Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: diverse Trojaner(u.a. Bundespolizei)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.03.2012, 23:23   #1
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Hallo Trojaner-Bord,

Ich habe anscheinend mehr oder weniger ein paar Trojaner an Bord.
Vorab: Betriebssystem: Vista 64-bit.
Der nervigste hat sich heute gezeigt.... der Bundespolizei Trojaner hätte gerne 100Euro per Paysafecard oder sonstigen Mist gehabt.
Zunächst ging mein Task-Manager gar nicht mehr... inzwischen öffnet sich dieser schließt sich aber selbständig wieder, die Windows-Firewall lässt sich nicht mehr einschalten, meine TastaturEinstellungen sind nun oben im Bildschirm und lassen sich nicht mehr in die Taskleiste ziehen und Malwarebytes findet nun zum 2.mal in Folge infizierte Dateien.
Desweiteren werden willkürlich irgendwelche Seiten aufgerufen wenn ich bei Google auf einen Link gehe (das habe ich schon länger).
Auch laufen meine Browser sehr langsam, bis die Meldung kommt, dass der DNS-client abgestürzt ist. Danach sind sie wieder wie gewohnt schnell und brauchen nicht mehr ~30sek. um eine Seite aufzurufen.
Ich lasse gerade Malwarebytes durchlaufen -- 2Logs werde ich im Anhang posten.

Ich hoffe wirklich dass ihr mir hierbei helfen könnt. Bis Ostern muss der PC noch durchhalten :/.
Angehängte Dateien
Dateityp: txt mbam-log-2012-03-24 (21-31-40).txt (2,3 KB, 170x aufgerufen)
Dateityp: txt mbam-log-2012-03-24 (23-20-20).txt (2,7 KB, 150x aufgerufen)

Alt 25.03.2012, 13:53   #2
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
  • Schließe alle laufenden Programme.
  • Trenne dich von Internet.
  • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan.
    Mache während dem Scan nichts am Rechner
    1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
    2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
      Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
  • Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
  • Bitte poste mir den Inhalt hier in deinen Thread.
Bebilderte Anleitung zur Benutzung von TDSSKiller.

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
NICHT ALS ANHANG SONDERN DIREKT IN DEN THREAD.
__________________


Alt 25.03.2012, 19:51   #3
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Hier ist das TDSSKiller File... OTL kommt gleich nach

