User{E3455D83-A002-4C2D-9370-C35F0079B7ED}C:\data\progamme\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\data\progamme\world_of_tanks\worldoftanks.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders
"{3AB49270-1A18-D672-48AA-74F211D18B67}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF37555F-0259-43DA-B60C-47106FA14AA3}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1A5F9CA096C1264148686D01FA64ECB1852A1E78" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (05/20/2009 1.0.5.12)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"762FBE60B6E852506898A9D54562361A617C7E54" = Windows-Treiberpaket - Philips (spc999) Image  (12/14/2009 1.00.0.0000)
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"D14E3E22BA930CC9B10285B356F09450E31F774E" = Windows-Treiberpaket - Philips (VM20d7) Image  (08/02/2010 300.2000.4001.07)
"E019BCB59D66D62DD242667429C00BE4DE496F93" = Windows-Treiberpaket - Philips USB  (12/14/2009 1.00.0.0000)
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3524297F-158C-F964-F1AD-B0BC4314DE44}" = HydraVision
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4000}" = AION Free-To-Play PTS
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = AMD VISION Engine Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.195
"{C448EA30-BB7F-4D42-83BC-385EBA140AF2}" = SmartView for IE
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{DC32F34C-9DF6-4468-B53A-BAEBE4CD9F22}" = Philips SPZ3000 Webcam
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E933F71E-E82C-4E65-81FF-C6FC07E5DB4E}" = Philips ToUcam Fun Camera
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EDAC90A7-D34A-47D2-A644-BE5356C5F409}" = Philips ToUcam Pro Camera
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC Tool" = AC Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.91
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.28
"Battlelog Web Plugins" = Battlelog Web Plugins
"BOSS" = BOSS
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Hitman: Contracts" = Hitman: Contracts
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4000}" = AION Free-To-Play PTS
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon Setup" = Roll
"Steam App 10" = Counter-Strike
"Steam App 104700" = Super Monday Night Combat
"Steam App 105600" = Terraria
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 111400" = Bunch Of Heroes
"Steam App 113200" = The Binding of Isaac
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1250" = Killing Floor
"Steam App 17020" = Global Agenda
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17410" = Mirror's Edge
"Steam App 200210" = Realm of the Mad God
"Steam App 200550" = DUNGEONS - The Dark Lord (Steam Special Edition)
"Steam App 200710" = Torchlight II
"Steam App 204180" = Waveform
"Steam App 204360" = Castle Crashers
"Steam App 214100" = Rigonauts
"Steam App 22350" = BRINK
"Steam App 22380" = Fallout: New Vegas
"Steam App 22450" = Hunted: The Demon's Forge
"Steam App 240" = Counter-Strike: Source
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 39500" = Gothic 3
"Steam App 39510" = Gothic II: Gold Edition
"Steam App 39690" = ArcaniA – Gothic 4
"Steam App 4000" = Garry's Mod
"Steam App 4010" = Garry's Mod 13 Beta
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 55100" = Homefront
"Steam App 570" = Dota 2
"Steam App 57650" = DUNGEONS - Steam Special Edition
"Steam App 65540" = Gothic
"Steam App 65610" = Arcania: Fall of Setarrif
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Steam App 8190" = Just Cause 2
"Steam App 8980" = Borderlands
"Steam App 92000" = Hydrophobia: Prophecy
"Steam App 96800" = Nexuiz
"XFastUsb" = XFastUsb
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (Lukas)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.12.2012 12:05:18 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SoftwareUpdate.exe, Version: 2.1.3.127,
 Zeitstempel: 0x4de6dd5a  Name des fehlerhaften Moduls: ts3overlay_hook_win32.dll,
 Version: 3.7.8.0, Zeitstempel: 0x5075d352  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x000289d6  ID des fehlerhaften Prozesses: 0x788  Startzeit der fehlerhaften Anwendung:
 0x01cde1f076f90852  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Apple
 Software Update\SoftwareUpdate.exe  Pfad des fehlerhaften Moduls: C:\DATA\Progamme\TS3\plugins\ts3overlay\ts3overlay_hook_win32.dll
Berichtskennung:
 b5b06003-4de3-11e2-b748-bc5ff41ef57a
 
Error - 24.12.2012 21:19:19 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gw2.exe, Version: 1.0.0.1, Zeitstempel:
 0x50d8f591  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x3768fd24  ID des fehlerhaften Prozesses:
 0x1208  Startzeit der fehlerhaften Anwendung: 0x01cde23dd6a1b0bb  Pfad der fehlerhaften
 Anwendung: C:\DATA\Progamme\Guild Wars 2\Gw2.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 1acb8167-4e31-11e2-b748-bc5ff41ef57a
 
Error - 24.12.2012 21:19:35 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gw2.exe, Version: 1.0.0.1, Zeitstempel:
 0x50d8f591  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x377cfd24  ID des fehlerhaften Prozesses:
 0x17c0  Startzeit der fehlerhaften Anwendung: 0x01cde23de1af32df  Pfad der fehlerhaften
 Anwendung: C:\DATA\Progamme\Guild Wars 2\Gw2.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 241bfb49-4e31-11e2-b748-bc5ff41ef57a
 
Error - 26.12.2012 12:40:46 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.12.2012 15:09:44 | Computer Name = LukasTower | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1595.686 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: dd4    Startzeit: 
01cde39bade6ac89    Endzeit: 12    Anwendungspfad: C:\DATA\Progamme\Steam\Steam.exe    Berichts-ID:
 cd2754e4-4f8f-11e2-9fe5-bc5ff41ef57a  
 
Error - 27.12.2012 22:50:00 | Computer Name = LukasTower | Source = Application Hang | ID = 1002
Description = Programm LolClient.exe, Version 2.0.2.12610 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: b80    Startzeit: 01cde4a08e468afb    Endzeit: 4    Anwendungspfad: C:\DATA\Progamme\Leage
 Of legends\RADS\projects\lol_air_client\releases\0.0.0.229\deploy\LolClient.exe

Berichts-ID:
 435d7716-5099-11e2-abe7-bc5ff41ef57a  
 
Error - 28.12.2012 12:24:58 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 31.12.2012 22:23:48 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.01.2013 16:24:06 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.01.2013 11:29:14 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 1.0.0.152,
 Zeitstempel: 0x50d067ea  Name des fehlerhaften Moduls: League of Legends.exe, Version:
 1.0.0.152, Zeitstempel: 0x50d067ea  Ausnahmecode: 0xc0000005  Fehleroffset: 0x004a553a
ID
 des fehlerhaften Prozesses: 0xa5c  Startzeit der fehlerhaften Anwendung: 0x01cdea90267e7440
Pfad
 der fehlerhaften Anwendung: C:\DATA\Progamme\Leage Of legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.204\deploy\League
 of Legends.exe  Pfad des fehlerhaften Moduls: C:\DATA\Progamme\Leage Of legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.204\deploy\League
 of Legends.exe  Berichtskennung: 7e5b3cd3-5683-11e2-92d8-bc5ff41ef57a
 
[ System Events ]
Error - 23.12.2012 15:52:23 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 24.12.2012 05:53:46 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 25.12.2012 07:02:11 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 26.12.2012 06:41:55 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 27.12.2012 09:27:35 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 28.12.2012 10:20:09 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 28.12.2012 19:12:37 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 29.12.2012 07:30:20 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 30.12.2012 07:42:56 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 31.12.2012 09:07:22 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
 
< End of report >
         
--- --- ---


Log vom GMER

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-10 15:05:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\fxroquow.sys


---- Threads - GMER 2.0 ----

Thread C:\Windows\System32\svchost.exe [1408:2020] 000007fef609239c
Thread C:\Windows\System32\svchost.exe [1408:1696] 000007fef8339688
Thread C:\DATA\Progamme\firefox.exe [1084:1344] 0000000070ab0519
Thread C:\DATA\Progamme\firefox.exe [1084:716] 0000000077932e25
Thread C:\DATA\Progamme\firefox.exe [1084:1112] 0000000070aaf186
Thread C:\DATA\Progamme\firefox.exe [1084:1564] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:880] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1176] 00000000739062ee
Thread C:\DATA\Progamme\firefox.exe [1084:1640] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1420] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1424] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1872] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1868] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1256] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1492] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1500] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1836] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:2032] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1576] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1824] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1652] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:756] 0000000077933e45
Thread C:\DATA\Progamme\firefox.exe [1084:824] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1364] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1340] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1996] 0000000073fd32fb
Thread C:\DATA\Progamme\firefox.exe [1084:1348] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:2632] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:2060] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:1264] 0000000077933e45
Thread C:\DATA\Progamme\firefox.exe [1084:2204] 0000000071c8c724
Thread C:\DATA\Progamme\firefox.exe [1084:2388] 0000000076c0d864
Thread C:\DATA\Progamme\firefox.exe [1084:2416] 0000000077933e45
Thread C:\DATA\Progamme\firefox.exe [1084:2472] 0000000071bf27c1
Thread C:\DATA\Progamme\plugin-container.exe [528:1560] 0000000070aaf186
Thread C:\DATA\Progamme\plugin-container.exe [528:1080] 000000006f36ea20
Thread C:\DATA\Progamme\plugin-container.exe [528:1148] 000000006f36ea20
Thread C:\DATA\Progamme\plugin-container.exe [528:1552] 0000000077932e25
Thread C:\DATA\Progamme\plugin-container.exe [528:124] 0000000077933e45
Thread C:\DATA\Progamme\plugin-container.exe [528:428] 000000006f36ea20
Thread C:\DATA\Progamme\plugin-container.exe [528:584] 000000006f36ea20
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1408] 000007feff3b0000

