Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner Ukash 1.15 Windows 7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.09.2012, 10:18   #1
Forya
 
BKA Trojaner Ukash 1.15 Windows 7 - Standard

BKA Trojaner Ukash 1.15 Windows 7



Hallo liebes Forum,

ich hab mir seit gestern den BKA Trojaner eingefangen, nachdem ich aufgrund von meiner Zeit im Ausland einige Updates nicht gemacht hatte (Java und Service Pack!) Anfangs hatte ich keine Kontrolle über das System. Ich habe ein bisschen gelesen und laut hxxp://bka-trojaner.de/ handelt es sich um die Version 1.15.

Ich habe dann im abgesicherten Modus Malwarebytes & Spybot Search and Destroy installiert und durchlaufen lassen.

Malwarebytes hat einige Ergebnisse gebracht, die im LOG zu finden sind (ich habe den LOG VOR dem Löschen der Daten abgespeichert...ergo, "keine Aktion durchgeführt" stimmt nicht, ich habe alle Punkte ausgewählt und sie Löschen lassen


Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.26.13

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Dario :: PC [Administrator]

Schutz: Deaktiviert

27.09.2012 01:24:39
mbam-log-2012-09-27 (09-59-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 409778
Laufzeit: 34 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Dario\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.

Infizierte Dateien: 6
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\Users\Dario\AppData\Local\Microsoft\Windows\666\systemcpl.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Dario\Downloads\counter strike setup.exe (PUP.AdBundle) -> Keine Aktion durchgeführt.
C:\Users\Dario\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.
C:\Users\Dario\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Keine Aktion durchgeführt.

(Ende)


Danach habe ich das System wieder neu gestartet und habe seitdem wieder eigentlich regulären Zugriff auf mein System. Ich habe dann Java geupdated und überlege grad ob ich das Service Pack 2 noch draufmachen soll.

OTL.exe anwenden?

Da die Vorgehensweise bei diesem Trojaner ja irgendwie immer individuell ist, hab ich mir gedacht ich mach ein neues Thema auf.


Vielen Dank, Forya


EDIT: Kann ich USB laufwerke anschließen, ohne den Trojaner zu übertragen, wenn ich essentielle Daten(sicher) sichern will (Fotos etc?)

Geändert von Forya (27.09.2012 um 10:27 Uhr)

Alt 27.09.2012, 12:40   #2
markusg
/// Malware-holic
 
BKA Trojaner Ukash 1.15 Windows 7 - Standard

BKA Trojaner Ukash 1.15 Windows 7



hi, das Malwarebytes log ist nicht vollständig. poste es erneut
__________________

__________________

Alt 27.09.2012, 12:46   #3
Forya
 
BKA Trojaner Ukash 1.15 Windows 7 - Standard

BKA Trojaner Ukash 1.15 Windows 7



Hab jetzt den aktuellen Malwarebytes log gefunden und OTL.exe angewendet wie es im Forum oftmals geraten wird.




Zitat:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.26.13

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Dario :: PC [Administrator]

Schutz: Deaktiviert

27.09.2012 01:24:39
mbam-log-2012-09-27 (01-24-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 409778
Laufzeit: 34 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Dario\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 6
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dario\AppData\Local\Microsoft\Windows\666\systemcpl.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dario\Downloads\counter strike setup.exe (PUP.AdBundle) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\Anno 2070\solidcore32.dll (Trojan.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dario\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dario\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Das OTL log file
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.09.2012 13:07:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dario\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 41,29% Memory free
7,73 Gb Paging File | 4,86 Gb Available in Paging File | 62,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 25,92 Gb Free Space | 26,57% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 53,14 Gb Free Space | 14,44% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Dario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dario\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Java\jre7\bin\jp2native.dll ()
MOD - C:\Users\Dario\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Dario\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Dario\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Users\Dario\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll ()
MOD - C:\Users\Dario\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll ()
MOD - C:\Users\Dario\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Users\Dario\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Users\Dario\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F B3 9F CC 1E 4E CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.09.21 12:56:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 19:50:55 | 000,000,000 | ---D | M]
 
[2011.08.09 15:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dario\AppData\Roaming\mozilla\Extensions
[2011.08.21 16:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dario\AppData\Roaming\mozilla\Firefox\Profiles\66f9rluo.default\extensions
[2011.08.21 16:37:03 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Dario\AppData\Roaming\mozilla\Firefox\Profiles\66f9rluo.default\extensions\firefox@tvunetworks.com
File not found (No name found) -- H:\PROGRAMME\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- H:\PROGRAMME\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- H:\PROGRAMME\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- H:\PROGRAMME\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- H:\PROGRAMME\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- H:\PROGRAMME\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dario\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Dario\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dario\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dario\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Dario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Dario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dario\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Programme\VideoLAN\VLC\npvlc.dll
CHR - Extension: YouTube = C:\Users\Dario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Dario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Dario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: vshare plugin = C:\Users\Dario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: AVG Do Not Track = C:\Users\Dario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Google Mail = C:\Users\Dario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [systemcpl] C:\Users\Dario\AppData\Local\Microsoft\Windows\666\systemcpl.exe File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] "C:\Users\Dario\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06586AB5-E744-479A-8952-C9A488E782A8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6a1ca58a-d09d-11e0-8de2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6a1ca58a-d09d-11e0-8de2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{de9b4717-83a8-11e1-b15b-d4dbd97f26fb}\Shell - "" = AutoRun
O33 - MountPoints2\{de9b4717-83a8-11e1-b15b-d4dbd97f26fb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.27 10:41:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dario\Desktop\OTL.exe
[2012.09.27 10:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.27 10:36:06 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.27 10:36:06 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.27 10:35:56 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.27 10:35:56 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.27 10:35:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.27 00:47:54 | 000,000,000 | ---D | C] -- C:\Users\Dario\AppData\Roaming\Malwarebytes
[2012.09.27 00:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.27 00:47:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.27 00:47:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.27 00:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.27 00:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.09.27 00:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.09.27 00:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.09.26 23:10:48 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.24 23:30:23 | 000,000,000 | ---D | C] -- C:\Users\Dario\Desktop\Party Veri gebtag
[2012.09.22 11:43:01 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 11:42:59 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 11:42:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 11:42:59 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 11:42:59 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 11:42:59 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 11:42:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.21 12:57:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.21 12:57:41 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.21 12:57:40 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.21 12:57:40 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.21 12:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[6 C:\Users\Dario\Desktop\*.tmp files -> C:\Users\Dario\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.27 13:05:15 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012.09.27 13:02:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2452110110-1700679425-1830451463-1000UA.job
[2012.09.27 12:57:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2452110110-1700679425-1830451463-1000UA.job
[2012.09.27 11:34:26 | 001,622,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.27 11:34:26 | 000,700,608 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.27 11:34:26 | 000,655,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.27 11:34:26 | 000,149,372 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.27 11:34:26 | 000,122,152 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.27 10:51:44 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 10:51:44 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 10:41:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dario\Desktop\OTL.exe
[2012.09.27 10:35:42 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.27 10:35:41 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.27 10:35:41 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.09.27 10:35:41 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.27 10:35:41 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.27 10:35:41 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.27 10:25:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.27 10:25:10 | 3111,464,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.27 01:14:56 | 210,292,736 | ---- | M] () -- C:\Users\Dario\Desktop\KWU_1.0.3.upd.iso
[2012.09.27 00:47:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.27 00:41:43 | 000,001,262 | ---- | M] () -- C:\Users\Dario\Desktop\Spybot - Search & Destroy.lnk
[2012.09.26 23:08:12 | 095,801,251 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.09.24 23:02:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2452110110-1700679425-1830451463-1000Core.job
[2012.09.24 18:31:57 | 000,435,749 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.09.24 09:57:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2452110110-1700679425-1830451463-1000Core.job
[2012.09.22 14:32:23 | 000,000,436 | ---- | M] () -- C:\Users\Dario\Desktop\FUSSBALL MANAGER 12 - Verknüpfung.lnk
[2012.09.21 12:56:25 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[6 C:\Users\Dario\Desktop\*.tmp files -> C:\Users\Dario\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.27 01:07:51 | 210,292,736 | ---- | C] () -- C:\Users\Dario\Desktop\KWU_1.0.3.upd.iso
[2012.09.27 00:47:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.27 00:41:43 | 000,001,262 | ---- | C] () -- C:\Users\Dario\Desktop\Spybot - Search & Destroy.lnk
[2012.09.22 14:32:23 | 000,000,436 | ---- | C] () -- C:\Users\Dario\Desktop\FUSSBALL MANAGER 12 - Verknüpfung.lnk
[2012.06.23 14:24:19 | 000,000,842 | ---- | C] () -- C:\Users\Dario\AppData\Local\recently-used.xbel
[2012.05.30 08:57:17 | 001,599,906 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.11 16:07:29 | 000,016,350 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.08.10 23:26:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.08.10 23:26:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.08.10 23:26:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.08.09 15:13:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.29 20:51:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.29 20:49:55 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.07.29 20:49:28 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