19:39:14.0464 0300 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
19:39:16.0477 0300 ============================================================
19:39:16.0477 0300 Current date / time: 2012/03/25 19:39:16.0477
19:39:16.0477 0300 SystemInfo:
19:39:16.0477 0300
19:39:16.0477 0300 OS Version: 6.0.6002 ServicePack: 2.0
19:39:16.0477 0300 Product type: Workstation
19:39:16.0477 0300 ComputerName: MICHAEL-PC
19:39:16.0477 0300 UserName: Michael
19:39:16.0477 0300 Windows directory: C:\Windows
19:39:16.0477 0300 System windows directory: C:\Windows
19:39:16.0477 0300 Running under WOW64
19:39:16.0477 0300 Processor architecture: Intel x64
19:39:16.0477 0300 Number of processors: 2
19:39:16.0477 0300 Page size: 0x1000
19:39:16.0477 0300 Boot type: Normal boot
19:39:16.0477 0300 ============================================================
19:39:17.0335 0300 Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:17.0350 0300 \Device\Harddisk0\DR0:
19:39:17.0350 0300 MBR used
19:39:17.0350 0300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
19:39:17.0366 0300 Initialize success
19:39:17.0366 0300 ============================================================
19:39:19.0503 3728 ============================================================
19:39:19.0503 3728 Scan started
19:39:19.0503 3728 Mode: Manual;
19:39:19.0503 3728 ============================================================
19:39:20.0377 3728 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:39:20.0392 3728 ACPI - ok
19:39:20.0455 3728 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:20.0455 3728 AdobeARMservice - ok
19:39:20.0501 3728 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:39:20.0501 3728 adp94xx - ok
19:39:20.0548 3728 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:39:20.0548 3728 adpahci - ok
19:39:20.0564 3728 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:39:20.0579 3728 adpu160m - ok
19:39:20.0611 3728 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:39:20.0611 3728 adpu320 - ok
19:39:20.0657 3728 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
19:39:20.0657 3728 AeLookupSvc - ok
19:39:20.0704 3728 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
19:39:20.0704 3728 AFD - ok
19:39:20.0735 3728 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:39:20.0735 3728 agp440 - ok
19:39:20.0767 3728 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:39:20.0767 3728 aic78xx - ok
19:39:20.0798 3728 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
19:39:20.0798 3728 ALG - ok
19:39:20.0813 3728 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:39:20.0813 3728 aliide - ok
19:39:20.0845 3728 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:39:20.0845 3728 amdide - ok
19:39:20.0860 3728 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:39:20.0860 3728 AmdK8 - ok
19:39:20.0891 3728 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
19:39:20.0891 3728 Appinfo - ok
19:39:20.0985 3728 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:39:20.0985 3728 Apple Mobile Device - ok
19:39:21.0016 3728 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:39:21.0016 3728 arc - ok
19:39:21.0047 3728 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:39:21.0047 3728 arcsas - ok
19:39:21.0079 3728 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:21.0079 3728 AsyncMac - ok
19:39:21.0110 3728 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:39:21.0110 3728 atapi - ok
19:39:21.0157 3728 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:39:21.0157 3728 AudioEndpointBuilder - ok
19:39:21.0172 3728 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:39:21.0172 3728 AudioSrv - ok
19:39:21.0219 3728 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
19:39:21.0235 3728 BFE - ok
19:39:21.0281 3728 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
19:39:21.0297 3728 BITS - ok
19:39:21.0313 3728 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:39:21.0313 3728 blbdrive - ok
19:39:21.0391 3728 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:39:21.0391 3728 Bonjour Service - ok
19:39:21.0422 3728 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:39:21.0422 3728 bowser - ok
19:39:21.0437 3728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:39:21.0437 3728 BrFiltLo - ok
19:39:21.0453 3728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:39:21.0453 3728 BrFiltUp - ok
19:39:21.0484 3728 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
19:39:21.0484 3728 Browser - ok
19:39:21.0500 3728 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:39:21.0500 3728 Brserid - ok
19:39:21.0515 3728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:39:21.0515 3728 BrSerWdm - ok
19:39:21.0547 3728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:39:21.0547 3728 BrUsbMdm - ok
19:39:21.0562 3728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:39:21.0562 3728 BrUsbSer - ok
19:39:21.0593 3728 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:39:21.0593 3728 BTHMODEM - ok
19:39:21.0609 3728 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:39:21.0609 3728 cdfs - ok
19:39:21.0640 3728 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:39:21.0640 3728 cdrom - ok
19:39:21.0671 3728 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:39:21.0671 3728 CertPropSvc - ok
19:39:21.0687 3728 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:39:21.0687 3728 circlass - ok
19:39:21.0718 3728 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:39:21.0718 3728 CLFS - ok
19:39:21.0781 3728 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:21.0781 3728 clr_optimization_v2.0.50727_32 - ok
19:39:21.0859 3728 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:21.0859 3728 clr_optimization_v2.0.50727_64 - ok
19:39:21.0921 3728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:39:21.0921 3728 clr_optimization_v4.0.30319_32 - ok
19:39:21.0952 3728 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:39:21.0968 3728 clr_optimization_v4.0.30319_64 - ok
19:39:22.0030 3728 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:22.0030 3728 CmBatt - ok
19:39:22.0046 3728 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:39:22.0046 3728 cmdide - ok
19:39:22.0061 3728 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
19:39:22.0061 3728 Compbatt - ok
19:39:22.0077 3728 COMSysApp - ok
19:39:22.0077 3728 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:39:22.0077 3728 crcdisk - ok
19:39:22.0108 3728 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
19:39:22.0108 3728 CryptSvc - ok
19:39:22.0171 3728 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:39:22.0186 3728 DcomLaunch - ok
19:39:22.0217 3728 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:39:22.0233 3728 DfsC - ok
19:39:22.0295 3728 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
19:39:22.0342 3728 DFSR - ok
19:39:22.0389 3728 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
19:39:22.0389 3728 Dhcp - ok
19:39:22.0420 3728 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:39:22.0420 3728 disk - ok
19:39:22.0467 3728 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
19:39:22.0467 3728 Dnscache - ok
19:39:22.0498 3728 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
19:39:22.0498 3728 dot3svc - ok
19:39:22.0545 3728 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
19:39:22.0545 3728 Dot4 - ok
19:39:22.0592 3728 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:39:22.0607 3728 Dot4Print - ok
19:39:22.0639 3728 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
19:39:22.0639 3728 dot4usb - ok
19:39:22.0654 3728 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
19:39:22.0670 3728 DPS - ok
19:39:22.0701 3728 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:39:22.0701 3728 drmkaud - ok
19:39:22.0732 3728 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:39:22.0748 3728 DXGKrnl - ok
19:39:22.0795 3728 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:39:22.0795 3728 E1G60 - ok
19:39:22.0826 3728 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
19:39:22.0826 3728 EapHost - ok
19:39:22.0857 3728 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:39:22.0857 3728 Ecache - ok
19:39:22.0888 3728 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
19:39:22.0904 3728 ehRecvr - ok
19:39:22.0919 3728 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
19:39:22.0919 3728 ehSched - ok
19:39:22.0951 3728 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
19:39:22.0951 3728 ehstart - ok
19:39:23.0013 3728 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:39:23.0013 3728 elxstor - ok
19:39:23.0060 3728 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
19:39:23.0075 3728 EMDMgmt - ok
19:39:23.0091 3728 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:39:23.0091 3728 ErrDev - ok
19:39:23.0122 3728 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
19:39:23.0138 3728 EventSystem - ok
19:39:23.0169 3728 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:39:23.0169 3728 exfat - ok
19:39:23.0200 3728 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:39:23.0216 3728 fastfat - ok
19:39:23.0247 3728 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:39:23.0247 3728 fdc - ok
19:39:23.0278 3728 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
19:39:23.0278 3728 fdPHost - ok
19:39:23.0278 3728 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
19:39:23.0278 3728 FDResPub - ok
19:39:23.0294 3728 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:39:23.0309 3728 FileInfo - ok
19:39:23.0325 3728 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:39:23.0325 3728 Filetrace - ok
19:39:23.0341 3728 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:23.0356 3728 flpydisk - ok
19:39:23.0387 3728 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:39:23.0387 3728 FltMgr - ok
19:39:23.0450 3728 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
19:39:23.0481 3728 FontCache - ok
19:39:23.0543 3728 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:23.0543 3728 FontCache3.0.0.0 - ok
19:39:23.0590 3728 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:39:23.0590 3728 Fs_Rec - ok
19:39:23.0621 3728 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:39:23.0621 3728 gagp30kx - ok
19:39:23.0653 3728 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
19:39:23.0653 3728 gdrv - ok
19:39:23.0684 3728 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:39:23.0699 3728 GEARAspiWDM - ok
19:39:23.0731 3728 GGSAFERDriver - ok
19:39:23.0840 3728 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
19:39:23.0855 3728 gpsvc - ok
19:39:23.0902 3728 hamachi (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
19:39:23.0902 3728 hamachi - ok
19:39:23.0949 3728 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
19:39:23.0965 3728 HdAudAddService - ok
19:39:24.0011 3728 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:39:24.0027 3728 HDAudBus - ok
19:39:24.0058 3728 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:39:24.0089 3728 HidBth - ok
19:39:24.0121 3728 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:39:24.0121 3728 HidIr - ok
19:39:24.0152 3728 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
19:39:24.0152 3728 hidserv - ok
19:39:24.0167 3728 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:39:24.0167 3728 HidUsb - ok
19:39:24.0199 3728 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
19:39:24.0199 3728 hkmsvc - ok
19:39:24.0230 3728 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:39:24.0230 3728 HpCISSs - ok
19:39:24.0292 3728 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:39:24.0308 3728 HTTP - ok
19:39:24.0323 3728 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:39:24.0339 3728 i2omp - ok
19:39:24.0355 3728 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:39:24.0355 3728 i8042prt - ok
19:39:24.0386 3728 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:39:24.0386 3728 iaStorV - ok
19:39:24.0698 3728 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:24.0729 3728 idsvc - ok
19:39:24.0760 3728 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:39:24.0760 3728 iirsp - ok
19:39:24.0807 3728 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
19:39:24.0807 3728 IKEEXT - ok
19:39:24.0838 3728 IntcAzAudAddService - ok
19:39:24.0869 3728 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:39:24.0885 3728 intelide - ok
19:39:24.0885 3728 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:39:24.0901 3728 intelppm - ok
19:39:24.0932 3728 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
19:39:24.0932 3728 IPBusEnum - ok
19:39:24.0963 3728 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:24.0979 3728 IpFilterDriver - ok
19:39:25.0010 3728 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
19:39:25.0010 3728 iphlpsvc - ok
19:39:25.0025 3728 IpInIp - ok
19:39:25.0057 3728 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:39:25.0057 3728 IPMIDRV - ok
19:39:25.0072 3728 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:39:25.0072 3728 IPNAT - ok
19:39:25.0166 3728 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
19:39:25.0181 3728 iPod Service - ok
19:39:25.0197 3728 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:39:25.0197 3728 IRENUM - ok
19:39:25.0244 3728 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:39:25.0244 3728 isapnp - ok
19:39:25.0291 3728 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:39:25.0291 3728 iScsiPrt - ok
19:39:25.0306 3728 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:39:25.0306 3728 iteatapi - ok
19:39:25.0337 3728 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:39:25.0337 3728 iteraid - ok
19:39:25.0369 3728 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:25.0369 3728 kbdclass - ok
19:39:25.0384 3728 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:25.0384 3728 kbdhid - ok
19:39:25.0415 3728 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:39:25.0415 3728 KeyIso - ok
19:39:25.0462 3728 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
19:39:25.0462 3728 KeyScrambler - ok
19:39:25.0509 3728 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
19:39:25.0525 3728 KSecDD - ok
19:39:25.0540 3728 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:39:25.0540 3728 ksthunk - ok
19:39:25.0571 3728 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
19:39:25.0571 3728 KtmRm - ok
19:39:25.0603 3728 L8042Kbd (c44f9121831f90b0e5385d786591b480) C:\Windows\system32\DRIVERS\L8042Kbd.sys
19:39:25.0603 3728 L8042Kbd - ok
19:39:25.0634 3728 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
19:39:25.0634 3728 LanmanServer - ok
19:39:25.0665 3728 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
19:39:25.0681 3728 LanmanWorkstation - ok
19:39:25.0743 3728 LBTServ (7cdb827d183c3a29edac9e62e399488a) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
19:39:25.0759 3728 LBTServ - ok
19:39:25.0790 3728 LHidFilt (83e05435f4d2c0f0a1fd74c41ded44e5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:39:25.0790 3728 LHidFilt - ok
19:39:25.0805 3728 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:39:25.0805 3728 lltdio - ok
19:39:25.0899 3728 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
19:39:25.0899 3728 lltdsvc - ok
19:39:25.0946 3728 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
19:39:25.0946 3728 lmhosts - ok
19:39:25.0993 3728 LMouFilt (abcbc7271c33567d686c91cf690cf2eb) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:39:25.0993 3728 LMouFilt - ok
19:39:26.0024 3728 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:39:26.0024 3728 LSI_FC - ok
19:39:26.0039 3728 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:39:26.0055 3728 LSI_SAS - ok
19:39:26.0102 3728 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:39:26.0102 3728 LSI_SCSI - ok
19:39:26.0133 3728 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:39:26.0133 3728 luafv - ok
19:39:26.0180 3728 LUsbFilt (80e635ffb320912179f40ab3a0307980) C:\Windows\system32\Drivers\LUsbFilt.Sys
19:39:26.0180 3728 LUsbFilt - ok
19:39:26.0258 3728 MatSvc (ec470d91ef06a59397edc18d48899cc5) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
19:39:26.0258 3728 MatSvc - ok
19:39:26.0289 3728 MBAMProtector - ok
19:39:26.0461 3728 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:39:26.0492 3728 MBAMService - ok
19:39:26.0539 3728 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
19:39:26.0554 3728 Mcx2Svc - ok
19:39:26.0585 3728 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:39:26.0585 3728 megasas - ok
19:39:26.0617 3728 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:39:26.0632 3728 MegaSR - ok
19:39:26.0648 3728 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:39:26.0663 3728 MMCSS - ok
19:39:26.0695 3728 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:39:26.0695 3728 Modem - ok
19:39:26.0726 3728 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:39:26.0726 3728 monitor - ok
19:39:26.0741 3728 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:39:26.0741 3728 mouclass - ok
19:39:26.0773 3728 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:39:26.0773 3728 mouhid - ok
19:39:26.0788 3728 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:39:26.0788 3728 MountMgr - ok
19:39:26.0835 3728 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
19:39:26.0835 3728 MpFilter - ok
19:39:26.0882 3728 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:39:26.0882 3728 mpio - ok
19:39:27.0069 3728 MpKsl0d94dbec (0ebb390b7aeec45ec061d9870a34fd42) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{95FF0189-A60E-4BB1-A30B-F3D315753653}\MpKsl0d94dbec.sys
19:39:27.0069 3728 MpKsl0d94dbec - ok
19:39:27.0116 3728 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:39:27.0116 3728 MpNWMon - ok
19:39:27.0131 3728 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:39:27.0131 3728 mpsdrv - ok
19:39:27.0225 3728 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
19:39:27.0241 3728 MpsSvc - ok
19:39:27.0272 3728 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:39:27.0272 3728 Mraid35x - ok
19:39:27.0303 3728 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:39:27.0303 3728 MRxDAV - ok
19:39:27.0334 3728 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:27.0334 3728 mrxsmb - ok
19:39:27.0365 3728 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:27.0365 3728 mrxsmb10 - ok
19:39:27.0381 3728 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:27.0381 3728 mrxsmb20 - ok
19:39:27.0412 3728 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:39:27.0412 3728 msahci - ok
19:39:27.0443 3728 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:39:27.0443 3728 msdsm - ok
19:39:27.0490 3728 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
19:39:27.0490 3728 MSDTC - ok
19:39:27.0537 3728 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:39:27.0537 3728 Msfs - ok
19:39:27.0553 3728 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:39:27.0553 3728 msisadrv - ok
19:39:27.0584 3728 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
19:39:27.0584 3728 MSiSCSI - ok
19:39:27.0599 3728 msiserver - ok
19:39:27.0631 3728 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:39:27.0631 3728 MSKSSRV - ok
19:39:27.0693 3728 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:39:27.0693 3728 MsMpSvc - ok
19:39:27.0709 3728 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:27.0709 3728 MSPCLOCK - ok
19:39:27.0740 3728 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:39:27.0740 3728 MSPQM - ok
19:39:27.0787 3728 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:39:27.0802 3728 MsRPC - ok
19:39:27.0818 3728 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:39:27.0818 3728 mssmbios - ok
19:39:27.0833 3728 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:39:27.0833 3728 MSTEE - ok
19:39:27.0849 3728 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:39:27.0849 3728 Mup - ok
19:39:27.0896 3728 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
19:39:27.0911 3728 napagent - ok
19:39:27.0958 3728 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:39:27.0958 3728 NativeWifiP - ok
19:39:28.0021 3728 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:39:28.0021 3728 NDIS - ok
19:39:28.0036 3728 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:28.0036 3728 NdisTapi - ok
19:39:28.0067 3728 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:28.0067 3728 Ndisuio - ok
19:39:28.0114 3728 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:28.0114 3728 NdisWan - ok
19:39:28.0130 3728 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:39:28.0130 3728 NDProxy - ok
19:39:28.0161 3728 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll
19:39:28.0177 3728 Net Driver HPZ12 - ok
19:39:28.0192 3728 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:39:28.0192 3728 NetBIOS - ok
19:39:28.0223 3728 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:39:28.0223 3728 netbt - ok
19:39:28.0255 3728 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:39:28.0255 3728 Netlogon - ok
19:39:28.0286 3728 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
19:39:28.0301 3728 Netman - ok
19:39:28.0317 3728 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
19:39:28.0317 3728 netprofm - ok
19:39:28.0395 3728 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:39:28.0395 3728 NetTcpPortSharing - ok
19:39:28.0426 3728 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:39:28.0426 3728 nfrd960 - ok