---- EOF - GMER 2.0 ----



^ HATTE firefox zu , process war noch da! hoffe das macht keine probleme

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.10.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Lukas :: LUKASTOWER [Administrator]

10.01.2013 14:19:57
mbam-log-2013-01-10 (14-19-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205913
Laufzeit: 3 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Lukas\Desktop\asdasdasd.exe (Trojan.Agent.PS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lukas\wgsdgsdgdsgsd.exe (Trojan.Fakesig) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

^Malware bytes

Geändert von craphere (10.01.2013 um 15:22 Uhr) Grund: auf ansage

Alt 10.01.2013, 15:17   #2
markusg
/// Malware-holic
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



hi
schnell ist nicht, wir haben auch noch jede Menge andere Nutzer, du bekommst, wie jeder andere, Hilfe, wenn du drann bist.
außerdem währe es günstig, wenn du alle Logs posten würdest.
ich sehe, dass Malwarebytes instaliert ist, öffne es, Logs, poste Berichte mit Funden.
__________________

__________________

Alt 11.01.2013, 15:51   #3
craphere
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



MWB log ist drinne wie gewünscht, Meintest du noch andere logs? dachte das waren alle , die in der anleitung standen
__________________

Alt 11.01.2013, 15:54   #4
markusg
/// Malware-holic
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



du hast das log erst nach meinem Post reineditirt, deswegen hab ichs nicht gesehen.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 16:37   #5
craphere
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