[/QUOTE]

und das Extra.txt file

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.09.2012 13:07:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dario\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 41,29% Memory free
7,73 Gb Paging File | 4,86 Gb Available in Paging File | 62,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 25,92 Gb Free Space | 26,57% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 53,14 Gb Free Space | 14,44% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Dario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E7BB40-88D0-462E-BE22-E8C66F3B6159}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{03E3FF97-D9C2-4637-AE34-AE540E030A21}" = lport=57375 | protocol=17 | dir=in | name=pando media booster | 
"{0F73E872-F6C0-456A-9B62-DE2AA7DACB04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19DDB31C-4D75-4408-B3F5-B7747ADEFC53}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E515769-CCD7-4B6D-B02B-9D5AF1762B0C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{20DF8504-B5F0-4E00-94D0-4E7129854E02}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{24A60F79-A66D-4FD1-9B11-AB4807F799EE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{26C60465-CEF2-48B3-9B0E-E35D4ADF6852}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{357E3B39-CC14-47A1-B943-B3F8613E913B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{43D5DCFF-EEAB-4169-95EA-A1DDBCF49D80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D66CEE3-8042-44A3-A4BB-A96AAABAA747}" = lport=139 | protocol=6 | dir=in | app=system | 
"{85B956A3-DB08-46E7-9BB6-56640690EB5C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{92FD01D6-3290-4D26-8652-116AA0A3C50F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A3823461-1BC6-43E8-8DDD-CEC47BC35A1E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AB76BDCC-26F6-4D9E-9CE4-504720334D6A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AD8F9715-109E-4DC8-B3CA-15F7561B8632}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B0D6EECB-9E14-4E1E-B159-1AD827D4DAAF}" = lport=57375 | protocol=6 | dir=in | name=pando media booster | 
"{B4CA7464-D78E-4995-9556-FC48B8A4FCB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B5505745-B5D9-4E93-9B14-2B2CB4F2C9A0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C42C9766-4920-4051-9F54-9FF4ADDFE9B6}" = lport=57375 | protocol=6 | dir=in | name=pando media booster | 
"{CEED8D27-71D4-4C3D-AAC0-CE1F39A77B24}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D133B132-A8A9-4244-A078-41E4370F8EDA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D206F47E-1F9A-498A-A793-D836474068C7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D5CEC0E0-B37D-4472-942D-C86387A0FCE8}" = lport=57375 | protocol=17 | dir=in | name=pando media booster | 
"{DAC84E2F-3DCF-4489-8AA0-6CF66ABFF480}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{EB05ADE4-8726-4914-8F04-014F4E796FDD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EB440F8F-5454-4E03-B97E-FF9AB6B700F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011280AD-F017-45B5-928A-336406FDC21F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{0F7EBE7E-C37E-4DD8-9961-2E9B8101836B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{12F43A4F-64B2-4BEE-A79D-53BBFBB29465}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{18D7757B-0BCD-4916-86B1-B58508348793}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{194507C5-A2CA-412F-8D92-075E0A3EDE7B}" = protocol=17 | dir=in | app=d:\games\nba2k12\nba2k12.exe | 
"{1AAFFC97-027D-4BA9-9597-D13712AB7125}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{1B1059CB-A1C2-472B-A6F7-712AC9AC6579}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{1D211CBC-7C6E-4B8F-8DAA-7BF55E263869}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{3458C0BE-D430-4C11-B895-D43F65DEC24B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{400D3D1B-4C22-4A73-8BDE-85872AA8C614}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{4355C945-1DF3-478C-94BF-B783B46E11F1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{43A0F9A8-68D4-42D7-9B6F-1D08704115EB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{47E6D7C8-0203-4C37-B428-248DAEB988CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C395EDB-C94D-4CE8-B19F-3C76487232B2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{4D7D6A8B-81F1-4DA5-AC88-56BB4F1CAEC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4F2D6429-AF05-478A-AED0-AACE7638A9E6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{544920C3-1CFA-45D2-8F23-8821C259044E}" = protocol=17 | dir=in | app=d:\cs\steam.exe | 
"{55E4DC0F-592F-40F9-B2DE-38572BC67DD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5817E7AD-3028-4E64-9950-257B6596AE43}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{5835A799-F93A-45F1-BC72-10194681894E}" = protocol=17 | dir=in | app=d:\games\battlefield 3™\bf3.exe | 
"{5D05C853-7083-43C6-A33E-80F716E9FB13}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{5D5FDB3C-EAC3-4639-BFBF-F5913EF2472B}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{64ED214D-A06F-4A9C-8796-640E836031CB}" = protocol=6 | dir=in | app=d:\games\battlefield 3™\bf3.exe | 
"{6B92449F-0FA8-43EC-94B8-7A12BFF5AEFD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{6FF626DB-6878-40B0-AF4E-52881DA53601}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{771A0B2A-9642-4951-BE22-A101BAC8E56E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{796AEDA1-06CD-4A7F-9A69-29A5BD4ADC42}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{7D5EDE14-CC8D-4156-84F4-7E441F047752}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7D8EB149-8538-4B8A-8C2C-A5C591EEE69D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{80E5F3A4-2502-4F70-AC76-9962212A1C3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{81B35747-7FF7-404C-A50C-6A07356727C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B1B7AC6-7A29-456A-B922-07A310D03F1C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{8D7A401F-45B4-4DD5-9F90-1FC87196E7B8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{8E41FD55-3B60-4C4B-91B2-66B1400604FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8FDAD3F5-4C15-438D-9BBC-1AFD1E5ABE1F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{9673DF16-B924-4D4B-ACC6-F485043F4F88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{98E1F479-8E25-4F42-A311-BF30D72AC9A1}" = protocol=6 | dir=in | app=d:\games\nba2k12\nba2k12.exe | 
"{A59888E5-0168-4BEC-A888-97AA5DF7D0EB}" = protocol=6 | dir=in | app=d:\cs\steam.exe | 
"{A8EE5A07-BDA8-413A-8C9C-4EC41B2FDF47}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{A9BBCBAD-600A-4AD1-9070-8D567D661C56}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{AD554DA2-F09B-4D8A-A0A5-AFDAB7D65D09}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AE3207BB-7A4E-49FA-A125-9C1AA7549FAF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{AEB80F86-62DC-41B0-A1BF-333CE9796A81}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{B25B048C-A168-44DB-B8FB-F69A2DA21101}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{B2AFA985-EA53-4FF7-ABC7-DE787DE39AAC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{BB3FA63D-233B-433F-8E31-9847E67B649E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{C6A3BDB3-3C06-46CF-8693-EDB7063D56F5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{C7970E44-C9E8-4B9D-A879-207B6ABDA472}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{C8F8237C-6154-4D9F-BF89-9F8421F2139A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CE3DC19C-1252-410B-B0FA-374E7FF9A086}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{CEABBF55-4149-4D2E-B459-E46CF8046591}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{CEEF6944-9D51-41AF-BD98-AE6684A57590}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DA05EC07-6C34-446B-A9E9-92B1D2AAC686}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DC281B29-9996-4377-8BC4-F32F02753238}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{DD2E614E-7BC7-4756-8517-5C03EFC9D5A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{E5995D86-C229-4702-B69C-80E9AB2AB47F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5DE008F-C04E-48AF-AD98-7965C35F9C01}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{EAC32900-5B10-45B3-B54D-3DFC7D484DF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F0379B68-D470-4067-8442-67992A066463}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{F2FE22AE-15FB-4CC4-ACFF-B064DAC6439F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F419A2BD-C580-4692-8CE6-9C246C8D1137}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F4CB1D46-923D-4CBD-99CB-4026A42BB06B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{F86368ED-7549-46F1-A1A0-FE60F9E32308}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{FD2FC96E-959D-4695-8F8B-864FF00F40AA}" = dir=in | app=c:\users\dario\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{0F7F87C3-2882-4228-8811-48F9EB22F9BD}H:\_soft\_games\age_of_empires_ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=h:\_soft\_games\age_of_empires_ii\age2_x1\age2_x1.exe | 