19:39:28.0457 3728 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:39:28.0473 3728 NisDrv - ok
19:39:28.0535 3728 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:39:28.0551 3728 NisSrv - ok
19:39:28.0567 3728 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
19:39:28.0567 3728 NlaSvc - ok
19:39:28.0582 3728 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:39:28.0582 3728 Npfs - ok
19:39:28.0598 3728 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
19:39:28.0598 3728 nsi - ok
19:39:28.0613 3728 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:39:28.0613 3728 nsiproxy - ok
19:39:28.0676 3728 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:39:28.0707 3728 Ntfs - ok
19:39:28.0723 3728 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:39:28.0723 3728 Null - ok
19:39:28.0957 3728 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:39:29.0144 3728 nvlddmkm - ok
19:39:29.0237 3728 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:39:29.0237 3728 nvraid - ok
19:39:29.0269 3728 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:39:29.0269 3728 nvstor - ok
19:39:29.0331 3728 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
19:39:29.0347 3728 nvsvc - ok
19:39:29.0409 3728 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:39:29.0471 3728 nvUpdatusService - ok
19:39:29.0503 3728 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:39:29.0503 3728 nv_agp - ok
19:39:29.0503 3728 NwlnkFlt - ok
19:39:29.0518 3728 NwlnkFwd - ok
19:39:29.0596 3728 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:39:29.0596 3728 odserv - ok
19:39:29.0643 3728 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
19:39:29.0643 3728 ohci1394 - ok
19:39:29.0705 3728 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:39:29.0705 3728 ose - ok
19:39:29.0752 3728 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:39:29.0752 3728 p2pimsvc - ok
19:39:29.0768 3728 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:39:29.0783 3728 p2psvc - ok
19:39:29.0830 3728 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
19:39:29.0830 3728 Parport - ok
19:39:29.0861 3728 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:39:29.0861 3728 partmgr - ok
19:39:29.0893 3728 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
19:39:29.0893 3728 PcaSvc - ok
19:39:29.0908 3728 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:39:29.0924 3728 pci - ok
19:39:29.0939 3728 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
19:39:29.0939 3728 pciide - ok
19:39:29.0971 3728 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:39:29.0971 3728 pcmcia - ok
19:39:30.0017 3728 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:39:30.0017 3728 PEAUTH - ok
19:39:30.0064 3728 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
19:39:30.0064 3728 PerfHost - ok
19:39:30.0111 3728 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
19:39:30.0127 3728 pla - ok
19:39:30.0158 3728 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
19:39:30.0173 3728 PlugPlay - ok
19:39:30.0205 3728 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll
19:39:30.0205 3728 Pml Driver HPZ12 - ok
19:39:30.0251 3728 PnkBstrA - ok
19:39:30.0298 3728 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:39:30.0298 3728 PNRPAutoReg - ok
19:39:30.0329 3728 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:39:30.0329 3728 PNRPsvc - ok
19:39:30.0361 3728 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
19:39:30.0376 3728 PolicyAgent - ok
19:39:30.0423 3728 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:39:30.0423 3728 PptpMiniport - ok
19:39:30.0470 3728 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:39:30.0470 3728 Processor - ok
19:39:30.0501 3728 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
19:39:30.0501 3728 ProfSvc - ok
19:39:30.0517 3728 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:39:30.0517 3728 ProtectedStorage - ok
19:39:30.0548 3728 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:39:30.0548 3728 PSched - ok
19:39:30.0595 3728 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:39:30.0610 3728 ql2300 - ok
19:39:30.0626 3728 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:39:30.0641 3728 ql40xx - ok
19:39:30.0673 3728 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
19:39:30.0673 3728 QWAVE - ok
19:39:30.0688 3728 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:39:30.0688 3728 QWAVEdrv - ok
19:39:30.0704 3728 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:39:30.0704 3728 RasAcd - ok
19:39:30.0735 3728 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
19:39:30.0735 3728 RasAuto - ok
19:39:30.0751 3728 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:30.0751 3728 Rasl2tp - ok
19:39:30.0782 3728 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
19:39:30.0782 3728 RasMan - ok
19:39:30.0813 3728 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:30.0813 3728 RasPppoe - ok
19:39:30.0844 3728 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:39:30.0844 3728 RasSstp - ok
19:39:30.0875 3728 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:39:30.0891 3728 rdbss - ok
19:39:30.0907 3728 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:30.0907 3728 RDPCDD - ok
19:39:30.0938 3728 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:39:30.0938 3728 rdpdr - ok
19:39:30.0985 3728 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:39:30.0985 3728 RDPENCDD - ok
19:39:31.0016 3728 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
19:39:31.0016 3728 RDPWD - ok
19:39:31.0047 3728 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
19:39:31.0047 3728 RemoteAccess - ok
19:39:31.0063 3728 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
19:39:31.0078 3728 RemoteRegistry - ok
19:39:31.0078 3728 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
19:39:31.0094 3728 RpcLocator - ok
19:39:31.0125 3728 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:39:31.0125 3728 RpcSs - ok
19:39:31.0141 3728 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:39:31.0141 3728 rspndr - ok
19:39:31.0187 3728 RTL8169 (479f29909b9a48726a07971662f77316) C:\Windows\system32\DRIVERS\Rtlh64.sys
19:39:31.0187 3728 RTL8169 - ok
19:39:31.0219 3728 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:39:31.0219 3728 SamSs - ok
19:39:31.0234 3728 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:39:31.0234 3728 sbp2port - ok
19:39:31.0312 3728 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:39:31.0328 3728 SBSDWSCService - ok
19:39:31.0359 3728 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
19:39:31.0359 3728 SCardSvr - ok
19:39:31.0390 3728 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
19:39:31.0406 3728 Schedule - ok
19:39:31.0421 3728 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:39:31.0421 3728 SCPolicySvc - ok
19:39:31.0453 3728 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
19:39:31.0453 3728 SDRSVC - ok
19:39:31.0484 3728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:39:31.0484 3728 secdrv - ok
19:39:31.0499 3728 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
19:39:31.0499 3728 seclogon - ok
19:39:31.0515 3728 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
19:39:31.0515 3728 SENS - ok
19:39:31.0546 3728 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
19:39:31.0546 3728 Serenum - ok
19:39:31.0562 3728 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
19:39:31.0577 3728 Serial - ok
19:39:31.0577 3728 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:39:31.0577 3728 sermouse - ok
19:39:31.0609 3728 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
19:39:31.0609 3728 SessionEnv - ok
19:39:31.0624 3728 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:39:31.0624 3728 sffdisk - ok
19:39:31.0655 3728 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:39:31.0655 3728 sffp_mmc - ok
19:39:31.0671 3728 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:39:31.0671 3728 sffp_sd - ok
19:39:31.0687 3728 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:39:31.0702 3728 sfloppy - ok
19:39:31.0733 3728 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
19:39:31.0749 3728 SharedAccess - ok
19:39:31.0780 3728 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
19:39:31.0796 3728 ShellHWDetection - ok
19:39:31.0811 3728 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:39:31.0811 3728 SiSRaid2 - ok
19:39:31.0843 3728 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:39:31.0843 3728 SiSRaid4 - ok
19:39:31.0921 3728 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
19:39:31.0967 3728 slsvc - ok
19:39:31.0999 3728 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
19:39:31.0999 3728 SLUINotify - ok
19:39:32.0030 3728 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:39:32.0045 3728 Smb - ok
19:39:32.0092 3728 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
19:39:32.0092 3728 SNMPTRAP - ok
19:39:32.0155 3728 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
19:39:32.0170 3728 Sony Ericsson PCCompanion - ok
19:39:32.0201 3728 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:39:32.0201 3728 spldr - ok
19:39:32.0248 3728 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
19:39:32.0264 3728 Spooler - ok
19:39:32.0295 3728 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:39:32.0295 3728 srv - ok
19:39:32.0326 3728 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:39:32.0326 3728 srv2 - ok
19:39:32.0357 3728 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:39:32.0357 3728 srvnet - ok
19:39:32.0373 3728 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
19:39:32.0389 3728 SSDPSRV - ok
19:39:32.0404 3728 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
19:39:32.0420 3728 SstpSvc - ok
19:39:32.0435 3728 Steam Client Service - ok
19:39:32.0498 3728 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:39:32.0513 3728 Stereo Service - ok
19:39:32.0545 3728 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
19:39:32.0560 3728 stisvc - ok
19:39:32.0591 3728 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:39:32.0591 3728 swenum - ok
19:39:32.0654 3728 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
19:39:32.0669 3728 swprv - ok
19:39:32.0685 3728 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:39:32.0685 3728 Symc8xx - ok
19:39:32.0716 3728 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:39:32.0716 3728 Sym_hi - ok
19:39:32.0763 3728 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:39:32.0763 3728 Sym_u3 - ok
19:39:32.0825 3728 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
19:39:32.0841 3728 SysMain - ok
19:39:32.0857 3728 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
19:39:32.0872 3728 TabletInputService - ok
19:39:32.0903 3728 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
19:39:32.0903 3728 TapiSrv - ok
19:39:32.0919 3728 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
19:39:32.0919 3728 TBS - ok
19:39:32.0966 3728 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
19:39:32.0981 3728 Tcpip - ok
19:39:33.0013 3728 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
19:39:33.0028 3728 Tcpip6 - ok
19:39:33.0059 3728 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
19:39:33.0059 3728 tcpipreg - ok
19:39:33.0075 3728 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:39:33.0075 3728 TDPIPE - ok
19:39:33.0106 3728 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:39:33.0106 3728 TDTCP - ok
19:39:33.0122 3728 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:39:33.0122 3728 tdx - ok
19:39:33.0153 3728 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:39:33.0153 3728 TermDD - ok
19:39:33.0184 3728 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
19:39:33.0184 3728 TermService - ok
19:39:33.0231 3728 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
19:39:33.0231 3728 Themes - ok
19:39:33.0262 3728 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:39:33.0262 3728 THREADORDER - ok
19:39:33.0293 3728 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
19:39:33.0293 3728 TrkWks - ok
19:39:33.0340 3728 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
19:39:33.0340 3728 TrustedInstaller - ok
19:39:33.0371 3728 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:33.0371 3728 tssecsrv - ok
19:39:33.0403 3728 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:39:33.0418 3728 tunmp - ok
19:39:33.0465 3728 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:39:33.0465 3728 tunnel - ok
19:39:33.0496 3728 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:39:33.0496 3728 uagp35 - ok
19:39:33.0527 3728 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:39:33.0543 3728 udfs - ok
19:39:33.0574 3728 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
19:39:33.0574 3728 UI0Detect - ok
19:39:33.0590 3728 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:39:33.0590 3728 uliagpkx - ok
19:39:33.0621 3728 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:39:33.0621 3728 uliahci - ok
19:39:33.0652 3728 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:39:33.0652 3728 UlSata - ok
19:39:33.0683 3728 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:39:33.0683 3728 ulsata2 - ok
19:39:33.0715 3728 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:39:33.0715 3728 umbus - ok
19:39:33.0746 3728 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
19:39:33.0746 3728 upnphost - ok
19:39:33.0777 3728 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:39:33.0777 3728 USBAAPL64 - ok
19:39:33.0824 3728 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:33.0824 3728 usbccgp - ok
19:39:33.0839 3728 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:39:33.0839 3728 usbcir - ok
19:39:33.0886 3728 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:39:33.0902 3728 usbehci - ok
19:39:33.0949 3728 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:39:33.0949 3728 usbhub - ok
19:39:33.0980 3728 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:39:33.0980 3728 usbohci - ok
19:39:34.0027 3728 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
19:39:34.0027 3728 usbprint - ok
19:39:34.0089 3728 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
19:39:34.0089 3728 usbscan - ok
19:39:34.0105 3728 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:34.0105 3728 USBSTOR - ok
19:39:34.0136 3728 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:39:34.0136 3728 usbuhci - ok
19:39:34.0167 3728 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
19:39:34.0167 3728 UxSms - ok
19:39:34.0198 3728 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
19:39:34.0214 3728 vds - ok
19:39:34.0245 3728 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:34.0245 3728 vga - ok
19:39:34.0261 3728 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:39:34.0261 3728 VgaSave - ok
19:39:34.0292 3728 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:39:34.0292 3728 viaide - ok
19:39:34.0307 3728 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:39:34.0307 3728 volmgr - ok
19:39:34.0339 3728 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:39:34.0354 3728 volmgrx - ok
19:39:34.0370 3728 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:39:34.0370 3728 volsnap - ok
19:39:34.0401 3728 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:39:34.0401 3728 vsmraid - ok
19:39:34.0448 3728 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
19:39:34.0479 3728 VSS - ok
19:39:34.0495 3728 vtany - ok
19:39:34.0526 3728 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
19:39:34.0541 3728 W32Time - ok
19:39:34.0557 3728 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:39:34.0557 3728 WacomPen - ok
19:39:34.0604 3728 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:39:34.0604 3728 Wanarp - ok
19:39:34.0604 3728 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:39:34.0604 3728 Wanarpv6 - ok
19:39:34.0635 3728 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
19:39:34.0651 3728 wcncsvc - ok
19:39:34.0682 3728 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
19:39:34.0682 3728 WcsPlugInService - ok
19:39:34.0697 3728 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:39:34.0697 3728 Wd - ok
19:39:34.0729 3728 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:39:34.0744 3728 Wdf01000 - ok
19:39:34.0760 3728 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:39:34.0760 3728 WdiServiceHost - ok
19:39:34.0775 3728 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:39:34.0775 3728 WdiSystemHost - ok
19:39:34.0791 3728 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
19:39:34.0791 3728 WebClient - ok
19:39:34.0822 3728 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
19:39:34.0838 3728 Wecsvc - ok
19:39:34.0853 3728 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
19:39:34.0853 3728 wercplsupport - ok
19:39:34.0869 3728 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
19:39:34.0869 3728 WerSvc - ok
19:39:34.0916 3728 WinDefend - ok
19:39:34.0916 3728 WinHttpAutoProxySvc - ok
19:39:34.0978 3728 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
19:39:34.0994 3728 Winmgmt - ok
19:39:35.0072 3728 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
19:39:35.0103 3728 WinRM - ok
19:39:35.0150 3728 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
19:39:35.0165 3728 Wlansvc - ok
19:39:35.0197 3728 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:39:35.0197 3728 WmiAcpi - ok
19:39:35.0228 3728 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
19:39:35.0228 3728 wmiApSrv - ok
19:39:35.0259 3728 WMPNetworkSvc - ok
19:39:35.0290 3728 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
19:39:35.0306 3728 WPCSvc - ok
19:39:35.0337 3728 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
19:39:35.0337 3728 WPDBusEnum - ok
19:39:35.0368 3728 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:39:35.0368 3728 WpdUsb - ok
19:39:35.0477 3728 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:39:35.0493 3728 WPFFontCache_v0400 - ok
19:39:35.0524 3728 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:39:35.0524 3728 ws2ifsl - ok
19:39:35.0555 3728 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
19:39:35.0555 3728 wscsvc - ok
19:39:35.0571 3728 WSearch - ok
19:39:35.0649 3728 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
19:39:35.0680 3728 wuauserv - ok
19:39:35.0711 3728 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:35.0711 3728 WUDFRd - ok
19:39:35.0743 3728 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
19:39:35.0758 3728 wudfsvc - ok
19:39:35.0836 3728 X6va001 - ok
19:39:35.0852 3728 X6va002 - ok
19:39:35.0867 3728 X6va003 - ok
19:39:35.0883 3728 X6va005 - ok
19:39:35.0899 3728 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
19:39:35.0930 3728 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
19:39:35.0930 3728 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
19:39:35.0930 3728 Boot (0x1200) (36be430ea7a868aacbe2cbbe340d6a41) \Device\Harddisk0\DR0\Partition0
19:39:35.0945 3728 \Device\Harddisk0\DR0\Partition0 - ok
19:39:35.0945 3728 ============================================================
19:39:35.0945 3728 Scan finished
19:39:35.0945 3728 ============================================================
19:39:35.0961 1540 Detected object count: 1
19:39:35.0961 1540 Actual detected object count: 1
19:40:00.0937 1540 \Device\Harddisk0\DR0\# - copied to quarantine
19:40:00.0937 1540 \Device\Harddisk0\DR0 - copied to quarantine
19:40:00.0968 1540 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
19:40:00.0968 1540 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
19:40:00.0968 1540 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
19:40:00.0968 1540 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
19:40:00.0968 1540 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
19:40:00.0968 1540 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
19:40:00.0968 1540 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
19:40:00.0983 1540 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
19:40:00.0983 1540 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:40:00.0983 1540 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:40:00.0983 1540 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:40:00.0983 1540 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:40:00.0983 1540 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
19:40:00.0983 1540 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
19:40:00.0983 1540 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
19:40:01.0030 1540 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
19:40:01.0030 1540 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
19:40:01.0061 1540 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
19:40:01.0077 1540 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
19:40:01.0093 1540 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
19:40:01.0093 1540 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
19:40:01.0093 1540 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
19:40:01.0171 1540 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
19:40:01.0171 1540 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
19:40:01.0171 1540 \Device\Harddisk0\DR0 - ok
19:40:01.0186 1540 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
19:40:03.0682 3924 Deinitialize success
__________________