Hier der Log vom TDSS

Code:
ATTFilter
16:34:59.0363 2652  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:35:01.0376 2652  ============================================================
16:35:01.0376 2652  Current date / time: 2013/01/11 16:35:01.0376
16:35:01.0376 2652  SystemInfo:
16:35:01.0376 2652  
16:35:01.0376 2652  OS Version: 6.1.7601 ServicePack: 1.0
16:35:01.0376 2652  Product type: Workstation
16:35:01.0376 2652  ComputerName: LUKASTOWER
16:35:01.0376 2652  UserName: Lukas
16:35:01.0376 2652  Windows directory: C:\Windows
16:35:01.0376 2652  System windows directory: C:\Windows
16:35:01.0376 2652  Running under WOW64
16:35:01.0376 2652  Processor architecture: Intel x64
16:35:01.0376 2652  Number of processors: 4
16:35:01.0376 2652  Page size: 0x1000
16:35:01.0376 2652  Boot type: Normal boot
16:35:01.0376 2652  ============================================================
16:35:02.0608 2652  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:35:02.0624 2652  ============================================================
16:35:02.0624 2652  \Device\Harddisk0\DR0:
16:35:02.0655 2652  MBR partitions:
16:35:02.0655 2652  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:35:02.0655 2652  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
16:35:02.0655 2652  ============================================================
16:35:02.0671 2652  C: <-> \Device\Harddisk0\DR0\Partition2
16:35:02.0671 2652  ============================================================
16:35:02.0671 2652  Initialize success
16:35:02.0671 2652  ============================================================
16:35:31.0026 4620  ============================================================
16:35:31.0026 4620  Scan started
16:35:31.0026 4620  Mode: Manual; SigCheck; TDLFS; 
16:35:31.0026 4620  ============================================================
16:35:32.0399 4620  ================ Scan system memory ========================
16:35:32.0399 4620  System memory - ok
16:35:32.0399 4620  ================ Scan services =============================
16:35:32.0555 4620  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:35:32.0586 4620  1394ohci - ok
16:35:32.0649 4620  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:35:32.0664 4620  ACPI - ok
16:35:32.0695 4620  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:35:32.0695 4620  AcpiPmi - ok
16:35:32.0758 4620  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:35:32.0773 4620  adp94xx - ok
16:35:32.0789 4620  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:35:32.0805 4620  adpahci - ok
16:35:32.0805 4620  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:35:32.0820 4620  adpu320 - ok
16:35:32.0851 4620  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:35:32.0867 4620  AeLookupSvc - ok
16:35:32.0929 4620  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:35:32.0945 4620  AFD - ok
16:35:32.0976 4620  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:35:32.0992 4620  agp440 - ok
16:35:33.0007 4620  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:35:33.0023 4620  ALG - ok
16:35:33.0023 4620  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:35:33.0039 4620  aliide - ok
16:35:33.0085 4620  [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:35:33.0101 4620  AMD External Events Utility - ok
16:35:33.0179 4620  AMD FUEL Service - ok
16:35:33.0195 4620  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:35:33.0210 4620  amdide - ok
16:35:33.0241 4620  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
16:35:33.0257 4620  amdiox64 - ok
16:35:33.0273 4620  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:35:33.0288 4620  AmdK8 - ok
16:35:33.0475 4620  [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:35:33.0569 4620  amdkmdag - ok
16:35:33.0616 4620  [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:35:33.0631 4620  amdkmdap - ok
16:35:33.0631 4620  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:35:33.0631 4620  AmdPPM - ok
16:35:33.0678 4620  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:35:33.0678 4620  amdsata - ok
16:35:33.0694 4620  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:35:33.0709 4620  amdsbs - ok
16:35:33.0725 4620  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:35:33.0725 4620  amdxata - ok
16:35:33.0756 4620  AODDriver4.01 - ok
16:35:33.0803 4620  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:35:33.0803 4620  AODDriver4.2 - ok
16:35:33.0834 4620  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:35:33.0865 4620  AppID - ok
16:35:33.0865 4620  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:35:33.0897 4620  AppIDSvc - ok
16:35:33.0943 4620  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:35:33.0975 4620  Appinfo - ok
16:35:34.0053 4620  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:35:34.0068 4620  Apple Mobile Device - ok
16:35:34.0115 4620  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
16:35:34.0115 4620  AppMgmt - ok
16:35:34.0131 4620  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:35:34.0131 4620  arc - ok
16:35:34.0131 4620  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:35:34.0146 4620  arcsas - ok
16:35:34.0193 4620  [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
16:35:34.0193 4620  asmthub3 - ok
16:35:34.0271 4620  [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
16:35:34.0287 4620  asmtxhci - ok
16:35:34.0333 4620  aspnet_state - ok
16:35:34.0349 4620  [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
16:35:34.0349 4620  AsrAppCharger - ok
16:35:34.0365 4620  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:35:34.0380 4620  AsyncMac - ok
16:35:34.0396 4620  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:35:34.0396 4620  atapi - ok
16:35:34.0427 4620  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:35:34.0427 4620  AtiHDAudioService - ok
16:35:34.0489 4620  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:35:34.0521 4620  AudioEndpointBuilder - ok
16:35:34.0536 4620  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:35:34.0567 4620  AudioSrv - ok
16:35:34.0645 4620  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:35:34.0661 4620  AxInstSV - ok
16:35:34.0677 4620  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:35:34.0677 4620  b06bdrv - ok
16:35:34.0692 4620  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:35:34.0708 4620  b57nd60a - ok
16:35:34.0755 4620  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:35:34.0755 4620  BDESVC - ok
16:35:34.0770 4620  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:35:34.0801 4620  Beep - ok
16:35:34.0864 4620  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:35:34.0879 4620  BFE - ok
16:35:34.0926 4620  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:35:34.0957 4620  BITS - ok
16:35:34.0957 4620  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:35:34.0973 4620  blbdrive - ok
16:35:34.0989 4620  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:35:35.0004 4620  Bonjour Service - ok
16:35:35.0035 4620  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:35:35.0035 4620  bowser - ok
16:35:35.0051 4620  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:35:35.0051 4620  BrFiltLo - ok
16:35:35.0051 4620  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:35:35.0067 4620  BrFiltUp - ok
16:35:35.0098 4620  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:35:35.0098 4620  Browser - ok
16:35:35.0098 4620  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:35:35.0113 4620  Brserid - ok
16:35:35.0113 4620  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:35:35.0129 4620  BrSerWdm - ok
16:35:35.0129 4620  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:35:35.0145 4620  BrUsbMdm - ok
16:35:35.0145 4620  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:35:35.0145 4620  BrUsbSer - ok
16:35:35.0145 4620  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:35:35.0160 4620  BTHMODEM - ok
16:35:35.0176 4620  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:35:35.0191 4620  bthserv - ok
16:35:35.0207 4620  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:35:35.0223 4620  cdfs - ok
16:35:35.0269 4620  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:35:35.0285 4620  cdrom - ok
16:35:35.0316 4620  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:35:35.0332 4620  CertPropSvc - ok
16:35:35.0347 4620  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:35:35.0347 4620  circlass - ok
16:35:35.0379 4620  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:35:35.0394 4620  CLFS - ok
16:35:35.0410 4620  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:35:35.0410 4620  clr_optimization_v2.0.50727_32 - ok
16:35:35.0457 4620  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:35:35.0457 4620  clr_optimization_v2.0.50727_64 - ok
16:35:35.0519 4620  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:35:35.0535 4620  clr_optimization_v4.0.30319_32 - ok
16:35:35.0566 4620  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:35:35.0581 4620  clr_optimization_v4.0.30319_64 - ok
16:35:35.0581 4620  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:35:35.0581 4620  CmBatt - ok
16:35:35.0597 4620  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:35:35.0597 4620  cmdide - ok
16:35:35.0628 4620  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
16:35:35.0659 4620  CNG - ok
16:35:35.0659 4620  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:35:35.0675 4620  Compbatt - ok
16:35:35.0722 4620  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:35:35.0737 4620  CompositeBus - ok
16:35:35.0737 4620  COMSysApp - ok
16:35:35.0753 4620  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:35:35.0753 4620  crcdisk - ok
16:35:35.0784 4620  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:35:35.0784 4620  CryptSvc - ok
16:35:35.0815 4620  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
16:35:35.0815 4620  CSC - ok
16:35:35.0862 4620  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
16:35:35.0878 4620  CscService - ok
16:35:35.0909 4620  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:35:35.0940 4620  DcomLaunch - ok
16:35:35.0971 4620  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:35:35.0987 4620  defragsvc - ok
16:35:36.0034 4620  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:35:36.0065 4620  DfsC - ok
16:35:36.0096 4620  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:35:36.0112 4620  Dhcp - ok
16:35:36.0112 4620  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:35:36.0127 4620  discache - ok
16:35:36.0143 4620  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:35:36.0159 4620  Disk - ok
16:35:36.0190 4620  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:35:36.0190 4620  Dnscache - ok
16:35:36.0237 4620  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:35:36.0268 4620  dot3svc - ok
16:35:36.0299 4620  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:35:36.0330 4620  DPS - ok
16:35:36.0361 4620  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:35:36.0377 4620  drmkaud - ok
16:35:36.0439 4620  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:35:36.0439 4620  dtsoftbus01 - ok
16:35:36.0486 4620  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:35:36.0502 4620  DXGKrnl - ok
16:35:36.0533 4620  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
16:35:36.0533 4620  E1G60 - ok
16:35:36.0564 4620  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:35:36.0580 4620  EapHost - ok
16:35:36.0642 4620  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:35:36.0673 4620  ebdrv - ok
16:35:36.0689 4620  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:35:36.0705 4620  EFS - ok
16:35:36.0736 4620  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:35:36.0751 4620  ehRecvr - ok
16:35:36.0783 4620  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:35:36.0798 4620  ehSched - ok