"TCP Query User{1579D3DB-BE65-4452-A45C-8FCB8A29DA30}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{1ADFDAAB-83BA-4D9C-95DC-1D30FC747E1B}C:\users\dario\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\dario\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{1C7C8C78-9210-4DA7-976E-9592B444F3BC}C:\users\dario\desktop\age_of_empires_ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\dario\desktop\age_of_empires_ii\age2_x1\age2_x1.exe | 
"TCP Query User{1F9E5A3E-F456-42CC-8BE4-1AF3680E4ABF}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{24306259-B73B-47BB-BE23-E90FC0D317EE}C:\users\dario\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\dario\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{342761DC-75EC-454B-A084-5272893BEC2C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{45F1C94A-68ED-4393-96D8-2F6DD82FDFDF}D:\games\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe | 
"TCP Query User{65EECDB9-0D67-4321-BD1F-8037D578B602}D:\counter-strike\hl.exe" = protocol=6 | dir=in | app=d:\counter-strike\hl.exe | 
"TCP Query User{7116FB3D-05AD-4893-AC28-42B3E5CE94FA}C:\users\dario\downloads\diablo-iii-8370-dede-installer-downloader (1).exe" = protocol=6 | dir=in | app=c:\users\dario\downloads\diablo-iii-8370-dede-installer-downloader (1).exe | 
"TCP Query User{742545DE-F0DC-4ED5-9A58-CED405744EDE}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{9FFB82DA-671C-413A-AFC7-B2B11FA24806}C:\users\dario\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\dario\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{A5A8AEDA-018F-4F3E-B505-5DE43C8EBF61}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{BD7CF1C3-8AB0-41C2-BC4B-65B4EA929C1A}C:\users\dario\desktop\age_of_empires_ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\dario\desktop\age_of_empires_ii\empires2.exe | 
"TCP Query User{BDD871FD-34A9-4065-A677-EC3E906D9498}D:\counter-strike\hl.exe" = protocol=6 | dir=in | app=d:\counter-strike\hl.exe | 
"TCP Query User{D006CA08-4DAD-469B-9218-170A27FC4486}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{E791073B-87C1-4682-8BAA-328BE3767368}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{ECF310D0-8E1E-4F7F-8A4C-E9E73DE41F03}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{FCBFDA98-072F-4F27-B315-7662FD8939D7}D:\games\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe | 
"UDP Query User{05242C9B-85BE-45AA-BB6A-6853B9C4E797}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{093C7B57-9D83-42E5-B988-C6F48602A3A5}C:\users\dario\desktop\age_of_empires_ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\dario\desktop\age_of_empires_ii\empires2.exe | 
"UDP Query User{172AE6E1-3A58-44C0-AAB6-BE929EB9B04C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{37F4288E-BFEC-43DB-A335-5D629057B9DA}C:\users\dario\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\dario\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{38395AF9-91CE-426C-A3B0-AC8BA0AD0A77}D:\games\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe | 
"UDP Query User{3F5EB6FA-6214-4D7C-BA8B-6AEBC0174755}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{55859ED2-34C8-4A13-8495-AF903DB27E8D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{62404CF6-B9E3-450D-BFD9-698DAB528EF1}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{6DBEFAE0-A392-4DA3-85D0-AB7D6646580C}C:\users\dario\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\dario\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{74D0D017-8C87-48FB-9765-777908C3A323}C:\users\dario\downloads\diablo-iii-8370-dede-installer-downloader (1).exe" = protocol=17 | dir=in | app=c:\users\dario\downloads\diablo-iii-8370-dede-installer-downloader (1).exe | 
"UDP Query User{75D7CCCF-AD00-4DF3-8E7C-D7966E420B75}H:\_soft\_games\age_of_empires_ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=h:\_soft\_games\age_of_empires_ii\age2_x1\age2_x1.exe | 
"UDP Query User{838052C5-86E2-4B54-A918-A1940649E21A}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{8EF22AF3-82CF-42E2-80F6-A253794AC619}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{BA83EF53-A781-4858-B206-80B20BD79962}D:\counter-strike\hl.exe" = protocol=17 | dir=in | app=d:\counter-strike\hl.exe | 
"UDP Query User{CC7C284F-D715-481B-92CA-09302A32D220}C:\users\dario\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\dario\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{D3C6BBBE-79D3-4A02-8B5C-F288B8C2EEA0}D:\counter-strike\hl.exe" = protocol=17 | dir=in | app=d:\counter-strike\hl.exe | 
"UDP Query User{DA8928CE-0B4C-4A98-A2B0-DD8F318E146A}D:\games\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe | 
"UDP Query User{E1200ACC-1525-4A93-A0E4-5BB196B6DF44}C:\users\dario\desktop\age_of_empires_ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\dario\desktop\age_of_empires_ii\age2_x1\age2_x1.exe | 
"UDP Query User{FD86670F-540F-4587-B0EC-3DC231EC5223}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{84CC4DD9-03B2-C31A-537E-9BBC18ACC602}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AE4C205E-A67D-BBBB-5943-E28E26877075}" = ccc-utility64
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"GIMP-2_is1" = GIMP 2.6.12
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{0B4A3E07-8FCC-A76A-A9CE-42C40ECCD2D0}" = CCC Help Norwegian
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26537F6C-A9B6-CFEE-42B5-CDCC968F1294}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{293446A4-5067-5AE8-58BD-286AA625F722}" = CCC Help Czech
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3CDF4E11-8864-91FF-1F43-DBCEEE6CCCCD}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7E4216-A890-A47A-7F36-738FA9FDFE3F}" = Catalyst Control Center Localization All
"{5BFB2F3D-094F-78CC-DDD7-6DE38D1297E0}" = CCC Help Portuguese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A4EA6BD-E314-6266-31AF-5994DF44C7D9}" = CCC Help Thai
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76AC1BB4-9240-E9BD-1980-049C7B136D88}" = CCC Help Polish
"{76E1061F-F52A-5064-5226-3CA805053AAE}" = CCC Help Hungarian
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E6ADACE-A692-0F55-710C-27ECE41F0379}" = CCC Help Spanish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E8D8F1-5217-EBEC-1334-350FC4753E3F}" = CCC Help Greek
"{93745F70-C6C1-A0A3-4070-50931D4DF0F4}" = CCC Help Italian
"{960AF47A-C721-AF38-6B61-3FBA0E998777}" = CCC Help Japanese
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3E0AC6-E57F-9213-B14F-A62AA01DAF13}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9213525-8FB5-E5F5-1B11-31C67DDBFEB5}" = PX Profile Update
"{C1472DC4-116F-E566-C9B0-28E8F29F89EF}" = CCC Help Turkish
"{C3F87A81-E917-45C1-A192-3A66579CCCAE}" = CCC Help English
"{C70735BF-BC36-B811-F97F-84AD0600C6CC}" = CCC Help German
"{CA2597F2-B171-3F37-D4EC-33D99FBE7DA0}" = CCC Help Korean
"{CF207ED6-563A-2836-EEFB-E23F2FC7AECE}" = CCC Help Swedish
"{D1A5736E-A103-BB67-00B0-074DA9C47E98}" = CCC Help French
"{D2352180-4B77-3FF2-1C43-4385014C7654}" = CCC Help Danish
"{E1565776-B565-E82C-67E8-0C609BA4A5D9}" = Catalyst Control Center InstallProxy
"{E231E0CB-3F8E-B1F2-2403-EF7ACAC5F8F1}" = CCC Help Finnish
"{EAD24274-B65D-4FC9-98EB-095ABAF69A5D}" = ENVI-met V3.1 BETA 5
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.9.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F00FEE96-5F9F-00F3-203F-E88294A4F1F9}" = CCC Help Russian
"{F6916F3C-9ED5-6447-C02D-BDEB7372EE3A}" = Catalyst Control Center Graphics Previews Vista
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE358D5C-17D5-890E-D97A-171B1A084197}" = CCC Help Chinese Standard
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Counter-Strike" = Counter-Strike 1.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.22.06.00
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.9.7
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"QuickPar" = QuickPar 0.9
"SopCast" = SopCast 3.4.0
"ST6UNST #1" = Hero Editor V1.04
"TeamViewer 6" = TeamViewer 6
"Travity Happiness_is1" = Travity Happiness 1.0.0.47
"Travity Travel Tool 3_is1" = Travity Travel Tool 3.0.0.55
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Warzone 2100" = Warzone 2100
"Winamp" = Winamp
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.09.2012 08:33:54 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Manager12.exe, Version: 1.0.0.3, 
Zeitstempel: 0x4ee1398a  Name des fehlerhaften Moduls: Manager12.exe, Version: 1.0.0.3,
 Zeitstempel: 0x4ee1398a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00c469e0  ID des fehlerhaften
 Prozesses: 0x13e8  Startzeit der fehlerhaften Anwendung: 0x01cd98be51b0c7ec  Pfad der
 fehlerhaften Anwendung: D:\Games\FM 12\Manager12.exe  Pfad des fehlerhaften Moduls:
 D:\Games\FM 12\Manager12.exe  Berichtskennung: c52b5da4-04b1-11e2-a346-e7799fda28d3
 