Alt 25.03.2012, 20:20   #4
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



OTL.Txt ist mittendrin voll von japanischen(?) Schriftzeichen und lässt sich hier nicht einfügen ----> hier ohne die Zeichen, die nach "O1 - Hosts:" stehen.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.03.2012 19:53:20 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,76% Memory free
4,23 Gb Paging File | 2,99 Gb Available in Paging File | 70,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 267,03 Gb Free Space | 44,79% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.25 19:51:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.30 18:51:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.06.05 02:14:58 | 011,932,968 | ---- | M] (EIZO NANAO CORPORATION) -- C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.30 18:51:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.19 00:39:26 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.15 02:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.25 23:04:56 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.12.18 23:47:30 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2008.12.18 23:47:18 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.12.18 23:47:10 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.12.18 23:46:36 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.01.25 10:46:52 | 000,150,016 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.01.21 04:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2009.03.05 10:56:57 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{FA53070F-6E4E-4625-BFCE-25E983AF69A4}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=45e8c160-fd8e-11e0-aa07-00241d1176c4&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 52 69 E3 24 07 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {EF502BDC-8414-4D05-8929-D634B0873592}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EF502BDC-8414-4D05-8929-D634B0873592}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{FA53070F-6E4E-4625-BFCE-25E983AF69A4}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=45e8c160-fd8e-11e0-aa07-00241d1176c4&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.17 18:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.18 17:50:10 | 000,000,000 | ---D | M]
 
[2009.06.20 19:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2012.01.06 13:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions
[2011.10.22 02:57:21 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.25 13:37:41 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\keyscrambler@qfx.software.corporation
[2011.10.22 02:57:20 | 000,000,000 | ---D | M] ("Undo Detach Tab") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\undodetachtab@alice0775
[2012.02.18 17:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6AH6H4JS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.17 18:16:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: vshare plugin = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_1\
 