16:35:36.0829 4620  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:35:36.0845 4620  elxstor - ok
16:35:36.0876 4620  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:35:36.0876 4620  ErrDev - ok
16:35:36.0923 4620  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:35:36.0954 4620  EventSystem - ok
16:35:36.0954 4620  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:35:36.0985 4620  exfat - ok
16:35:37.0001 4620  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:35:37.0032 4620  fastfat - ok
16:35:37.0095 4620  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:35:37.0110 4620  Fax - ok
16:35:37.0110 4620  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:35:37.0110 4620  fdc - ok
16:35:37.0141 4620  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:35:37.0157 4620  fdPHost - ok
16:35:37.0173 4620  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:35:37.0204 4620  FDResPub - ok
16:35:37.0204 4620  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:35:37.0204 4620  FileInfo - ok
16:35:37.0219 4620  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:35:37.0251 4620  Filetrace - ok
16:35:37.0251 4620  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:35:37.0251 4620  flpydisk - ok
16:35:37.0297 4620  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:35:37.0313 4620  FltMgr - ok
16:35:37.0329 4620  [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
16:35:37.0344 4620  FNETTBOH_305 - ok
16:35:37.0391 4620  [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
16:35:37.0391 4620  FNETURPX - ok
16:35:37.0438 4620  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
16:35:37.0453 4620  FontCache - ok
16:35:37.0485 4620  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:35:37.0500 4620  FontCache3.0.0.0 - ok
16:35:37.0500 4620  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:35:37.0500 4620  FsDepends - ok
16:35:37.0531 4620  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:35:37.0531 4620  Fs_Rec - ok
16:35:37.0578 4620  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:35:37.0594 4620  fvevol - ok
16:35:37.0625 4620  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:35:37.0641 4620  gagp30kx - ok
16:35:37.0672 4620  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:35:37.0672 4620  GEARAspiWDM - ok
16:35:37.0719 4620  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:35:37.0750 4620  gpsvc - ok
16:35:37.0765 4620  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:35:37.0781 4620  hcw85cir - ok
16:35:37.0843 4620  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:35:37.0843 4620  HdAudAddService - ok
16:35:37.0890 4620  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:35:37.0890 4620  HDAudBus - ok
16:35:37.0906 4620  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:35:37.0906 4620  HidBatt - ok
16:35:37.0906 4620  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:35:37.0921 4620  HidBth - ok
16:35:37.0921 4620  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:35:37.0937 4620  HidIr - ok
16:35:37.0953 4620  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:35:37.0968 4620  hidserv - ok
16:35:38.0031 4620  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:35:38.0031 4620  HidUsb - ok
16:35:38.0077 4620  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:35:38.0093 4620  hkmsvc - ok
16:35:38.0140 4620  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:35:38.0155 4620  HomeGroupListener - ok
16:35:38.0187 4620  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:35:38.0202 4620  HomeGroupProvider - ok
16:35:38.0249 4620  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:35:38.0249 4620  HpSAMD - ok
16:35:38.0296 4620  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:35:38.0327 4620  HTTP - ok
16:35:38.0358 4620  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:35:38.0374 4620  hwpolicy - ok
16:35:38.0405 4620  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:35:38.0405 4620  i8042prt - ok
16:35:38.0436 4620  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:35:38.0452 4620  iaStorV - ok
16:35:38.0499 4620  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:35:38.0514 4620  idsvc - ok
16:35:38.0530 4620  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:35:38.0545 4620  iirsp - ok
16:35:38.0561 4620  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:35:38.0592 4620  IKEEXT - ok
16:35:38.0670 4620  [ C7124DA48E557D8F88D0D7F1254557F4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:35:38.0717 4620  IntcAzAudAddService - ok
16:35:38.0733 4620  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:35:38.0733 4620  intelide - ok
16:35:38.0764 4620  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:35:38.0764 4620  intelppm - ok
16:35:38.0779 4620  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:35:38.0795 4620  IPBusEnum - ok
16:35:38.0826 4620  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:35:38.0857 4620  IpFilterDriver - ok
16:35:38.0889 4620  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:35:38.0889 4620  iphlpsvc - ok
16:35:38.0904 4620  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:35:38.0920 4620  IPMIDRV - ok
16:35:38.0920 4620  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:35:38.0935 4620  IPNAT - ok
16:35:39.0013 4620  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:35:39.0013 4620  iPod Service - ok
16:35:39.0045 4620  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:35:39.0045 4620  IRENUM - ok
16:35:39.0091 4620  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:35:39.0091 4620  isapnp - ok
16:35:39.0123 4620  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:35:39.0123 4620  iScsiPrt - ok
16:35:39.0154 4620  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:35:39.0154 4620  kbdclass - ok
16:35:39.0169 4620  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:35:39.0185 4620  kbdhid - ok
16:35:39.0201 4620  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:35:39.0201 4620  KeyIso - ok
16:35:39.0232 4620  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:35:39.0232 4620  KSecDD - ok
16:35:39.0263 4620  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:35:39.0279 4620  KSecPkg - ok
16:35:39.0279 4620  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:35:39.0310 4620  ksthunk - ok
16:35:39.0325 4620  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:35:39.0357 4620  KtmRm - ok
16:35:39.0419 4620  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:35:39.0435 4620  LanmanServer - ok
16:35:39.0497 4620  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:35:39.0528 4620  LanmanWorkstation - ok
16:35:39.0559 4620  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:35:39.0591 4620  lltdio - ok
16:35:39.0606 4620  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:35:39.0637 4620  lltdsvc - ok
16:35:39.0637 4620  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:35:39.0669 4620  lmhosts - ok
16:35:39.0684 4620  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:35:39.0684 4620  LSI_FC - ok
16:35:39.0700 4620  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:35:39.0700 4620  LSI_SAS - ok
16:35:39.0715 4620  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:35:39.0731 4620  LSI_SAS2 - ok
16:35:39.0731 4620  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:35:39.0747 4620  LSI_SCSI - ok
16:35:39.0762 4620  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:35:39.0793 4620  luafv - ok
16:35:39.0825 4620  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:35:39.0840 4620  MBAMProtector - ok
16:35:39.0887 4620  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:35:39.0903 4620  MBAMScheduler - ok
16:35:39.0949 4620  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:35:39.0965 4620  MBAMService - ok
16:35:39.0981 4620  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
16:35:39.0996 4620  MBfilt - ok
16:35:40.0027 4620  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:35:40.0043 4620  Mcx2Svc - ok
16:35:40.0043 4620  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:35:40.0059 4620  megasas - ok
16:35:40.0074 4620  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:35:40.0074 4620  MegaSR - ok
16:35:40.0105 4620  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:35:40.0137 4620  MMCSS - ok
16:35:40.0152 4620  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:35:40.0168 4620  Modem - ok
16:35:40.0183 4620  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:35:40.0183 4620  monitor - ok
16:35:40.0199 4620  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:35:40.0199 4620  mouclass - ok
16:35:40.0215 4620  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:35:40.0230 4620  mouhid - ok
16:35:40.0246 4620  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:35:40.0261 4620  mountmgr - ok
16:35:40.0339 4620  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:35:40.0339 4620  MozillaMaintenance - ok
16:35:40.0371 4620  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:35:40.0371 4620  mpio - ok
16:35:40.0371 4620  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:35:40.0402 4620  mpsdrv - ok
16:35:40.0449 4620  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:35:40.0480 4620  MpsSvc - ok
16:35:40.0527 4620  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:35:40.0527 4620  MRxDAV - ok
16:35:40.0558 4620  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:35:40.0573 4620  mrxsmb - ok
16:35:40.0573 4620  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:35:40.0589 4620  mrxsmb10 - ok
16:35:40.0605 4620  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:35:40.0620 4620  mrxsmb20 - ok
16:35:40.0636 4620  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:35:40.0636 4620  msahci - ok
16:35:40.0651 4620  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:35:40.0667 4620  msdsm - ok
16:35:40.0683 4620  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:35:40.0683 4620  MSDTC - ok
16:35:40.0698 4620  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:35:40.0714 4620  Msfs - ok
16:35:40.0729 4620  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:35:40.0761 4620  mshidkmdf - ok
16:35:40.0792 4620  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:35:40.0792 4620  msisadrv - ok
16:35:40.0839 4620  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:35:40.0870 4620  MSiSCSI - ok
16:35:40.0870 4620  msiserver - ok
16:35:40.0885 4620  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:35:40.0917 4620  MSKSSRV - ok
16:35:40.0917 4620  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:35:40.0948 4620  MSPCLOCK - ok
16:35:40.0963 4620  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:35:40.0979 4620  MSPQM - ok
16:35:41.0026 4620  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:35:41.0026 4620  MsRPC - ok
16:35:41.0041 4620  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:35:41.0041 4620  mssmbios - ok
16:35:41.0057 4620  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:35:41.0073 4620  MSTEE - ok
16:35:41.0073 4620  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:35:41.0088 4620  MTConfig - ok
16:35:41.0104 4620  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:35:41.0104 4620  Mup - ok
16:35:41.0151 4620  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:35:41.0166 4620  napagent - ok
16:35:41.0213 4620  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:35:41.0229 4620  NativeWifiP - ok
16:35:41.0275 4620  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:35:41.0291 4620  NDIS - ok
16:35:41.0307 4620  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:35:41.0338 4620  NdisCap - ok
16:35:41.0353 4620  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:35:41.0369 4620  NdisTapi - ok
16:35:41.0400 4620  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:35:41.0416 4620  Ndisuio - ok