Error - 22.09.2012 08:36:34 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Manager12.exe, Version: 1.0.0.3, 
Zeitstempel: 0x4ee1398a  Name des fehlerhaften Moduls: Manager12.exe, Version: 1.0.0.3,
 Zeitstempel: 0x4ee1398a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00c469e0  ID des fehlerhaften
 Prozesses: 0xc50  Startzeit der fehlerhaften Anwendung: 0x01cd98be9300f1ef  Pfad der
 fehlerhaften Anwendung: D:\Games\FM 12\Manager12.exe  Pfad des fehlerhaften Moduls:
 D:\Games\FM 12\Manager12.exe  Berichtskennung: 245d80ea-04b2-11e2-a346-e7799fda28d3
 
Error - 22.09.2012 08:40:08 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Manager12.exe, Version: 1.0.0.3, 
Zeitstempel: 0x4ee1398a  Name des fehlerhaften Moduls: Manager12.exe, Version: 1.0.0.3,
 Zeitstempel: 0x4ee1398a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00c469e0  ID des fehlerhaften
 Prozesses: 0xe20  Startzeit der fehlerhaften Anwendung: 0x01cd98bf3a58c465  Pfad der
 fehlerhaften Anwendung: D:\Games\FM 12\Manager12.exe  Pfad des fehlerhaften Moduls:
 D:\Games\FM 12\Manager12.exe  Berichtskennung: a3eb0b2a-04b2-11e2-a346-e7799fda28d3
 