O1 HOSTS File: ([2012.02.18 17:58:56 | 000,439,137 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts:
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michael\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michael\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E816D11-4E0D-46C5-B8E1-EE3EABC8F384}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.25 19:51:49 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012.03.25 19:40:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.03.25 19:32:24 | 002,066,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe
[2012.03.23 20:33:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Mozilla-Cache
[2012.03.23 20:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2012.03.23 20:31:07 | 000,000,000 | ---D | C] -- C:\Programs
[2012.03.18 01:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.29 21:11:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Praktikum ;)
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.25 19:51:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012.03.25 19:49:18 | 001,451,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.25 19:49:18 | 000,630,604 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.25 19:49:18 | 000,597,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.25 19:49:18 | 000,127,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.25 19:49:18 | 000,104,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.25 19:41:42 | 000,005,312 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 19:41:40 | 000,005,312 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 19:41:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.25 19:41:24 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.25 19:40:05 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1999053676-3161577315-4271355828-1002Core.job
[2012.03.25 19:32:22 | 002,066,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe
[2012.03.25 19:31:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1999053676-3161577315-4271355828-1002UA.job
[2012.03.24 22:07:31 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.03.24 19:58:37 | 000,000,876 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg90729.exe.lnk
[2012.03.24 13:35:34 | 316,789,993 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.23 20:32:25 | 000,001,643 | ---- | M] () -- C:\Users\Michael\Desktop\PartyPoker.lnk
[2012.03.18 01:49:25 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.16 23:13:43 | 000,403,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.06 01:33:22 | 000,070,656 | ---- | M] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.05 22:34:33 | 012,662,795 | ---- | M] () -- C:\Users\Michael\Desktop\Egosoft.rar
[2012.02.29 01:08:12 | 003,945,496 | ---- | M] () -- C:\Users\Michael\Desktop\Olly Murs Feat. Rizzle Kicks - Heart Skips A Beat (Original Version) [HQ].mp3
[2012.02.29 01:07:57 | 003,930,472 | ---- | M] () -- C:\Users\Michael\Desktop\Cleaning Out My Closet-Eminem.mp3
[2012.02.29 01:07:35 | 003,054,212 | ---- | M] () -- C:\Users\Michael\Desktop\Milow Ayo Technology lyrics.mp3
[2012.02.29 01:07:11 | 004,456,718 | ---- | M] () -- C:\Users\Michael\Desktop\Cro - Easy Lyrics Full HD.mp3
[2012.02.29 01:06:46 | 004,457,956 | ---- | M] () -- C:\Users\Michael\Desktop\Taio Cruz Troublemaker.mp3
[2012.02.29 01:06:23 | 003,816,010 | ---- | M] () -- C:\Users\Michael\Desktop\Eminem- Lose Yourself.mp3
[2012.02.29 01:06:01 | 004,208,330 | ---- | M] () -- C:\Users\Michael\Desktop\Eminem - Like toy soldiers.mp3
[2012.02.29 01:05:36 | 007,201,420 | ---- | M] () -- C:\Users\Michael\Desktop\prinz pi - stan.mp3
[2012.02.29 01:05:01 | 004,810,449 | ---- | M] () -- C:\Users\Michael\Desktop\KOLLEGAH - 1001 NACHT.mp3
[2012.02.27 01:04:04 | 000,002,622 | ---- | M] () -- C:\Users\Michael\Desktop\1-8087097-6617-t.jpg
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.24 22:07:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.24 19:58:37 | 000,000,876 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg90729.exe.lnk
[2012.03.23 20:32:25 | 000,001,643 | ---- | C] () -- C:\Users\Michael\Desktop\PartyPoker.lnk
[2012.03.18 01:49:25 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.05 22:31:19 | 012,662,795 | ---- | C] () -- C:\Users\Michael\Desktop\Egosoft.rar
[2012.02.29 01:07:58 | 003,945,496 | ---- | C] () -- C:\Users\Michael\Desktop\Olly Murs Feat. Rizzle Kicks - Heart Skips A Beat (Original Version) [HQ].mp3
[2012.02.29 01:07:37 | 003,930,472 | ---- | C] () -- C:\Users\Michael\Desktop\Cleaning Out My Closet-Eminem.mp3
[2012.02.29 01:07:17 | 003,054,212 | ---- | C] () -- C:\Users\Michael\Desktop\Milow Ayo Technology lyrics.mp3
[2012.02.29 01:06:55 | 004,456,718 | ---- | C] () -- C:\Users\Michael\Desktop\Cro - Easy Lyrics Full HD.mp3
[2012.02.29 01:06:26 | 004,457,956 | ---- | C] () -- C:\Users\Michael\Desktop\Taio Cruz Troublemaker.mp3
[2012.02.29 01:06:03 | 003,816,010 | ---- | C] () -- C:\Users\Michael\Desktop\Eminem- Lose Yourself.mp3
[2012.02.29 01:05:37 | 004,208,330 | ---- | C] () -- C:\Users\Michael\Desktop\Eminem - Like toy soldiers.mp3
[2012.02.29 01:05:04 | 007,201,420 | ---- | C] () -- C:\Users\Michael\Desktop\prinz pi - stan.mp3
[2012.02.29 01:04:33 | 004,810,449 | ---- | C] () -- C:\Users\Michael\Desktop\KOLLEGAH - 1001 NACHT.mp3
[2012.02.27 01:03:40 | 000,002,622 | ---- | C] () -- C:\Users\Michael\Desktop\1-8087097-6617-t.jpg
[2011.12.19 22:36:10 | 000,000,163 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\PLGComp.ini
[2011.11.05 18:44:52 | 000,051,186 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\room_v3.dat
[2011.10.30 18:51:29 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.23 02:24:15 | 000,001,356 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2011.10.22 03:33:38 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.08 18:05:55 | 000,017,408 | ---- | C] () -- C:\Users\Michael\AppData\Local\WebpageIcons.db
[2011.04.15 21:43:15 | 000,046,658 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\room.dat
[2010.11.21 12:38:18 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.11.21 12:38:18 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.12 23:54:46 | 000,138,880 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
 
========== LOP Check ==========
 
[2011.10.10 00:21:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2011.10.22 02:57:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAoC Portal
[2011.07.21 19:09:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2011.04.13 21:59:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.06.26 12:54:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Electronic Arts
[2011.08.28 14:43:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FOG Downloader
[2011.02.05 21:09:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FVZilla
[2011.10.22 02:57:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GetRightToGo
[2011.10.22 02:57:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2010.11.13 22:13:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Image Zone Express
[2011.10.22 02:57:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IrfanView
[2012.01.17 00:00:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LibreOffice
[2010.07.20 14:13:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient
[2009.11.27 14:54:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.07.25 14:32:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Miranda
[2011.01.02 00:49:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mumble
[2010.12.20 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Need for Speed World
[2011.07.30 00:25:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Octoshape
[2009.12.06 16:21:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenOffice.org
[2011.09.08 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Opera
[2009.06.20 15:45:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PeerNetworking
[2010.11.13 22:08:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Printer Info Cache
[2011.10.22 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QFX Software
[2011.02.05 21:03:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RayV
[2011.07.28 16:14:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TeamViewer
[2011.11.21 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client
[2012.03.25 19:40:27 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.10.23 02:36:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.10.15 01:05:19 | 000,000,000 | ---D | M] -- C:\5df39368baf6cd41c05ebaedf05f
[2011.10.22 02:59:15 | 000,000,000 | ---D | M] -- C:\83eaa1e121a24b94c433c460
[2009.06.20 19:11:58 | 000,000,000 | -HSD | M] -- C:\Boot
[2010.08.13 18:05:16 | 000,000,000 | ---D | M] -- C:\CFLog
[2012.02.19 01:25:15 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2011.10.22 02:59:15 | 000,000,000 | ---D | M] -- C:\Dark Age of Camelot - Catacombs
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.03.17 15:53:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.06.06 16:50:53 | 000,000,000 | ---D | M] -- C:\downloads
[2010.07.19 02:56:03 | 000,000,000 | ---D | M] -- C:\FavoriteVideo
[2011.10.22 02:59:15 | 000,000,000 | ---D | M] -- C:\Fraps
[2009.03.05 11:01:21 | 000,000,000 | ---D | M] -- C:\Intel
[2009.12.06 17:10:34 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.06.20 20:34:54 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.10 21:50:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.24 18:26:41 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.24 22:07:31 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.03.17 15:53:46 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.03.23 20:31:07 | 000,000,000 | ---D | M] -- C:\Programs
[2011.07.21 15:05:47 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012.03.25 19:55:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.25 19:40:00 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2011.03.25 23:04:56 | 000,000,000 | ---D | M] -- C:\Temp
[2011.10.23 02:58:47 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.24 13:35:34 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2010.02.06 15:24:58 | 000,004,608 | ---- | M] () MD5=F1F87C4F938BC890F04FA4C538C2D522 -- C:\Users\Michael\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v40266245\Native\STUBEXE\@SYSTEM@\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >
         