16:35:41.0463 4620  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:35:41.0494 4620  NdisWan - ok
16:35:41.0525 4620  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:35:41.0541 4620  NDProxy - ok
16:35:41.0572 4620  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:35:41.0587 4620  NetBIOS - ok
16:35:41.0634 4620  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:35:41.0650 4620  NetBT - ok
16:35:41.0665 4620  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:35:41.0681 4620  Netlogon - ok
16:35:41.0712 4620  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:35:41.0743 4620  Netman - ok
16:35:41.0790 4620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0806 4620  NetMsmqActivator - ok
16:35:41.0806 4620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0821 4620  NetPipeActivator - ok
16:35:41.0821 4620  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:35:41.0853 4620  netprofm - ok
16:35:41.0853 4620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0868 4620  NetTcpActivator - ok
16:35:41.0868 4620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0868 4620  NetTcpPortSharing - ok
16:35:41.0899 4620  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:35:41.0899 4620  nfrd960 - ok
16:35:41.0946 4620  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:35:41.0946 4620  NlaSvc - ok
16:35:41.0946 4620  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:35:41.0977 4620  Npfs - ok
16:35:41.0993 4620  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:35:42.0009 4620  nsi - ok
16:35:42.0024 4620  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:35:42.0040 4620  nsiproxy - ok
16:35:42.0102 4620  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:35:42.0133 4620  Ntfs - ok
16:35:42.0149 4620  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:35:42.0165 4620  Null - ok
16:35:42.0211 4620  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:35:42.0211 4620  nvraid - ok
16:35:42.0227 4620  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:35:42.0227 4620  nvstor - ok
16:35:42.0258 4620  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:35:42.0274 4620  nv_agp - ok
16:35:42.0305 4620  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:35:42.0321 4620  ohci1394 - ok
16:35:42.0336 4620  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:35:42.0352 4620  p2pimsvc - ok
16:35:42.0367 4620  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:35:42.0383 4620  p2psvc - ok
16:35:42.0383 4620  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:35:42.0399 4620  Parport - ok
16:35:42.0430 4620  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:35:42.0430 4620  partmgr - ok
16:35:42.0445 4620  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:35:42.0461 4620  PcaSvc - ok
16:35:42.0508 4620  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:35:42.0508 4620  pci - ok
16:35:42.0523 4620  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:35:42.0539 4620  pciide - ok
16:35:42.0539 4620  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:35:42.0555 4620  pcmcia - ok
16:35:42.0555 4620  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:35:42.0555 4620  pcw - ok
16:35:42.0570 4620  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:35:42.0601 4620  PEAUTH - ok
16:35:42.0648 4620  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
16:35:42.0664 4620  PeerDistSvc - ok
16:35:42.0773 4620  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:35:42.0789 4620  PerfHost - ok
16:35:42.0835 4620  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:35:42.0867 4620  pla - ok
16:35:42.0945 4620  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:35:42.0960 4620  PlugPlay - ok
16:35:42.0976 4620  PnkBstrA - ok
16:35:42.0991 4620  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:35:43.0007 4620  PNRPAutoReg - ok
16:35:43.0007 4620  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:35:43.0023 4620  PNRPsvc - ok
16:35:43.0038 4620  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:35:43.0069 4620  PolicyAgent - ok
16:35:43.0085 4620  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:35:43.0116 4620  Power - ok
16:35:43.0147 4620  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:35:43.0163 4620  PptpMiniport - ok
16:35:43.0179 4620  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:35:43.0179 4620  Processor - ok
16:35:43.0241 4620  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:35:43.0241 4620  ProfSvc - ok
16:35:43.0257 4620  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:35:43.0272 4620  ProtectedStorage - ok
16:35:43.0319 4620  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:35:43.0335 4620  Psched - ok
16:35:43.0366 4620  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:35:43.0381 4620  ql2300 - ok
16:35:43.0397 4620  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:35:43.0397 4620  ql40xx - ok
16:35:43.0413 4620  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:35:43.0428 4620  QWAVE - ok
16:35:43.0444 4620  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:35:43.0459 4620  QWAVEdrv - ok
16:35:43.0475 4620  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:35:43.0506 4620  RasAcd - ok
16:35:43.0537 4620  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:35:43.0569 4620  RasAgileVpn - ok
16:35:43.0584 4620  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:35:43.0615 4620  RasAuto - ok
16:35:43.0647 4620  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:35:43.0662 4620  Rasl2tp - ok
16:35:43.0709 4620  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:35:43.0740 4620  RasMan - ok
16:35:43.0740 4620  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:35:43.0771 4620  RasPppoe - ok
16:35:43.0787 4620  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:35:43.0803 4620  RasSstp - ok
16:35:43.0849 4620  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:35:43.0881 4620  rdbss - ok
16:35:43.0896 4620  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:35:43.0896 4620  rdpbus - ok
16:35:44.0005 4620  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:35:44.0037 4620  RDPCDD - ok
16:35:44.0083 4620  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:35:44.0083 4620  RDPDR - ok
16:35:44.0099 4620  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:35:44.0130 4620  RDPENCDD - ok
16:35:44.0130 4620  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:35:44.0161 4620  RDPREFMP - ok
16:35:44.0208 4620  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:35:44.0208 4620  RdpVideoMiniport - ok
16:35:44.0255 4620  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:35:44.0255 4620  RDPWD - ok
16:35:44.0302 4620  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:35:44.0302 4620  rdyboost - ok
16:35:44.0349 4620  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:35:44.0380 4620  RemoteAccess - ok
16:35:44.0380 4620  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:35:44.0411 4620  RemoteRegistry - ok
16:35:44.0442 4620  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:35:44.0458 4620  RpcEptMapper - ok
16:35:44.0489 4620  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:35:44.0489 4620  RpcLocator - ok
16:35:44.0536 4620  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:35:44.0567 4620  RpcSs - ok
16:35:44.0567 4620  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:35:44.0583 4620  rspndr - ok
16:35:44.0645 4620  [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:35:44.0661 4620  RTL8167 - ok
16:35:44.0692 4620  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
16:35:44.0692 4620  s3cap - ok
16:35:44.0707 4620  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:35:44.0707 4620  SamSs - ok
16:35:44.0754 4620  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:35:44.0754 4620  sbp2port - ok
16:35:44.0770 4620  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:35:44.0801 4620  SCardSvr - ok
16:35:44.0848 4620  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:35:44.0863 4620  scfilter - ok
16:35:44.0910 4620  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:35:44.0941 4620  Schedule - ok
16:35:44.0988 4620  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:35:45.0004 4620  SCPolicySvc - ok
16:35:45.0035 4620  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:35:45.0051 4620  SDRSVC - ok
16:35:45.0066 4620  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:35:45.0082 4620  secdrv - ok
16:35:45.0129 4620  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:35:45.0144 4620  seclogon - ok
16:35:45.0160 4620  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:35:45.0191 4620  SENS - ok
16:35:45.0207 4620  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:35:45.0207 4620  SensrSvc - ok
16:35:45.0222 4620  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:35:45.0238 4620  Serenum - ok
16:35:45.0238 4620  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:35:45.0253 4620  Serial - ok
16:35:45.0269 4620  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:35:45.0285 4620  sermouse - ok
16:35:45.0331 4620  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:35:45.0347 4620  SessionEnv - ok
16:35:45.0394 4620  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:35:45.0394 4620  sffdisk - ok
16:35:45.0409 4620  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:35:45.0409 4620  sffp_mmc - ok
16:35:45.0425 4620  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:35:45.0441 4620  sffp_sd - ok
16:35:45.0456 4620  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:35:45.0456 4620  sfloppy - ok
16:35:45.0472 4620  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:35:45.0503 4620  SharedAccess - ok
16:35:45.0534 4620  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:35:45.0565 4620  ShellHWDetection - ok
16:35:45.0581 4620  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:35:45.0597 4620  SiSRaid2 - ok
16:35:45.0597 4620  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:35:45.0612 4620  SiSRaid4 - ok
16:35:45.0675 4620  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:35:45.0675 4620  SkypeUpdate - ok
16:35:45.0721 4620  [ C337738BA4BD745E0983EC6EF262798D ] SmartViewService C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
16:35:45.0737 4620  SmartViewService - ok
16:35:45.0753 4620  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:35:45.0768 4620  Smb - ok
16:35:45.0799 4620  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:35:45.0799 4620  SNMPTRAP - ok
16:35:45.0815 4620  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:35:45.0831 4620  spldr - ok
16:35:45.0862 4620  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:35:45.0877 4620  Spooler - ok
16:35:45.0971 4620  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:35:46.0018 4620  sppsvc - ok
16:35:46.0049 4620  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:35:46.0065 4620  sppuinotify - ok
16:35:46.0111 4620  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:35:46.0111 4620  srv - ok
16:35:46.0127 4620  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:35:46.0143 4620  srv2 - ok
16:35:46.0158 4620  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:35:46.0158 4620  srvnet - ok
16:35:46.0205 4620  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:35:46.0236 4620  SSDPSRV - ok
16:35:46.0236 4620  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:35:46.0267 4620  SstpSvc - ok
16:35:46.0283 4620  Steam Client Service - ok
16:35:46.0283 4620  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:35:46.0299 4620  stexstor - ok
16:35:46.0330 4620  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:35:46.0345 4620  stisvc - ok
16:35:46.0377 4620  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:35:46.0392 4620  storflt - ok
16:35:46.0408 4620  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