Error - 22.09.2012 08:41:35 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Manager12.exe, Version: 1.0.0.3, 
Zeitstempel: 0x4ee1398a  Name des fehlerhaften Moduls: Manager12.exe, Version: 1.0.0.3,
 Zeitstempel: 0x4ee1398a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00c469e0  ID des fehlerhaften
 Prozesses: 0x13f8  Startzeit der fehlerhaften Anwendung: 0x01cd98bf6b9677f9  Pfad der
 fehlerhaften Anwendung: D:\Games\FM 12\Manager12.exe  Pfad des fehlerhaften Moduls:
 D:\Games\FM 12\Manager12.exe  Berichtskennung: d7a0ccdf-04b2-11e2-a346-e7799fda28d3
 
Error - 22.09.2012 08:53:27 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Manager12.exe, Version: 1.0.0.3, 
Zeitstempel: 0x4ee1398a  Name des fehlerhaften Moduls: GfxCore.dll, Version: 0.0.0.0,
 Zeitstempel: 0x4ee138a5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00391c1e  ID des fehlerhaften
 Prozesses: 0xac8  Startzeit der fehlerhaften Anwendung: 0x01cd98bf9f04f673  Pfad der
 fehlerhaften Anwendung: D:\Games\FM 12\Manager12.exe  Pfad des fehlerhaften Moduls:
 D:\Games\FM 12\GfxCore.dll  Berichtskennung: 7fe80582-04b4-11e2-a346-e7799fda28d3
 
Error - 27.09.2012 05:53:24 | Computer Name = PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 27.09.2012 06:18:16 | Computer Name = PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.09.2012 07:03:03 | Computer Name = PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 27.09.2012 07:04:27 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Dario\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 27.09.2012 07:06:31 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1278    Startzeit:
 01cd9c9fe96f20e4    Endzeit: 5    Anwendungspfad: C:\Users\Dario\Desktop\OTL.exe    Berichts-ID:
 615fbf16-0893-11e2-a4f2-f5d80ad31bcb  
 
[ System Events ]
Error - 26.09.2012 19:23:25 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.09.2012 19:23:25 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.09.2012 19:23:30 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.09.2012 19:23:30 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.09.2012 19:23:30 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.09.2012 19:23:30 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.09.2012 19:23:30 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.09.2012 19:23:30 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 27.09.2012 04:04:02 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?09.?2012 um 10:02:36 unerwartet heruntergefahren.
 
Error - 27.09.2012 04:25:13 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?09.?2012 um 10:24:02 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---

[/QUOTE]


Danke im Vorraus!

Hallo Markus,

Danke fürs Anschauen. Das Malwarebytes logfile passt jetzt. Dateiverschlüsselungen sind mir übrigens bisher noch nicht aufgefallen.


Gruß
__________________

Geändert von Forya (27.09.2012 um 12:56 Uhr)

Alt 27.09.2012, 18:18   #4
markusg
/// Malware-holic
 
BKA Trojaner Ukash 1.15 Windows 7 - Standard

BKA Trojaner Ukash 1.15 Windows 7



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.09.2012, 15:03   #5
Forya
 
BKA Trojaner Ukash 1.15 Windows 7 - Standard

BKA Trojaner Ukash 1.15 Windows 7



Hallo Markus,

zuerstmal wieder Danke für die Mühen.

Bevor ich deine Antwort nach Hochfahren des Rechners lesen konnte, ist mir folgendes aufgefallen (im Vergleich zum Zustand des Herunterfahrens).



Die grauen versteckten Dateien waren vorher nicht auf dem Desktop. Das sind Word Dokumente die ich zwar gespeichert habe, aber nicht so benannt habe und garantiert nicht auf dem Desktop gespeichert sind.

Sie sind auch nachdem Ausführen von Combofix noch auf dem Desktop

Das Logfile von Combofix

[QUOTE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-09-27.03 - Dario 28.09.2012  15:47:57.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3956.2641 [GMT 2:00]
ausgeführt von:: c:\users\Dario\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DSCN1334.JPG
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-28 bis 2012-09-28  ))))))))))))))))))))))))))))))
.
.
2012-09-28 13:51 . 2012-09-28 13:51	--------	d-----w-	c:\users\GuestUser\AppData\Local\temp
2012-09-28 13:51 . 2012-09-28 13:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-27 08:38 . 2012-09-27 08:38	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-27 08:36 . 2012-09-27 08:35	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-27 08:35 . 2012-09-27 08:35	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-26 22:47 . 2012-09-26 22:47	--------	d-----w-	c:\users\Dario\AppData\Roaming\Malwarebytes
2012-09-26 22:47 . 2012-09-26 22:47	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-26 22:47 . 2012-09-26 22:47	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-26 22:47 . 2012-09-07 15:04	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-26 22:41 . 2012-09-26 22:55	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-09-26 22:41 . 2012-09-26 22:41	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-09-26 21:10 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-22 09:42 . 2012-08-24 18:05	134144	----a-w-	c:\windows\system32\url.dll
2012-09-21 10:57 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-21 10:57 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-21 10:57 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-21 10:57 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-21 10:57 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-21 10:57 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-21 10:57 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-28 13:51 . 2012-04-04 21:49	29	----a-w-	c:\windows\SysWow64\TempWmicBatchFile.bat
2012-09-27 08:35 . 2011-08-09 13:19	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-21 21:39 . 2011-08-11 10:12	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-08-24 13:43 . 2012-08-24 13:43	384352	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2012-07-26 01:21 . 2012-07-26 01:21	291680	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2012-07-18 18:15 . 2012-08-15 19:43	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 19:45	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 19:45	59392	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 19:45	136704	----a-w-	c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 19:45	41984	----a-w-	c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X]
"DAEMON Tools Lite"="d:\programme\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-18 3077528]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-28 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-31 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-10 254528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-28 203264]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-28 7455744]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-28 268800]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 86016]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2452110110-1700679425-1830451463-1000Core.job
- c:\users\Dario\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 18:48]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2452110110-1700679425-1830451463-1000UA.job
- c:\users\Dario\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-29 18:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = about:blank
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Facebook Update - c:\users\Dario\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-Run-systemcpl - c:\users\Dario\AppData\Local\Microsoft\Windows\666\systemcpl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PokerStars.net - c:\program files (x86)\PokerStars.NET\PokerStarsUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-28  15:53:30
ComboFix-quarantined-files.txt  2012-09-28 13:53
.
Vor Suchlauf: 8 Verzeichnis(se), 29.543.849.984 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 29.702.397.952 Bytes frei
.
- - End Of File - - 2E658A15C87D8CA4882F78DCCF79E62B
         
--- --- ---



Wie ist jetzt eigentlich der Zustand meines Systems? Darüber hast du noch gar nichts gesagt, ob es wirklich richtig schlimm ist

Sollte ich ihn noch weiter benutzen oder für die Zeit einen anderen PC alltäglich benutzen (passwörter etc?)