--- --- ---

Alt 25.03.2012, 20:21   #5
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Extras.TxtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.03.2012 19:53:20 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,76% Memory free
4,23 Gb Paging File | 2,99 Gb Available in Paging File | 70,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 267,03 Gb Free Space | 44,79% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 55 BE 6D 49 CA F1 C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1999053676-3161577315-4271355828-1002]
"EnableNotificationsRef" = 3
"EnableNotifications" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1999053676-3161577315-4271355828-501]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122A46A-0CB8-4241-853E-8C0E42AA9169}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{056DE134-E524-47BE-857E-B212997B5A8B}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{09E6DA8B-7B1A-4530-A83C-964349700C2D}" = lport=28013 | protocol=6 | dir=in | name=s4 league port 4 | 
"{0D28B7D0-34A5-46AF-AE61-8DB7B6A326C6}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher | 
"{0F6A8CBF-1E9D-4341-898B-A5CAB9E128D8}" = lport=6981 | protocol=17 | dir=in | name=league of legends launcher | 
"{102D10EE-8582-44FF-8D63-A71ED29CAA4B}" = lport=6978 | protocol=17 | dir=in | name=league of legends launcher | 
"{154E7244-092A-43B8-B77E-A84304DF27C4}" = lport=28012 | protocol=6 | dir=in | name=s4 league port 3 | 
"{22D7D41E-BEA6-43C1-9512-78BFEC5405B4}" = lport=6112 | protocol=6 | dir=in | name=wc3 battle net | 
"{28016EDF-C985-48F5-B936-1817AD058540}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher | 
"{28D10880-06F6-47BC-9E5C-DC8087240855}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{2A1FB43E-C501-4601-8B1F-3F621BCC024C}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher | 
"{41C1DACE-AC04-459F-BBB0-B537A13B7066}" = lport=6903 | protocol=6 | dir=in | name=league of legends launcher | 
"{490F5FD4-B136-4F72-B8E1-2630D7C27C53}" = lport=6978 | protocol=6 | dir=in | name=league of legends launcher | 
"{52E13312-6177-46B9-B9D7-84526D46A478}" = lport=28002 | protocol=6 | dir=in | name=s4 league port 1 | 
"{57C84A46-C87F-4483-A5D2-6265E3184400}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher | 
"{6DFA072A-8871-4896-BBE3-77072E40D2EF}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher | 
"{7B9AFA5D-D881-4003-847F-A4FA183AF64C}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher | 
"{809A985C-27DF-4959-9620-3D1138E64344}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{85DFEC99-CDB9-4879-97C9-3F688DE67F8C}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{87AE776F-1C44-4850-95D1-E59180F0D9FF}" = lport=28008 | protocol=6 | dir=in | name=s4 league port 2 | 
"{8B21CE41-CFFC-417F-95A1-D7FAA0D88C62}" = lport=6903 | protocol=17 | dir=in | name=league of legends launcher | 
"{8CD82443-25CF-435F-A571-14F040DB1753}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher | 
"{9E0C44A7-2F77-4B21-96A9-DAF73489A6B9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{A0A0975E-6E57-46C0-9C54-632C0EF91F84}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{A67D3529-FE96-4F1C-884E-C382AF1D9484}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{A7DA0A1D-6A78-424A-9ED2-80628B681C06}" = lport=6981 | protocol=6 | dir=in | name=league of legends launcher | 
"{AAE39E95-B81F-4821-8ACA-FB566FC3B1DA}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher | 
"{AFAB3DD3-1F5E-4F4C-9850-445BCE5E4378}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{B7965165-B2EC-4394-A742-6DFFF819F135}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher | 
"{B9E2DD47-B718-457B-A39F-9E8F5506C227}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{C19DAA05-6ECE-4061-8292-E20A721153F0}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{DFC9FC7D-727A-484D-8197-02CE46B4BFA2}" = lport=6881 | protocol=6 | dir=in | name=blizzard dl | 
"{E4ECE1C6-115E-4547-9443-C954E6124336}" = lport=49239 | protocol=6 | dir=in | name=akamai netsession interface | 
"{E8ED1438-9B46-4DF1-A8D2-010140E2105E}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher | 
"{EF5B6F1C-99E7-474B-99DB-CF629C54B9D7}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher | 
"{FC97BE74-5DB3-41EA-A5BA-24B303C14ECC}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E57AAC-B0E3-4272-A0ED-0DF2472B5BC2}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"{0298AA0A-E757-466C-B643-8DC7A2374B75}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{02ACBBCC-D5AE-4151-851C-A99B38F037D1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{03828862-CB97-4BF9-9B09-D2D3CE90C729}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{04389770-DE71-4173-B36A-B9790BEC26C7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{05954B10-4A84-46CB-87F4-9792B9889DF1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{06F1B349-39B7-4EDD-A42D-4C86670B8EF8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{072B8356-6DE0-43A6-AB48-2DD0360E1F2C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{074CF328-C579-4561-8911-698A5EB5EBA4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{07C1A740-0263-4F93-A7FC-D0BA58D8D858}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{0810C4A2-6283-45CC-8B9B-D3B23D247409}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{08B24F71-01BF-4808-9735-DE8CB4A185FF}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\downloadprogress.exe | 
"{16D5AAE1-2FCD-4997-8513-134B07286FF5}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{17B7D436-342C-4FC6-AD14-60ACA5C7CD74}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppvadownload.exe | 
"{17C56504-63A4-4CE2-AE29-E58DA8415754}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1BAF6CAC-BAF9-49CC-8EE4-BC6F41301FF6}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{1FDB68B5-9D4D-46DD-A404-18BFEDF3E8CD}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\crashreporter.exe | 
"{2169081A-7F12-4E1B-89E1-15E17469F9D5}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\air\lolclient.exe | 
"{21B9B927-3566-4878-AD02-C1FE3AD56156}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{23BF37FC-6A55-4A25-8AC5-3061633B45FD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2579E9AF-EE6F-4370-815B-6A6524000DED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2595FD48-6FC8-4894-8B6E-0C258333CDAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{266A762C-8393-41FE-BE60-CDC8D18E6D85}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\crashreporter.exe | 
"{26E1EDD1-F134-42F0-8B89-584DFECAE05C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{2796BA1A-65B9-49CD-80C5-2F051E4EF691}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
"{284D2092-099C-4237-A39E-CE022F7C0F89}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2BDF309B-D74A-40CE-877B-A3D407BCA68A}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{2E954DF7-84C1-4A59-BC0A-3E68C29EF6D7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{2EAF7D9A-E62B-42A8-8BA9-43E26672BB67}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe | 
"{2F071087-D349-4CA9-8B6F-554F61D64F87}" = protocol=6 | dir=in | app=c:\program files (x86)\petroglyph\rise of immortals\roiclientr.exe | 
"{3305FBB7-E6C7-409E-82F4-4CFAB16ED620}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"{334C0EA3-2414-49D4-80F9-1F008EC56CD4}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\game\league of legends.exe | 
"{35DF9019-6AC6-4ED1-AF86-9C8BDF82F1FC}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\game\league of legends.exe | 
"{360501C8-D49A-45E0-A9C9-522CD188F54C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{36C4463F-48A5-467B-959C-BA724BA009A0}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva_u.exe | 
"{383D3551-80AF-4709-8AFE-216780FF4B7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3A223D83-D39C-4164-941C-41B188938039}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{3F0D5DF0-8BDC-49A9-83A4-DB0FE2F683A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4006C515-520F-45F5-983B-9D2610BF561C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{417E392F-4BFC-4236-BD4F-9C4230263D8C}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\air\lolclient.exe | 
"{418265F6-1C9F-478D-876B-752EB871BF84}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva.exe | 
"{4249DC39-725C-49F5-A45D-889BBC73E453}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{427428F2-E705-4F00-82BA-2A405BD80A2D}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{4339EB0C-CB0D-4D40-8308-A2A9FA951891}" = protocol=17 | dir=in | app=c:\program files (x86)\alaplaya\s4league\patcher_s4.exe | 
"{436997AF-377C-4FF0-959A-895D93F8D438}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"{4573311D-0A94-4C4D-A7ED-0E2E945E9B2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{527EB298-BC2F-4DDD-9DD5-FA044833E9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppvadownload.exe | 
"{5537D85F-A2DA-43D0-AD11-1BF5292B2735}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{565063E6-5FED-464F-8A4D-E16002B1C4A2}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"{59956AC8-9E17-4CE2-A858-581C2775A7C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5BFCF657-9539-49B6-9981-BE53C0E61456}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe | 
"{5DBB8336-C495-4963-918F-AE91D3C2F5CC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{5EE226C4-9005-4AFE-B31E-D575C5E86C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{5FC0597A-F3C4-4940-AE3B-C61E930FF019}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii\versions\base18092\sc2.exe | 
"{62CA1AC3-38ED-4879-BF54-D4C9D2A084B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6546E387-03A4-407F-ACE9-58561E8F7601}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{683758F6-A3F0-4EDF-9FCC-3B0BCC52CBD4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{699BD229-12F4-4316-A2EA-C25F2019F9E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6A1FACEA-A4D4-4000-BC91-63FB3FCE41FE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{6BCEC83E-8B92-45C4-9D19-008B3E3E8D50}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6D1CEBAD-5550-43C1-A3DA-0FD94A5F5DE0}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii\versions\base19679\sc2.exe | 
"{706142DE-177C-4B43-BEDA-FE149AE9AE76}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva.exe | 
"{72C36314-40C5-4885-86B8-D6796CF09DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{72FCAF53-E86B-4610-A4A5-973FD647D8E5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{73C9B64A-FCD3-4184-B559-1923E5A086E0}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{7B2BBFA8-3D55-42CB-AFDD-F7A672B4E4A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7C6827E7-1B47-45D1-8D9F-F6A2956472E9}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{7E10405F-0D70-429B-AB30-4384DC26E998}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{839D3579-D555-4D7F-96BC-B3947B6C9E18}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{8818AD1E-CFA3-4E91-BCA3-072FF8E5573F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8AED45D8-8405-4A29-8141-1ED1E690B0EA}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
"{8C5C82C1-C706-490B-87A9-1A82BEB4DBF7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{8C9A17D0-C24D-451E-B11B-15B696A1919E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{91275978-5303-48AA-B003-14A6425E45C7}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{954ACA57-B61D-4968-B6E1-668B90A744AF}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{9690D3D9-1F68-4848-AC21-9371CEB0FE94}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii\versions\base19679\sc2.exe | 
"{96A98C84-0782-4D39-9D05-8A32E6BF2F28}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\lol.launcher.exe | 
"{971D40C7-32A0-4E1B-BF25-7A9866AE5483}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"{97246F94-4878-448C-99B1-8DA11070331A}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\lol.launcher.exe | 
"{98956617-BBE0-4C34-997D-8AB6C63FAB77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{993192BC-1B6C-4735-A867-6AA92359235B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{993E7761-B74D-48A0-BE4B-F0A25841B0DA}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{9A483A68-4880-49B4-A4A1-5E105EC447F2}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{9D5E20DF-DCC2-4F61-927A-86170FC76EF0}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\flvpick.exe | 
"{A226B027-E0C3-4FD8-9D47-41CEB32B7478}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{A66F722F-DE4C-49C5-B4E6-043DED108F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{AA05ED7C-BBF3-408B-8151-DB7780BD68CB}" = protocol=6 | dir=in | app=c:\users\michael\downloads\homm_v1000(2).exe | 
"{AADDD65A-7F82-4B3F-B38B-1100CF97D4C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AEEEB85B-0426-4CE3-BB30-3B34FBAF7EA8}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{B45C1919-8F1B-41AB-AB97-3619BFC8C934}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii\starcraft ii.exe | 
"{B6AB4D0A-2E84-4E7E-9C90-0D848E4E2171}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{B6E201F6-7F49-41AE-A1DD-919557C37A21}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{B8000E55-CE0D-4102-94FD-92A0D7F13041}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{BAEDC47C-9C7F-4294-BD03-FCD7C1630394}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15976\sc2.exe | 
"{BB841F38-5BCB-4273-B6CC-A6F4EE60CC5D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{BB94EA26-137A-4B27-983B-52C805797D76}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{BE8F6C0E-68C8-4062-B37F-9985D29B77AF}" = protocol=6 | dir=in | app=c:\program files (x86)\alaplaya\s4league\patcher_s4.exe | 
"{BF1FD935-FF6C-490A-AF4E-DB51D24FE7EC}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"{BF2FD075-D610-49E3-8E8A-36B6C084EDD9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{C115AED8-8484-4279-AAAD-43C597050281}" = protocol=17 | dir=in | app=c:\users\public\games\starcraft ii\versions\base18092\sc2.exe | 
"{C4677C0B-2110-4EDD-AE4E-EB976AEC10CB}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{C4DFEFBD-ADF8-4F75-8B8D-7B6F428BD32C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{C739D671-B5AF-4EB0-BB2C-773E0ACC2500}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\downloadprogress.exe | 