16:35:46.0408 4620  StorSvc - ok
16:35:46.0423 4620  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:35:46.0439 4620  storvsc - ok
16:35:46.0470 4620  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:35:46.0470 4620  swenum - ok
16:35:46.0517 4620  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:35:46.0548 4620  swprv - ok
16:35:46.0564 4620  Synth3dVsc - ok
16:35:46.0626 4620  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:35:46.0642 4620  SysMain - ok
16:35:46.0689 4620  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:35:46.0704 4620  TabletInputService - ok
16:35:46.0751 4620  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:35:46.0767 4620  TapiSrv - ok
16:35:46.0767 4620  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:35:46.0798 4620  TBS - ok
16:35:46.0860 4620  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:35:46.0891 4620  Tcpip - ok
16:35:46.0938 4620  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:35:46.0969 4620  TCPIP6 - ok
16:35:46.0985 4620  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:35:47.0001 4620  tcpipreg - ok
16:35:47.0001 4620  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:35:47.0016 4620  TDPIPE - ok
16:35:47.0032 4620  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:35:47.0032 4620  TDTCP - ok
16:35:47.0094 4620  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:35:47.0125 4620  tdx - ok
16:35:47.0141 4620  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:35:47.0141 4620  TermDD - ok
16:35:47.0188 4620  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:35:47.0219 4620  TermService - ok
16:35:47.0250 4620  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:35:47.0250 4620  Themes - ok
16:35:47.0266 4620  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:35:47.0297 4620  THREADORDER - ok
16:35:47.0313 4620  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:35:47.0344 4620  TrkWks - ok
16:35:47.0391 4620  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:35:47.0422 4620  TrustedInstaller - ok
16:35:47.0453 4620  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:35:47.0484 4620  tssecsrv - ok
16:35:47.0515 4620  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:35:47.0515 4620  TsUsbFlt - ok
16:35:47.0531 4620  tsusbhub - ok
16:35:47.0578 4620  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:35:47.0609 4620  tunnel - ok
16:35:47.0609 4620  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:35:47.0625 4620  uagp35 - ok
16:35:47.0656 4620  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:35:47.0671 4620  udfs - ok
16:35:47.0703 4620  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:35:47.0703 4620  UI0Detect - ok
16:35:47.0734 4620  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:35:47.0734 4620  uliagpkx - ok
16:35:47.0796 4620  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
16:35:47.0796 4620  umbus - ok
16:35:47.0843 4620  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:35:47.0843 4620  UmPass - ok
16:35:47.0874 4620  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
16:35:47.0874 4620  UmRdpService - ok
16:35:47.0905 4620  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:35:47.0921 4620  upnphost - ok
16:35:47.0968 4620  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:35:47.0983 4620  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
16:35:47.0983 4620  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
16:35:48.0030 4620  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:35:48.0046 4620  usbaudio - ok
16:35:48.0077 4620  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:35:48.0093 4620  usbccgp - ok
16:35:48.0124 4620  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:35:48.0124 4620  usbcir - ok
16:35:48.0139 4620  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:35:48.0139 4620  usbehci - ok
16:35:48.0186 4620  [ 858BE9C0E498C8E505E198E17EECE0D9 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
16:35:48.0186 4620  usbfilter - ok
16:35:48.0202 4620  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:35:48.0217 4620  usbhub - ok
16:35:48.0233 4620  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:35:48.0233 4620  usbohci - ok
16:35:48.0280 4620  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:35:48.0295 4620  usbprint - ok
16:35:48.0327 4620  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:35:48.0342 4620  usbscan - ok
16:35:48.0358 4620  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:35:48.0358 4620  USBSTOR - ok
16:35:48.0358 4620  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:35:48.0373 4620  usbuhci - ok
16:35:48.0405 4620  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:35:48.0420 4620  usbvideo - ok
16:35:48.0436 4620  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:35:48.0467 4620  UxSms - ok
16:35:48.0483 4620  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:35:48.0483 4620  VaultSvc - ok
16:35:48.0498 4620  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:35:48.0514 4620  vdrvroot - ok
16:35:48.0545 4620  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:35:48.0576 4620  vds - ok
16:35:48.0592 4620  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:35:48.0607 4620  vga - ok
16:35:48.0623 4620  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:35:48.0639 4620  VgaSave - ok
16:35:48.0654 4620  VGPU - ok
16:35:48.0670 4620  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:35:48.0685 4620  vhdmp - ok
16:35:48.0717 4620  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:35:48.0717 4620  viaide - ok
16:35:48.0763 4620  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:35:48.0763 4620  vmbus - ok
16:35:48.0779 4620  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
16:35:48.0795 4620  VMBusHID - ok
16:35:48.0810 4620  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:35:48.0810 4620  volmgr - ok
16:35:48.0857 4620  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:35:48.0873 4620  volmgrx - ok
16:35:48.0919 4620  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:35:48.0919 4620  volsnap - ok
16:35:48.0966 4620  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:35:48.0966 4620  vsmraid - ok
16:35:49.0029 4620  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:35:49.0060 4620  VSS - ok
16:35:49.0060 4620  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:35:49.0075 4620  vwifibus - ok
16:35:49.0091 4620  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:35:49.0122 4620  W32Time - ok
16:35:49.0138 4620  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:35:49.0153 4620  WacomPen - ok
16:35:49.0185 4620  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:35:49.0200 4620  WANARP - ok
16:35:49.0216 4620  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:35:49.0247 4620  Wanarpv6 - ok
16:35:49.0278 4620  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:35:49.0309 4620  wbengine - ok
16:35:49.0325 4620  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:35:49.0341 4620  WbioSrvc - ok
16:35:49.0372 4620  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:35:49.0387 4620  wcncsvc - ok
16:35:49.0403 4620  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:35:49.0403 4620  WcsPlugInService - ok
16:35:49.0450 4620  [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
16:35:49.0465 4620  WCUService_STC_IE - ok
16:35:49.0481 4620  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:35:49.0481 4620  Wd - ok
16:35:49.0512 4620  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:35:49.0528 4620  Wdf01000 - ok
16:35:49.0559 4620  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:35:49.0559 4620  WdiServiceHost - ok
16:35:49.0575 4620  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:35:49.0575 4620  WdiSystemHost - ok
16:35:49.0606 4620  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:35:49.0621 4620  WebClient - ok
16:35:49.0653 4620  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:35:49.0668 4620  Wecsvc - ok
16:35:49.0684 4620  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:35:49.0715 4620  wercplsupport - ok
16:35:49.0731 4620  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:35:49.0762 4620  WerSvc - ok
16:35:49.0762 4620  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:35:49.0777 4620  WfpLwf - ok
16:35:49.0793 4620  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:35:49.0809 4620  WIMMount - ok
16:35:49.0809 4620  WinDefend - ok
16:35:49.0824 4620  WinHttpAutoProxySvc - ok
16:35:49.0871 4620  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:35:49.0887 4620  Winmgmt - ok
16:35:49.0933 4620  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:35:49.0980 4620  WinRM - ok
16:35:50.0027 4620  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:35:50.0043 4620  WinUsb - ok
16:35:50.0074 4620  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:35:50.0089 4620  Wlansvc - ok
16:35:50.0214 4620  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:35:50.0245 4620  wlidsvc - ok
16:35:50.0292 4620  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:35:50.0292 4620  WmiAcpi - ok
16:35:50.0308 4620  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:35:50.0308 4620  wmiApSrv - ok
16:35:50.0323 4620  WMPNetworkSvc - ok
16:35:50.0339 4620  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:35:50.0355 4620  WPCSvc - ok
16:35:50.0370 4620  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:35:50.0386 4620  WPDBusEnum - ok
16:35:50.0401 4620  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:35:50.0417 4620  ws2ifsl - ok
16:35:50.0433 4620  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:35:50.0448 4620  wscsvc - ok
16:35:50.0448 4620  WSearch - ok
16:35:50.0511 4620  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:35:50.0542 4620  wuauserv - ok
16:35:50.0573 4620  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:35:50.0589 4620  WudfPf - ok
16:35:50.0620 4620  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:35:50.0635 4620  WUDFRd - ok
16:35:50.0667 4620  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:35:50.0667 4620  wudfsvc - ok
16:35:50.0682 4620  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:35:50.0698 4620  WwanSvc - ok
16:35:50.0713 4620  ================ Scan global ===============================
16:35:50.0745 4620  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:35:50.0776 4620  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:35:50.0791 4620  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:35:50.0807 4620  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:35:50.0823 4620  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:35:50.0823 4620  [Global] - ok
16:35:50.0823 4620  ================ Scan MBR ==================================
16:35:50.0854 4620  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:35:51.0088 4620  \Device\Harddisk0\DR0 - ok
16:35:51.0088 4620  ================ Scan VBR ==================================
16:35:51.0088 4620  [ 88246EC84101CE5E4A53BDAEB27D73CC ] \Device\Harddisk0\DR0\Partition1
16:35:51.0088 4620  \Device\Harddisk0\DR0\Partition1 - ok
16:35:51.0088 4620  [ 72F42BCF3E62F61ED4FA550A401132D3 ] \Device\Harddisk0\DR0\Partition2
16:35:51.0088 4620  \Device\Harddisk0\DR0\Partition2 - ok
16:35:51.0088 4620  ============================================================
16:35:51.0088 4620  Scan finished
16:35:51.0088 4620  ============================================================
16:35:51.0103 0988  Detected object count: 1
16:35:51.0103 0988  Actual detected object count: 1
16:35:59.0995 0988  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:35:59.0995 0988  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 11.01.2013, 16:43   #6
markusg
/// Malware-holic
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Computer gesperrt GVU Trojaner