Grüße, Forya


Alt 28.09.2012, 15:07   #6
markusg
/// Malware-holic
 
BKA Trojaner Ukash 1.15 Windows 7 - Standard

BKA Trojaner Ukash 1.15 Windows 7



hi, passt bisher alles, nichts schlimmes.
die versteckten dateien kannst du löschen, die vom desktop meine ich.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> BKA Trojaner Ukash 1.15 Windows 7

Alt 28.09.2012, 15:19   #7
Forya
 
BKA Trojaner Ukash 1.15 Windows 7 - Standard

BKA Trojaner Ukash 1.15 Windows 7



Dann bin ja beruhigt. Die versteckten Dateien haben mir vorhin schon ein bisschTDen erschreckt.

TDSS Killer hat 1 ergebnis gefunden
Zitat:
16:16:40.0378 4936 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:16:40.0487 4936 ============================================================
16:16:40.0487 4936 Current date / time: 2012/09/28 16:16:40.0487
16:16:40.0487 4936 SystemInfo:
16:16:40.0487 4936
16:16:40.0487 4936 OS Version: 6.1.7601 ServicePack: 1.0
16:16:40.0487 4936 Product type: Workstation
16:16:40.0487 4936 ComputerName: PC
16:16:40.0487 4936 UserName: Dario
16:16:40.0487 4936 Windows directory: C:\Windows
16:16:40.0487 4936 System windows directory: C:\Windows
16:16:40.0487 4936 Running under WOW64
16:16:40.0487 4936 Processor architecture: Intel x64
16:16:40.0487 4936 Number of processors: 4
16:16:40.0487 4936 Page size: 0x1000
16:16:40.0487 4936 Boot type: Normal boot
16:16:40.0487 4936 ============================================================
16:16:41.0423 4936 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:16:41.0439 4936 ============================================================
16:16:41.0439 4936 \Device\Harddisk0\DR0:
16:16:41.0439 4936 MBR partitions:
16:16:41.0439 4936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:16:41.0439 4936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
16:16:41.0439 4936 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x2E035800
16:16:41.0439 4936 ============================================================
16:16:41.0455 4936 C: <-> \Device\Harddisk0\DR0\Partition2
16:16:41.0501 4936 D: <-> \Device\Harddisk0\DR0\Partition3
16:16:41.0501 4936 ============================================================
16:16:41.0501 4936 Initialize success
16:16:41.0501 4936 ============================================================
16:17:20.0697 3568 ============================================================
16:17:20.0697 3568 Scan started
16:17:20.0697 3568 Mode: Manual; SigCheck; TDLFS;
16:17:20.0697 3568 ============================================================
16:17:21.0399 3568 ================ Scan system memory ========================
16:17:21.0399 3568 System memory - ok
16:17:21.0399 3568 ================ Scan services =============================
16:17:21.0586 3568 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:17:21.0664 3568 1394ohci - ok
16:17:21.0695 3568 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:17:21.0711 3568 ACPI - ok
16:17:21.0727 3568 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:17:21.0758 3568 AcpiPmi - ok
16:17:21.0820 3568 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:17:21.0836 3568 AdobeARMservice - ok
16:17:21.0883 3568 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:17:21.0914 3568 adp94xx - ok
16:17:21.0945 3568 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:17:21.0961 3568 adpahci - ok
16:17:21.0976 3568 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:17:21.0976 3568 adpu320 - ok
16:17:22.0007 3568 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:17:22.0070 3568 AeLookupSvc - ok
16:17:22.0101 3568 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:17:22.0132 3568 AFD - ok
16:17:22.0163 3568 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:17:22.0179 3568 agp440 - ok
16:17:22.0195 3568 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:17:22.0210 3568 ALG - ok
16:17:22.0241 3568 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:17:22.0241 3568 aliide - ok
16:17:22.0288 3568 [ 032A35825822355FBBCCC63A62AA7728 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:17:22.0304 3568 AMD External Events Utility - ok
16:17:22.0319 3568 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:17:22.0335 3568 amdide - ok
16:17:22.0335 3568 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:17:22.0366 3568 AmdK8 - ok
16:17:22.0491 3568 [ 658054E8D273CE65F4B0B4462C8A7E95 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:17:22.0616 3568 amdkmdag - ok
16:17:22.0647 3568 [ 035CB45C674D05E1330790F36E6BC07C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:17:22.0678 3568 amdkmdap - ok
16:17:22.0694 3568 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:17:22.0725 3568 AmdPPM - ok
16:17:22.0756 3568 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:17:22.0772 3568 amdsata - ok
16:17:22.0787 3568 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:17:22.0803 3568 amdsbs - ok
16:17:22.0819 3568 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:17:22.0834 3568 amdxata - ok
16:17:22.0865 3568 [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus C:\Windows\system32\DRIVERS\lgandbus64.sys
16:17:22.0881 3568 Andbus - ok
16:17:22.0897 3568 [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag64.sys
16:17:22.0912 3568 AndDiag - ok
16:17:22.0943 3568 [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps C:\Windows\system32\DRIVERS\lgandgps64.sys
16:17:22.0959 3568 AndGps - ok
16:17:22.0990 3568 [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem64.sys
16:17:23.0006 3568 ANDModem - ok
16:17:23.0053 3568 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:17:23.0099 3568 AppID - ok
16:17:23.0131 3568 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:17:23.0162 3568 AppIDSvc - ok
16:17:23.0177 3568 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:17:23.0224 3568 Appinfo - ok
16:17:23.0255 3568 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:17:23.0271 3568 AppMgmt - ok
16:17:23.0287 3568 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:17:23.0302 3568 arc - ok
16:17:23.0318 3568 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:17:23.0318 3568 arcsas - ok
16:17:23.0427 3568 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:17:23.0443 3568 aspnet_state - ok
16:17:23.0474 3568 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:17:23.0521 3568 AsyncMac - ok
16:17:23.0552 3568 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:17:23.0552 3568 atapi - ok
16:17:23.0630 3568 [ E8E1AE3CAA4C7286D40715336D8A11D4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:17:23.0692 3568 athr - ok
16:17:23.0739 3568 [ FDA1E117A7E880BFF5540D180C06EA87 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:17:23.0770 3568 AtiHDAudioService - ok
16:17:23.0801 3568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:17:23.0879 3568 AudioEndpointBuilder - ok
16:17:23.0879 3568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:17:23.0926 3568 AudioSrv - ok
16:17:24.0082 3568 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
16:17:24.0176 3568 AVGIDSAgent - ok
16:17:24.0207 3568 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
16:17:24.0223 3568 AVGIDSDriver - ok
16:17:24.0238 3568 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
16:17:24.0254 3568 AVGIDSFilter - ok
16:17:24.0269 3568 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
16:17:24.0285 3568 AVGIDSHA - ok
16:17:24.0301 3568 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
16:17:24.0301 3568 Avgldx64 - ok
16:17:24.0332 3568 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
16:17:24.0332 3568 Avgmfx64 - ok
16:17:24.0363 3568 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
16:17:24.0363 3568 Avgrkx64 - ok
16:17:24.0394 3568 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
16:17:24.0410 3568 Avgtdia - ok
16:17:24.0425 3568 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:17:24.0441 3568 avgwd - ok