"{C749D529-3ADE-4247-B835-1F23A6C81F66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CA4D41A6-1B50-4A13-9BDB-2A4B04A10231}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{D3CDBBBC-8706-4A5B-A60E-425EE995E3ED}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"{DC37B27A-0AFF-4A15-9BB7-8BAB5DC8BA6C}" = protocol=6 | dir=in | app=c:\users\public\games\starcraft ii\starcraft ii.exe | 
"{DF36E914-93A6-4927-A1CE-E46D4E124095}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{DF543F2E-4B13-4C2D-A0DB-624B9DB8A836}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E05D6BF8-4B5B-4606-A5BE-6E8A140BF082}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"{E1D940D4-9BA8-4CE4-9CBB-13034D141A70}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe | 
"{E20814B1-06AC-4F4D-B1CF-FE8A3E5B2C2B}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"{E243C577-69AF-4B09-B86F-D5FAA4664850}" = protocol=17 | dir=in | app=c:\users\michael\downloads\homm_v1000(2).exe | 
"{E2619355-B23E-441C-8310-160AA7A93CFB}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{E935D7B4-FEFB-4946-8CE0-D09A329EB4A3}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{ED5D6FFA-5C9C-4A79-AAB3-C07164477D26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EE3A7C54-616D-4C44-9980-B016629EC929}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\flvpick.exe | 
"{F09A31AA-2A69-419F-8A8E-0E31030C177F}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva_u.exe | 
"{F0A5FC5F-BFDB-43AB-94A2-DF67346671C3}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"{F10B26DF-F55C-42B0-AB84-BAB334171F59}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{F55BF6FE-2503-4165-9967-601445E29840}" = protocol=17 | dir=in | app=c:\program files (x86)\petroglyph\rise of immortals\roiclientr.exe | 
"{F8187FAB-9DC4-42DA-8B71-B160E5ACD8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{F8F28F9D-7EA2-489B-94BA-0874A5F1FF74}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{F9FF858F-51A0-4BB2-BCE4-5216C910AFCA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{FC64C91F-B78D-457B-943C-B027692DCFC0}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{FCCFA9F6-CA0B-4037-8F7C-D1EA61D0AA92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FDC012F9-D2B8-4B0A-A470-6EA60C1CE6C8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{FDC3043D-36F0-4E4E-A19A-8F1D1391FEFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FF63DF6E-D9B8-47CA-B515-81558C3BB8E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{008297C1-0191-4ADC-B002-3FA5F8033738}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{039314A7-727C-4592-98B5-27046D1CD220}C:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe | 
"TCP Query User{05413D6C-0F61-459C-B322-1B3542F6C745}E:\programme\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\programme\warcraft iii\war3.exe | 
"TCP Query User{0775F2D9-4C0D-422D-B7D8-6BC04E1BC822}C:\program files (x86)\steamless counterstrikesource pack\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steamless counterstrikesource pack\hl2.exe | 
"TCP Query User{091F6DF6-879A-4E30-9134-7ED4ADA234F1}C:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe | 
"TCP Query User{0DFC482C-DD77-4FC2-888B-F1B565A681E3}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe | 
"TCP Query User{162B6DD0-1B6C-481A-B93B-D17CCEC75A17}C:\program files (x86)\swtor\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\swtor\launcher.exe | 
"TCP Query User{17518E08-7E21-4DC9-B223-3BBDA48F1B15}C:\program files (x86)\counter-strike 1.6 v35\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6 v35\hl.exe | 
"TCP Query User{24CBCE38-589C-4D3E-B2E0-7102470C573E}C:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe | 
"TCP Query User{24D832D9-793A-4558-B3C2-20F3D4F51909}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe | 
"TCP Query User{2A6245AF-998A-4AF8-8D5E-FCEE1DA722FA}C:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe | 
"TCP Query User{2ADBBC5C-46DC-449E-8313-9ADEC6647931}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe | 
"TCP Query User{2D114A5D-7F34-43EB-9824-CC5B3A7F3C1F}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe | 
"TCP Query User{33E3FDA7-2DFB-4E89-9331-834CD35CC817}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{4DB0F3CC-1904-4B32-8263-9F437517057E}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{517EB4E8-E996-4445-A06C-7C9D793E1824}C:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe | 
"TCP Query User{5B728098-0935-436D-BDB8-6C7EF48E1CF3}C:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe | 
"TCP Query User{5D23D801-6F84-433C-98C5-8E34E903E627}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe | 
"TCP Query User{6D14DCCE-2383-47FC-AA36-5DD59593A344}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{72EBA4D4-8740-41A4-8E8D-F116E14CF3D9}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{73CA8C9A-BB27-41D4-976E-895DA51028A1}C:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe | 
"TCP Query User{777565FC-2E3C-4166-99F5-A29F9EB519CF}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe | 
"TCP Query User{7EE2242F-B3E1-4ECC-AF12-336428FB2E35}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{801D3A84-750E-4EF3-8AE4-FAEC79F31B57}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{848B5617-EC16-4CA8-BD7A-0A9E4433BE9E}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{8AA3F848-F800-48EF-B3B9-980C452723CC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{9CCBE6DA-A656-4C9B-803B-354D509CA3EB}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe | 
"TCP Query User{9D762284-BECB-4AA8-8C8F-C3F3327C778F}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe | 
"TCP Query User{A7895CEC-42EB-43EF-A6C4-5C5A4B7DFD47}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{A9D47E46-6E04-467C-B2D8-13826D47A4AB}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{B75B8724-F2CD-4BFF-B32B-A9647D05AFAC}C:\program files (x86)\z8games\crossfire\cf_g4box.exe" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"TCP Query User{B79AF1ED-214F-4BDF-B4F7-68C740B8C515}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{B89D30AC-1122-4D1E-BB39-5598BC27D09B}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe | 
"TCP Query User{B8F2B24E-3825-47AB-88C4-06B7E0F05B92}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{BB66BCCF-609B-4BF3-B460-8914AACC106B}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe | 
"TCP Query User{C9FAE59E-4B82-40EC-B2F1-32B1888ED64F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{CCFF79A4-C26B-468E-B147-7296DED76DD0}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{D1CADD06-1B05-4AB3-B79A-AFD995D526F9}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{D35F1AB7-F2C6-4F57-8910-D8017F084E31}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{D37FD4D8-5ED9-4643-8A84-8C3A6E5C869D}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe | 
"TCP Query User{D938E506-79D6-40C1-A621-B255BDEBDD47}C:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe | 
"TCP Query User{D96ADD45-FE64-403E-92CC-608521A5CC42}C:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe | 
"TCP Query User{E6864631-9A97-4A5D-A95F-5115D48A742B}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{EFECAB8F-309F-4549-AD4D-B2C6A940619F}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe | 
"TCP Query User{F3B4A317-DD09-41AA-8363-634D471D33B4}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{FB43C66A-F699-4124-9A35-574F180A352D}C:\program files (x86)\alaplaya\s4league\s4client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\alaplaya\s4league\s4client.exe | 
"TCP Query User{FC24C887-25CD-4B47-AE90-E4CCDCE7A434}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{0638BD36-37F9-4C03-98BF-E5A0B8241B6C}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{07E80802-8F39-4045-BF17-F900F05E4993}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{0933D8BA-649C-48CC-91F9-BAB04737DC86}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe | 
"UDP Query User{0F8E310B-B214-4C69-A200-705C9E4052D6}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe | 
"UDP Query User{1031BF17-97CB-4D2B-B5A8-6E56C302C2C5}C:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\temp\7zipsfx.000\cf_downloader.exe | 
"UDP Query User{157769E8-3132-4AD8-A7EB-F5D86E6358E7}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{268FA8D8-1AB3-4D1D-8E08-368DFD92002A}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe | 
"UDP Query User{269AB78F-7172-4F49-9DBD-842F631F3B7B}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe | 
"UDP Query User{27D24624-3DD1-4C4A-8036-0877E4415D75}C:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe | 
"UDP Query User{2AC809CE-BE20-498E-B64F-50A2DA704328}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{34AAE97B-7CAA-46A4-AE2F-5ADCE6972934}C:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe | 
"UDP Query User{3A28D625-611A-43F2-99C8-3E2DC34A6113}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (1).exe | 
"UDP Query User{3CC39BC9-D9FC-40A8-86AE-B4F3228157F2}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe | 
"UDP Query User{44D712CA-81AB-4D88-946D-FF527D49912D}C:\program files (x86)\z8games\crossfire\cf_g4box.exe" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"UDP Query User{48396E73-AF3C-4F6B-828C-57464A473976}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{4A8B15D3-ABE5-43CA-9F2C-3BE1C185795B}C:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\michael\documents\icq\394477756\receivedfiles\428512373 waldi777\teamviewer.exe | 
"UDP Query User{4C020BCC-FDB5-470B-91D3-D43A970E169C}C:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15623\sc2.exe | 
"UDP Query User{4D39A7D7-0C23-46B9-9531-CD38AACB2D1F}E:\programme\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\programme\warcraft iii\war3.exe | 
"UDP Query User{5512D4CC-95D0-427C-A031-CA124033B3EF}C:\program files (x86)\alaplaya\s4league\s4client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\alaplaya\s4league\s4client.exe | 
"UDP Query User{60AEA6B2-42CF-4FE7-9D1A-BD8674E2264A}C:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15343\sc2.exe | 
"UDP Query User{6D7EDDBB-091A-4D15-ACE8-7C132A62166E}C:\program files (x86)\swtor\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\swtor\launcher.exe | 
"UDP Query User{6DB7F820-98F2-48EF-B853-8089F1CB0080}C:\program files (x86)\counter-strike 1.6 v35\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6 v35\hl.exe | 
"UDP Query User{7288B700-98E4-47BA-BA2F-92105EF81ECC}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{73C5AEB9-1972-4142-B631-60B16E130925}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{7B90455F-6E98-41A1-BC3B-1E0A9B1E82B5}C:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15392\sc2.exe | 
"UDP Query User{8B64D15C-A2F6-4AFB-9E71-26CB3D969A4D}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe | 
"UDP Query User{8C7C4017-855B-44EE-B236-26E498BEA147}C:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15250\sc2.exe | 
"UDP Query User{904F5901-F84E-4192-8B5E-DAA1CCA12661}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{93E8CCA6-63E8-47D5-9C34-D446B879C540}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{93EA8F9E-4DAF-4B6A-98E2-0A09D51EE70A}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{9F6698FD-641B-4355-8FF4-202FEB319BAC}C:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{A23DA009-FC7C-48D3-97DB-7743241CB227}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{A253C311-29D4-48A3-BAA7-744B22780CE1}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{A6FB0F2B-C453-4CDE-AC9D-C062F8E1B539}C:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mhett\team fortress 2\hl2.exe | 
"UDP Query User{A8EEE47E-6A47-4E85-9D63-660D5ED9F029}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{B1EF120E-A64A-49FF-8F46-2B9D251D2D52}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe | 
"UDP Query User{BFAB4E26-AF1D-46FA-A179-C1CC242EEBB2}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{C0A1EDC4-3081-4EC8-B1EB-B1A6473BB6D5}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{C9ADD2E3-8796-40AC-8077-D15FA8070867}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{D954BD94-7C00-4863-A8C0-986DA0EEAB1F}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe | 
"UDP Query User{DF7F19C2-B026-4E80-9FF2-848B592826B0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{E0B93BAF-9BC8-4BDF-B0A4-4CF0B9C336EE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{E0BDDC0F-C19E-4685-8661-AEFEFA5D7442}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu (2).exe | 
"UDP Query User{E2CD49C2-066D-4595-ADF5-404B54523F2A}C:\program files (x86)\steamless counterstrikesource pack\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steamless counterstrikesource pack\hl2.exe | 
"UDP Query User{E67D977D-DB3A-4793-BD80-612F5F907BF8}C:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe | 
"UDP Query User{EB79A1C8-9ECA-4890-8C51-0B882920A9C4}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe | 
"UDP Query User{ED49532B-E489-4F02-9500-7265D4544F72}C:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\opera\opera\temporary_downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe | 
"UDP Query User{EF9CF8AC-23D9-4F32-96E4-1A3F2B6841D4}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD068533-1A20-47F6-B1A2-196725B1320F}" = LibreOffice 3.3
"{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"capella2002-v4.0" = capella 2002, Version 4.0
"Diablo II" = Diablo II
"Focus Magic_is1" = Focus Magic 3.02
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.6
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.4.721
"Garena" = Garena
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"IrfanView" = IrfanView (remove only)
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 11.50.1074" = Opera 11.50
"PartyPoker" = PartyPoker
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"RiseOfImmortals" = Rise of Immortals
"StarCraft II" = StarCraft II
"SystemRequirementsLab" = System Requirements Lab
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.02.2012 18:23:13 | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5694
 