Alt 11.01.2013, 17:32   #7
craphere
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



Hier der Log Vom Combofix! Erstmal panik geschoben, da das ding mir erstmal jede internetverindung genommen hat und ich nichts lesen konnte ! Bin ja Nicht ganz pc doof aber Das hier übersteigt mein horizont check da nicht mal annähernd durch !

Code:
ATTFilter
ComboFix 13-01-11.01 - Lukas 11.01.2013  17:26:45.2.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.16364.13786 [GMT 1:00]
ausgeführt von:: c:\users\Lukas\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-11 bis 2013-01-11  ))))))))))))))))))))))))))))))
.
.
2013-01-11 16:29 . 2013-01-11 16:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-10 19:31 . 2013-01-10 19:31	--------	d-----w-	c:\programdata\HTC
2013-01-10 15:47 . 2013-01-10 15:47	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E861B26D-9E0C-45B6-AAF3-39288EF3C622}\offreg.dll
2013-01-10 15:29 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E861B26D-9E0C-45B6-AAF3-39288EF3C622}\mpengine.dll
2013-01-10 13:19 . 2013-01-10 13:19	--------	d-----w-	c:\users\Lukas\AppData\Local\Programs
2013-01-10 13:16 . 2013-01-10 13:16	2889	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2013-01-09 02:25 . 2013-01-09 02:25	--------	d-----w-	c:\program files (x86)\AC Tool
2013-01-07 09:42 . 2013-01-07 09:42	--------	d-----w-	c:\program files\iPod
2013-01-07 09:42 . 2013-01-07 09:43	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-07 09:42 . 2013-01-07 09:43	--------	d-----w-	c:\program files\iTunes
2012-12-24 10:00 . 2012-12-24 10:39	--------	d-----w-	c:\users\Lukas\AppData\Roaming\ts3overlay_hook_win64
2012-12-16 21:11 . 2012-12-16 21:12	--------	d-----w-	c:\users\Lukas\AppData\Roaming\.minecraft
2012-12-16 15:43 . 2012-12-16 15:43	--------	d-----w-	c:\users\Lukas\AppData\Roaming\rigonauts
2012-12-16 15:40 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-16 15:40 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-16 15:40 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-16 15:40 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-16 15:38 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-12-16 15:38 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-12-16 15:38 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-12-16 15:38 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-12-16 15:38 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-12-16 15:38 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-12-16 15:38 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-12-16 15:36 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-12-16 15:36 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-16 15:36 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-16 15:36 . 2012-10-09 18:17	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-12-16 15:36 . 2012-10-09 18:17	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-12-16 15:36 . 2012-10-09 17:40	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-12-16 15:36 . 2012-10-09 17:40	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-12-16 15:34 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-12-16 15:34 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2012-09-24 16:25	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-12 15:47 . 2012-12-12 15:47	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 15:47 . 2012-12-12 15:47	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-12-12 15:47 . 2012-12-12 15:47	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-12-12 15:36 . 2012-04-25 14:44	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:36 . 2012-04-25 14:44	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-09 15:45 . 2012-04-30 06:28	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-12-09 15:45 . 2012-04-30 05:09	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-12-09 15:45 . 2012-04-30 05:09	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-11-19 19:17 . 2012-04-30 05:09	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-11-18 00:46 . 2009-08-18 11:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-18 00:45 . 2009-08-18 10:24	19696	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-16 08:38 . 2012-12-16 15:35	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-16 15:35	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-16 15:35	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-13 19:56 . 2012-10-13 19:56	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-24 21:43 . 2012-04-24 21:43	0	----a-w-	c:\program files\nsy5591.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\DeviceVM\SmartView\AddressBarSearch.dll" [2010-09-02 162080]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\data\Progamme\Steam\steam.exe" [2012-12-01 1354736]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-12-05 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-04-24 4942336]
"SmartViewAgent"="c:\program files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" [2010-09-02 948504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"iTunesHelper"="c:\data\Progamme\itunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-04-25 31808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-13 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-04-24 15936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 11670323
*NewlyCreated* - 27941410
*Deregistered* - 11670323
*Deregistered* - 27941410
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=logo
FF - ExtSQL: 2012-12-08 21:39; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2012-12-12 17:52; ich@maltegoetz.de; c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\extensions\ich@maltegoetz.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2918150296-1997832558-1535474348-1000\Software\SecuROM\License information*]
"datasecu"=hex:de,53,60,83,da,87,3b,a6,4e,1e,09,c1,88,11,9a,4e,1f,b5,d3,05,0f,
   a6,43,5b,3f,d0,77,6b,3c,4a,88,61,6e,46,1d,ea,05,d9,a3,29,2b,f3,ae,2a,37,b1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-11  17:31:03
ComboFix-quarantined-files.txt  2013-01-11 16:31
.
Vor Suchlauf: 14 Verzeichnis(se), 470.315.966.464 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 470.255.788.032 Bytes frei
.
- - End Of File - - 597E871DE48097FD24A8DB1D0E55E07D
         

Geändert von craphere (11.01.2013 um 17:41 Uhr)

Alt 11.01.2013, 19:49   #8
markusg
/// Malware-holic
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



Hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 21:33   #9
craphere
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



Code:
ATTFilter
AC Tool		09.01.2013		Notwendig
Acrobat.com	Adobe Systems Incorporated	24.04.2012		1.1.377 Notwendig
Adobe AIR	Adobe Systems Inc.	24.04.2012		1.0.4990
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	12.12.2012	6,00MB	11.5.502.135
Adobe Reader 9.5.2	Adobe Systems Incorporated	13.12.2012	103MB	9.5.2
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	28.10.2012		11.6.8.638
AION Free-To-Play	Gameforge	22.06.2012	22,6MB	2.70.0000  unnötig
AION Free-To-Play PTS	Gameforge	12.07.2012	22,6MB	3.00.0000  unnötig
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	23.10.2012	26,3MB	8.0.891.0   Notwendig
Apple Application Support	Apple Inc.	10.12.2012	65,0MB	2.3.2   Notwendig  
Apple Mobile Device Support	Apple Inc.	10.12.2012	25,1MB	6.0.1.3         Notwendig
Apple Software Update	Apple Inc.	27.04.2012	2,38MB	2.1.3.127          Notwendig
ArcaniA – Gothic 4	Spellbound Studios	11.10.2012		          Notwendig
Arcania: Fall of Setarrif	Spellbound Studios	11.10.2012		 Notwendig
Asmedia ASM104x USB 3.0 Host Controller Driver	Asmedia Technology	24.04.2012	2,22MB	1.10.1.0   Notwendig
ASRock App Charger v1.0.5	ASRock Inc.	24.04.2012	1,32MB	Notwendig
ASRock eXtreme Tuner v0.1.91		24.04.2012	16,6MB	 Notwendig
ASRock InstantBoot v1.28		24.04.2012		    unnötig
Battlefield 3™	Electronic Arts	19.11.2012		1.4.0.0        Notwendig
Battlefield Play4Free (Lukas)	EA Digital illusions	21.09.2012		unnötig
BattleForge™	Electronic Arts	09.07.2012	88,4MB	1.0.0.0  unnötig
Battlelog Web Plugins	EA Digital Illusions CE AB	20.11.2012		2.1.2  Notwendig
Blacklight Retribution	Perfect World Entertainment	30.04.2012		1.00.9500  Notwendig
Bonjour	Apple Inc.	27.04.2012	2,00MB	3.0.0.10  unnötig
Borderlands	Gearbox Software	28.07.2012		Notwendig
BOSS	BOSS Development Team	04.08.2012		2.0.0 unnötig
BRINK	Splash Damage	14.07.2012		Notwendig
Bunch Of Heroes		23.09.2012		Notwendig
Castle Crashers		26.11.2012		   Notwendig
CCleaner	Piriform	19.12.2012		3.26      notwendig?
Cheat Engine 6.2	Dark Byte	24.06.2012	27,0MB	 unnötig
Counter-Strike	Valve	24.04.2012		Notwendig
Counter-Strike: Global Offensive Beta		15.08.2012	 Notwendig	
Counter-Strike: Source	Valve	12.07.2012		 Notwendig
CryEngine(R)2 Sandbox(TM)2	Electronic Arts	08.09.2012	39,1MB	1.00.0000  Notwendig
Crysis	Crytek	11.09.2012		Notwendig
Crysis 2 Maximum Edition	Electronic Arts	09.09.2012		Notwendig
Crysis Warhead	Crytek	10.09.2012		Notwendig
DAEMON Tools Lite	DT Soft Ltd	13.10.2012		4.45.4.0314 unnötig
Dota 2		25.04.2012		Notwendig
DUNGEONS - Steam Special Edition	Realmforge Studios	12.08.2012	unnötig	
DUNGEONS - The Dark Lord (Steam Special Edition)		12.08.2012	unnötig	
ESN Sonar	ESN Social Software AB	20.11.2012		0.70.4 unbekannt
Fallout: New Vegas	Bethesda Softworks	14.07.2012		unnötig
GameSpy Comrade	GameSpy	07.09.2012	19,0MB	1.5.0.156 unnötig
Garry's Mod	Team Garry	12.07.2012		Notwendig
Garry's Mod 13 Beta	TEAM GARRY	24.08.2012	Notwendig	
GIMP 2.8.2	The GIMP Team	04.09.2012	244MB	2.8.2    unnötig
Global Agenda	Hi-Rez Studios	26.04.2012	Notwendig	
Gothic		11.10.2012		Notwendig
Gothic 3	Piranha Bytes	11.10.2012	Notwendig	
Gothic II: Gold Edition	Piranha Bytes	11.10.2012	Notwendig	
Grand Theft Auto IV	Rockstar	08.11.2012	Notwendig	
Hitman: Contracts	Eidos	11.09.2012	unnötig	
Homefront	THQ	06.10.2012		unnötig
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät	Hewlett-Packard Co.	12.12.2012	102MB	28.0.1313.0 Notwendig
Hunted: The Demon's Forge	Bethesda	15.07.2012	Notwendig	
Hydrophobia: Prophecy	Dark Energy Digital	04.09.2012	Notwendig	
iTunes	Apple Inc.	07.01.2013	189MB	11.0.1.12       Notwendig
Java 7 Update 9	Oracle	12.12.2012	128MB	7.0.90          Notwendig
Just Cause 2	Avalanche Studios	24.08.2012		Notwendig
Killing Floor	Tripwire Interactive	29.10.2012		Notwendig
Killing Floor Mod: Defence Alliance 2		29.10.2012	Notwendig	
LIMBO		28.12.2012		                        Notwendig
Logitech GamePanel Software 3.03.133	Logitech Inc.	09.11.2012	53,8MB	3.03.133      Notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	10.01.2013	18,4MB	1.70.0.1100     Notwendig ????
Metro 2033	THQ	06.10.2012		Notwendig
Microsoft .NET Framework 1.1	Microsoft	07.09.2012	34,8MB	1.1.4322                 Notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	02.01.2011	38,8MB	4.0.30319        Notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	02.01.2011	2,93MB	4.0.30319        Notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	25.04.2012	10,6MB	4.0.30319         Notwendig
Microsoft Games for Windows - LIVE	Microsoft Corporation	09.11.2012	8,31MB	3.1.186.0   unnötig
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	18.11.2012	31,3MB	3.5.92.0    unnötig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	09.07.2012	298KB	8.0.59193    Notwendig
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	11.09.2012	708KB	8.0.56336    Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	25.04.2012	252KB	9.0.30729        Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	24.04.2012	788KB	9.0.30729.4148    Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	12.08.2012	1,42MB	9.0.21022          Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	14.07.2012	240KB	9.0.30729       Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	24.04.2012	596KB	9.0.30729.4148  Notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	24.04.2012	13,6MB	10.0.30319      Notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	14.07.2012	11,1MB	10.0.40219	Notwendig	
Microsoft XNA Framework Redistributable 4.0	Microsoft Corporation	25.04.2012	9,17MB	4.0.20823.0		Notwendig	
Mirror's Edge	DICE	24.08.2012		Notwendig	
Mozilla Firefox 15.0 (x86 en-US)	Mozilla	30.08.2012	159GB	15.0 notwedig
Mozilla Maintenance Service	Mozilla	30.08.2012	327KB	15.0  unbekannt
NC Launcher (GameForge)	NCsoft	22.06.2012		unnötig
Need For Speed™ World	Electronic Arts	09.07.2012	13,5MB	1.0.0.991unnötig
Nexuiz	IllFonic	15.08.2012		unnötig
Nexus Mod Manager	Black Tree Gaming	04.08.2012	13,4MB	0.19.0 unnötig
NVIDIA PhysX	NVIDIA Corporation	30.04.2012	78,9MB	9.10.0513 unnötig
OpenAL		04.09.2012		unnötig
Origin	Electronic Arts, Inc.	18.11.2012		9.0.15.65	 Notwendig
Pando Media Booster	Pando Networks Inc.	29.04.2012	5,46MB	2.6.0.7 	Notwendig
Philips SPZ3000 Webcam	Philips	16.05.2012		2.1unnötig
Philips ToUcam Fun Camera		16.05.2012		unnötig
Philips ToUcam Pro Camera		16.05.2012		unnötig
PL-2303 USB-to-Serial		23.05.2012		unnötig
PunkBuster Services	Even Balance, Inc.	19.11.2012		0.991 unbekannt
Realm of the Mad God		31.07.2012		unnötig
Realtek Ethernet Controller Driver	Realtek	24.04.2012		7.44.421.2011		Notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	24.04.2012		6.0.1.6378		Notwendig
Rigonauts		16.12.2012	Notwendig	
Roll		13.10.2012		Unbekannt
Skype™ 6.0	Skype Technologies S.A.	22.11.2012	20,3MB	6.0.126           Notwendig
SmartView for IE	DeviceVM, Inc.	24.04.2012		1.0.4.1    unnötig
Steam	Valve Corporation	25.04.2012	1,59MB	1.0.0.0           Notwendig
Super Monday Night Combat		26.04.2012		unnötig
TeamSpeak 3 Client	TeamSpeak Systems GmbH	25.04.2012		3.0.6        Notwendig
Terraria		25.04.2012		Notwendig
The Binding of Isaac		22.06.2012		Notwendig
The Elder Scrolls V: Skyrim	Bethesda Game Studios	14.07.2012		Notwendig
Torchlight II		27.09.2012		Notwendig
Waveform		02.09.2012		Notwendig
Windows Live ID Sign-in Assistant	Microsoft Corporation	18.11.2012	10,0MB	6.500.3165.0     unnötig
Windows-Treiberpaket - Philips (spc999) Image  (12/14/2009 1.00.0.0000)	Philips	16.05.2012		12/14/2009 1.00.0.0000  ubekannt
Windows-Treiberpaket - Philips (VM20d7) Image  (08/02/2010 300.2000.4001.07)	Philips	16.05.2012		08/02/2010 300.2000.4001.07 unbekannt 
Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (05/20/2009 1.0.5.12)	Philips CL	16.05.2012		05/20/2009 1.0.5.12 unbekannt
Windows-Treiberpaket - Philips USB  (12/14/2009 1.00.0.0000)	Philips	16.05.2012		12/14/2009 1.00.0.0000 unbekannt  treiber webcam ? 
WinRAR 4.11 (64-Bit)	win.rar GmbH	25.04.2012		4.11.0	Notwendig
XFastUsb		24.04.2012		unnötig
xrecode II 1.0.0.195		13.10.2012	24,4MB Unbekannt
         