16:17:24.0488 3568 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:17:24.0535 3568 AxInstSV - ok
16:17:24.0566 3568 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:17:24.0597 3568 b06bdrv - ok
16:17:24.0628 3568 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:17:24.0675 3568 b57nd60a - ok
16:17:24.0706 3568 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:17:24.0722 3568 BDESVC - ok
16:17:24.0737 3568 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:17:24.0815 3568 Beep - ok
16:17:24.0862 3568 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:17:24.0909 3568 BFE - ok
16:17:24.0925 3568 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:17:24.0971 3568 BITS - ok
16:17:24.0987 3568 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:17:25.0003 3568 blbdrive - ok
16:17:25.0034 3568 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:17:25.0049 3568 bowser - ok
16:17:25.0065 3568 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:17:25.0081 3568 BrFiltLo - ok
16:17:25.0081 3568 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:17:25.0096 3568 BrFiltUp - ok
16:17:25.0143 3568 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:17:25.0190 3568 BridgeMP - ok
16:17:25.0205 3568 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:17:25.0221 3568 Browser - ok
16:17:25.0237 3568 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:17:25.0268 3568 Brserid - ok
16:17:25.0283 3568 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:17:25.0299 3568 BrSerWdm - ok
16:17:25.0315 3568 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:17:25.0346 3568 BrUsbMdm - ok
16:17:25.0346 3568 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:17:25.0361 3568 BrUsbSer - ok
16:17:25.0377 3568 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:17:25.0408 3568 BTHMODEM - ok
16:17:25.0455 3568 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:17:25.0533 3568 bthserv - ok
16:17:25.0564 3568 catchme - ok
16:17:25.0580 3568 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:17:25.0611 3568 cdfs - ok
16:17:25.0658 3568 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:17:25.0689 3568 cdrom - ok
16:17:25.0720 3568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:17:25.0783 3568 CertPropSvc - ok
16:17:25.0814 3568 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:17:25.0861 3568 circlass - ok
16:17:25.0892 3568 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:17:25.0907 3568 CLFS - ok
16:17:25.0970 3568 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:17:25.0985 3568 clr_optimization_v2.0.50727_32 - ok
16:17:26.0017 3568 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:17:26.0032 3568 clr_optimization_v2.0.50727_64 - ok
16:17:26.0110 3568 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:17:26.0126 3568 clr_optimization_v4.0.30319_32 - ok
16:17:26.0141 3568 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:17:26.0157 3568 clr_optimization_v4.0.30319_64 - ok
16:17:26.0188 3568 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:17:26.0204 3568 CmBatt - ok
16:17:26.0219 3568 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:17:26.0235 3568 cmdide - ok
16:17:26.0282 3568 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:17:26.0313 3568 CNG - ok
16:17:26.0344 3568 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:17:26.0360 3568 Compbatt - ok
16:17:26.0391 3568 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:17:26.0422 3568 CompositeBus - ok
16:17:26.0438 3568 COMSysApp - ok
16:17:26.0453 3568 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:17:26.0469 3568 crcdisk - ok
16:17:26.0516 3568 [ 63A7739AC9C1E38589B3EDB1DAEB9DF5 ] CronService C:\Prey\platform\windows\cronsvc.exe
16:17:26.0531 3568 CronService ( UnsignedFile.Multi.Generic ) - warning
16:17:26.0531 3568 CronService - detected UnsignedFile.Multi.Generic (1)
16:17:26.0563 3568 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:17:26.0594 3568 CryptSvc - ok
16:17:26.0625 3568 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:17:26.0656 3568 CSC - ok
16:17:26.0687 3568 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:17:26.0750 3568 CscService - ok
16:17:26.0765 3568 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
16:17:26.0781 3568 CVirtA - ok
16:17:26.0875 3568 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
16:17:26.0921 3568 CVPND - ok
16:17:26.0968 3568 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
16:17:26.0968 3568 CVPNDRVA - ok
16:17:27.0015 3568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:17:27.0062 3568 DcomLaunch - ok
16:17:27.0093 3568 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:17:27.0140 3568 defragsvc - ok
16:17:27.0171 3568 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:17:27.0233 3568 DfsC - ok
16:17:27.0249 3568 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:17:27.0296 3568 Dhcp - ok
16:17:27.0311 3568 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:17:27.0343 3568 discache - ok
16:17:27.0374 3568 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:17:27.0374 3568 Disk - ok
16:17:27.0405 3568 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
16:17:27.0405 3568 DNE - ok
16:17:27.0452 3568 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:17:27.0467 3568 Dnscache - ok
16:17:27.0499 3568 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:17:27.0545 3568 dot3svc - ok
16:17:27.0577 3568 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:17:27.0623 3568 DPS - ok
16:17:27.0655 3568 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:17:27.0717 3568 drmkaud - ok
16:17:27.0811 3568 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:17:27.0826 3568 dtsoftbus01 - ok
16:17:27.0842 3568 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:17:27.0873 3568 DXGKrnl - ok
16:17:27.0904 3568 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:17:27.0967 3568 EapHost - ok
16:17:28.0029 3568 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:17:28.0091 3568 ebdrv - ok
16:17:28.0123 3568 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:17:28.0138 3568 EFS - ok
16:17:28.0185 3568 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:17:28.0216 3568 ehRecvr - ok
16:17:28.0232 3568 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:17:28.0247 3568 ehSched - ok
16:17:28.0294 3568 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:17:28.0310 3568 elxstor - ok
16:17:28.0341 3568 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:17:28.0372 3568 ErrDev - ok
16:17:28.0403 3568 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:17:28.0450 3568 EventSystem - ok
16:17:28.0497 3568 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:17:28.0544 3568 exfat - ok
16:17:28.0559 3568 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:17:28.0622 3568 fastfat - ok
16:17:28.0653 3568 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:17:28.0669 3568 Fax - ok
16:17:28.0684 3568 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:17:28.0684 3568 fdc - ok
16:17:28.0715 3568 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:17:28.0747 3568 fdPHost - ok
16:17:28.0762 3568 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:17:28.0793 3568 FDResPub - ok
16:17:28.0809 3568 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:17:28.0825 3568 FileInfo - ok
16:17:28.0825 3568 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:17:28.0871 3568 Filetrace - ok
16:17:28.0887 3568 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:17:28.0903 3568 flpydisk - ok
16:17:28.0934 3568 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:17:28.0949 3568 FltMgr - ok
16:17:28.0981 3568 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:17:29.0012 3568 FontCache - ok
16:17:29.0059 3568 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:17:29.0074 3568 FontCache3.0.0.0 - ok