Error - 14.02.2012 18:23:14 | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.02.2012 18:23:14 | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6692
 
Error - 14.02.2012 18:23:14 | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6692
 
Error - 14.02.2012 18:23:25 | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.02.2012 18:23:25 | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17503
 
Error - 14.02.2012 18:23:25 | Computer Name = Michael-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17503
 
Error - 15.02.2012 16:15:54 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 10.0.1.4421, Zeitstempel
 0x4f32aa55, fehlerhaftes Modul NPSWF32.dll, Version 11.0.1.152, Zeitstempel 0x4e7d14af,
 Ausnahmecode 0xc0000005, Fehleroffset 0x003faaf0,  Prozess-ID 0x1074, Anwendungsstartzeit
 01ccebf24db423b0.
 
Error - 15.02.2012 17:15:09 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 10.0.1.4421, Zeitstempel
 0x4f32aa55, fehlerhaftes Modul NPSWF32.dll, Version 11.0.1.152, Zeitstempel 0x4e7d14af,
 Ausnahmecode 0xc0000005, Fehleroffset 0x002e7bc1,  Prozess-ID 0x173c, Anwendungsstartzeit
 01ccec259f6a3a90.
 
Error - 15.02.2012 17:16:31 | Computer Name = Michael-PC | Source = Application Hang | ID = 1002
Description = Programm plugin-container.exe, Version 10.0.1.4421 arbeitet nicht 
mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im
 Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
 über das Problem zu suchen.  Prozess-ID: b48  Anfangszeit: 01ccec270553bf60  Zeitpunkt
 der Beendigung: 74
 
[ System Events ]
Error - 24.03.2012 16:14:34 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 24.03.2012 16:26:15 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 24.03.2012 18:26:32 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 24.03.2012 18:28:34 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.03.2012 18:28:34 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.03.2012 18:52:35 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 24.03.2012 18:54:11 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 25.03.2012 13:41:42 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 25.03.2012 13:43:43 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.03.2012 13:43:43 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---


Alt 25.03.2012, 21:14   #6
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Schritt 1

Hosts reparieren

Lade Dir bitte HostsXpert herunter.
Entpacke die Zipdatei und starte das Tool.
Klicke nun auf Restore MS Hosts File--> Ok--> Exit Programm.
Solltest Du kein Zip-Programm haben kannst Du Dir die Testversion von Winzip herunterladen.

Schritt 2
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

Schritt 3

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Alt 25.03.2012, 21:27   #7
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Schritt 1

Hosts reparieren

Lade Dir bitte HostsXpert herunter.
Entpacke die Zipdatei und starte das Tool.
Klicke nun auf Restore MS Hosts File--> Ok-->

Bis dahin gehts, dann kommt ERROR: Cannot create file C:\Windows\system32\DRIVERS\ETC\hosts

Alt 25.03.2012, 21:34   #8
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Dann mach einmal die restlichen Schritte.

Alt 25.03.2012, 22:17   #9
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Der Text von der Combofix ist 9xx.xxx Zeichen lang... zu lang...

wie soll ich das hier reinbekommen ?

hier ist schonmal Shhritt 3.txt

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-25 22:17:50
-----------------------------
22:17:50.530 OS Version: Windows x64 6.0.6002 Service Pack 2
22:17:50.530 Number of processors: 2 586 0x1706
22:17:50.530 ComputerName: MICHAEL-PC UserName: Michael
22:17:52.309 Initialize success
22:17:59.102 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:17:59.102 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01113 Size: 610479MB BusType: 3
22:17:59.117 Disk 0 MBR read successfully
22:17:59.117 Disk 0 MBR scan
22:17:59.117 Disk 0 Windows VISTA default MBR code
22:17:59.117 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610477 MB offset 63
22:17:59.133 Disk 0 scanning C:\Windows\system32\drivers
22:18:04.562 Service scanning
22:18:09.023 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
22:18:15.170 Modules scanning
22:18:15.201 Disk 0 trace - called modules:
22:18:15.232 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
22:18:15.232 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002ac9790]
22:18:15.232 3 CLASSPNP.SYS[fffffa6000dc4c33] -> nt!IofCallDriver -> [0xfffffa8001cdb620]
22:18:15.762 5 acpi.sys[fffffa6000900fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002758060]
22:18:15.762 Scan finished successfully
22:18:29.896 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
22:18:29.912 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

Alt 25.03.2012, 22:53   #10
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Als Anhang wenns sonst nicht geht.

Alt 25.03.2012, 23:14   #11
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Hier ist's im Anhang
Angehängte Dateien
Dateityp: txt log.txt (685 Bytes, 109x aufgerufen)

Alt 25.03.2012, 23:31   #12
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Wieso ESET?

Alt 25.03.2012, 23:42   #13
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



oh fu** sorry war eindeutig die falsche datei...

Hier die richtige

Alt 26.03.2012, 00:07   #14
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Wie läufts?

Alt 26.03.2012, 14:01   #15
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)



Der Bundespolizei trojaner scheint weg zu sein, allerdings laufen meine Browser immernoch extrem langsam.

Antwort

Themen zu diverse Trojaner(u.a. Bundespolizei)
anhang, betriebssystem, bildschirm, brauche, browser, bundespolizei trojaner google links, diverse, euro, folge, google, infizierte, langsam, link, malwarebytes, meldung, paysafecard, schließt, schnell, sehr langsam, seite, seiten, selbständig, task-manager, taskleiste, trojaner, vista, windows-firewall, wirklich, öffnet



Ähnliche Themen: diverse Trojaner(u.a. Bundespolizei)


  1. Backdoor und diverse Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (13)
  2. diverse Trojaner entdeckt
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (9)
  3. Diverse Trojaner ?
    Log-Analyse und Auswertung - 17.07.2012 (31)
  4. Diverse Trojaner entdeckt
    Log-Analyse und Auswertung - 29.05.2012 (6)
  5. Diverse Viren und Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.04.2012 (1)
  6. Verseuchter PC (diverse Trojaner?)
    Log-Analyse und Auswertung - 20.01.2011 (22)
  7. diverse Trojaner vorhanden.
    Plagegeister aller Art und deren Bekämpfung - 27.09.2010 (13)
  8. Fehler c000021a und diverse Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2010 (22)
  9. diverse Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.08.2009 (5)
  10. Diverse Trojaner und svchost fehler
    Log-Analyse und Auswertung - 12.06.2009 (2)
  11. Diverse BHO-Trojaner..
    Log-Analyse und Auswertung - 24.01.2009 (10)
  12. Antivir meldet diverse Trojaner
    Log-Analyse und Auswertung - 06.12.2008 (0)
  13. Diverse Viren / Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.07.2007 (1)
  14. Diverse Viren und Trojaner
    Log-Analyse und Auswertung - 26.08.2006 (1)
  15. Diverse Probleme = Trojaner?!
    Log-Analyse und Auswertung - 24.05.2006 (5)
  16. Diverse Würmer und Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.02.2005 (1)
  17. diverse Trojaner
    Log-Analyse und Auswertung - 23.06.2004 (3)

Zum Thema diverse Trojaner(u.a. Bundespolizei) - Hallo Trojaner-Bord, Ich habe anscheinend mehr oder weniger ein paar Trojaner an Bord. Vorab: Betriebssystem: Vista 64-bit. Der nervigste hat sich heute gezeigt.... der Bundespolizei Trojaner hätte gerne 100Euro per - diverse Trojaner(u.a. Bundespolizei)...
Archiv
Du betrachtest: diverse Trojaner(u.a. Bundespolizei) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.