Geändert von craphere (11.01.2013 um 21:49 Uhr) Grund: code gesetzt ,ergänzt

Alt 11.01.2013, 21:41   #10
markusg
/// Malware-holic
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



wieso ist nur die Hälfte beschriftet?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 21:43   #11
craphere
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



-> edit kommt...

Edit kommt sofort--

Bin soweit, sollte alles beschriftet sein , sry hatte die halbe anweisung überlesen..

Alt 14.01.2013, 22:25   #12
craphere
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



Bump

Alt 15.01.2013, 21:13   #13
markusg
/// Malware-holic
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
AION : alle
BOSS
Cheat
DAEMON
DUNGEONS : alle
ESN
Fallout:
GameSpy
GIMP
Hitman:
Homefront
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Need
NC
Nexuiz
Nexus
Philips : alle
PL
Realm
SmartView
Super
Windows Live
XFastUsb
xrecode

öffne CCleaner, analysieren starten, pc neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2013, 22:07   #14
craphere
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



Hier der Log vom ADWC



Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 16/01/2013 um 22:06:53 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)
# Benutzer : Lukas - LUKASTOWER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lukas\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (en-US)

Datei : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [963 octets] - [16/01/2013 22:06:53]

########## EOF - C:\AdwCleaner[R1].txt - [1022 octets] ##########
         

Alt 16.01.2013, 22:11   #15
markusg
/// Malware-holic
 
Computer gesperrt GVU Trojaner - Standard

Computer gesperrt GVU Trojaner



Hi,


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten, teste bitte, wie der PC + Programme wie Browser laufen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Computer gesperrt GVU Trojaner
adobe, bho, bonjour, computer, defender, error, explorer, flash player, format, gesperrt, grand theft auto, helper, install.exe, launch, logfile, malware bytes, mozilla, nexus, pando media booster, plug-in, programm, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, teamspeak, udp, wgsdgsdgdsgsd.exe, windows



Ähnliche Themen: Computer gesperrt GVU Trojaner


  1. GVU Computer gesperrt Trojaner
    Log-Analyse und Auswertung - 19.02.2013 (10)
  2. GVU Ihr Computer ist gesperrt Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (23)
  3. GVU-Trojaner (Ihr Computer ist gesperrt)
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (5)
  4. Trojaner /Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 29.12.2012 (17)
  5. Computer gesperrt - Trojaner Eidgenossenschaft
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (1)
  6. GVU Trojaner - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (15)
  7. Suisa hat den Computer gesperrt - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (2)
  8. GUV-Trojaner - Computer gesperrt - Win 7
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (35)
  9. GVU Trojaner - Computer gesperrt
    Log-Analyse und Auswertung - 21.09.2012 (14)
  10. GVU Trojaner - Computer gesperrt -
    Log-Analyse und Auswertung - 06.09.2012 (13)
  11. AKM/BMI Trojaner: Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (7)
  12. BKA Trojaner Computer wurde gesperrt
    Log-Analyse und Auswertung - 14.08.2012 (6)
  13. BKA-Trojaner - Der Computer ist gesperrt!
    Log-Analyse und Auswertung - 08.08.2012 (6)
  14. Computer von Trojaner gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (19)
  15. GVU Trojaner - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (17)
  16. AKM / BM.I - Trojaner - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (6)
  17. Auch bei mir: Computer gesperrt - Trojaner
    Log-Analyse und Auswertung - 21.03.2012 (11)

Zum Thema Computer gesperrt GVU Trojaner - Hier die dateien, hoffenlich bekomme ich schnelle hilfe Schritt 1 ausgeführt hier Schritt 2-3 Schritt 2 : OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 10.01.2013 14:36:36 - Computer gesperrt GVU Trojaner...
Archiv
Du betrachtest: Computer gesperrt GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.