16:17:29.0090 3568 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:17:29.0105 3568 FsDepends - ok
16:17:29.0137 3568 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:17:29.0137 3568 Fs_Rec - ok
16:17:29.0183 3568 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:17:29.0199 3568 fvevol - ok
16:17:29.0230 3568 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:17:29.0230 3568 gagp30kx - ok
16:17:29.0261 3568 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:17:29.0324 3568 gpsvc - ok
16:17:29.0355 3568 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:17:29.0386 3568 hcw85cir - ok
16:17:29.0433 3568 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:17:29.0464 3568 HdAudAddService - ok
16:17:29.0480 3568 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:17:29.0511 3568 HDAudBus - ok
16:17:29.0527 3568 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:17:29.0542 3568 HidBatt - ok
16:17:29.0558 3568 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:17:29.0573 3568 HidBth - ok
16:17:29.0589 3568 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:17:29.0605 3568 HidIr - ok
16:17:29.0620 3568 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:17:29.0683 3568 hidserv - ok
16:17:29.0714 3568 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:17:29.0729 3568 HidUsb - ok
16:17:29.0761 3568 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:17:29.0807 3568 hkmsvc - ok
16:17:29.0839 3568 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:17:29.0901 3568 HomeGroupListener - ok
16:17:29.0917 3568 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:17:29.0948 3568 HomeGroupProvider - ok
16:17:29.0963 3568 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:17:29.0979 3568 HpSAMD - ok
16:17:30.0010 3568 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:17:30.0073 3568 HTTP - ok
16:17:30.0104 3568 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:17:30.0119 3568 huawei_enumerator - ok
16:17:30.0151 3568 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:17:30.0166 3568 hwpolicy - ok
16:17:30.0197 3568 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:17:30.0213 3568 i8042prt - ok
16:17:30.0244 3568 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:17:30.0260 3568 iaStorV - ok
16:17:30.0291 3568 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:17:30.0338 3568 idsvc - ok
16:17:30.0354 3568 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:17:30.0354 3568 iirsp - ok
16:17:30.0385 3568 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:17:30.0478 3568 IKEEXT - ok
16:17:30.0478 3568 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:17:30.0494 3568 intelide - ok
16:17:30.0510 3568 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:17:30.0541 3568 intelppm - ok
16:17:30.0572 3568 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:17:30.0634 3568 IPBusEnum - ok
16:17:30.0666 3568 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:17:30.0697 3568 IpFilterDriver - ok
16:17:30.0728 3568 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:17:30.0790 3568 iphlpsvc - ok
16:17:30.0822 3568 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:17:30.0837 3568 IPMIDRV - ok
16:17:30.0868 3568 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:17:30.0900 3568 IPNAT - ok
16:17:30.0931 3568 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:17:30.0946 3568 IRENUM - ok
16:17:30.0978 3568 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:17:30.0978 3568 isapnp - ok
16:17:30.0993 3568 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:17:31.0009 3568 iScsiPrt - ok
16:17:31.0040 3568 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:17:31.0056 3568 kbdclass - ok
16:17:31.0071 3568 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:17:31.0087 3568 kbdhid - ok
16:17:31.0102 3568 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:17:31.0118 3568 KeyIso - ok
16:17:31.0134 3568 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:17:31.0149 3568 KSecDD - ok
16:17:31.0165 3568 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:17:31.0180 3568 KSecPkg - ok
16:17:31.0196 3568 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:17:31.0243 3568 ksthunk - ok
16:17:31.0258 3568 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:17:31.0321 3568 KtmRm - ok
16:17:31.0336 3568 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:17:31.0399 3568 LanmanServer - ok
16:17:31.0430 3568 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:17:31.0461 3568 LanmanWorkstation - ok
16:17:31.0477 3568 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:17:31.0524 3568 lltdio - ok
16:17:31.0539 3568 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:17:31.0602 3568 lltdsvc - ok
16:17:31.0617 3568 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:17:31.0648 3568 lmhosts - ok
16:17:31.0680 3568 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:17:31.0695 3568 LSI_FC - ok
16:17:31.0726 3568 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:17:31.0726 3568 LSI_SAS - ok
16:17:31.0742 3568 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:17:31.0758 3568 LSI_SAS2 - ok
16:17:31.0804 3568 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:17:31.0820 3568 LSI_SCSI - ok
16:17:31.0836 3568 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:17:31.0867 3568 luafv - ok
16:17:31.0898 3568 massfilter - ok
16:17:31.0929 3568 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:17:31.0945 3568 MBAMProtector - ok
16:17:31.0992 3568 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:17:32.0023 3568 MBAMScheduler - ok
16:17:32.0038 3568 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:17:32.0070 3568 MBAMService - ok
16:17:32.0085 3568 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:17:32.0101 3568 Mcx2Svc - ok
16:17:32.0116 3568 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:17:32.0132 3568 megasas - ok
16:17:32.0148 3568 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:17:32.0163 3568 MegaSR - ok
16:17:32.0226 3568 Microsoft SharePoint Workspace Audit Service - ok
16:17:32.0257 3568 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:17:32.0319 3568 MMCSS - ok
16:17:32.0335 3568 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:17:32.0382 3568 Modem - ok
16:17:32.0397 3568 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:17:32.0413 3568 monitor - ok
16:17:32.0444 3568 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:17:32.0444 3568 mouclass - ok
16:17:32.0475 3568 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:17:32.0506 3568 mouhid - ok
16:17:32.0538 3568 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:17:32.0538 3568 mountmgr - ok
16:17:32.0553 3568 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:17:32.0569 3568 mpio - ok
16:17:32.0584 3568 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:17:32.0631 3568 mpsdrv - ok
16:17:32.0662 3568 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:17:32.0725 3568 MpsSvc - ok
16:17:32.0740 3568 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:17:32.0772 3568 MRxDAV - ok
16:17:32.0787 3568 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:17:32.0818 3568 mrxsmb - ok
16:17:32.0834 3568 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:17:32.0865 3568 mrxsmb10 - ok
16:17:32.0881 3568 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:17:32.0896 3568 mrxsmb20 - ok
16:17:32.0912 3568 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:17:32.0928 3568 msahci - ok
16:17:32.0943 3568 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:17:32.0959 3568 msdsm - ok
16:17:32.0974 3568 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:17:33.0006 3568 MSDTC - ok
16:17:33.0021 3568 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:17:33.0052 3568 Msfs - ok
16:17:33.0068 3568 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:17:33.0115 3568 mshidkmdf - ok
16:17:33.0130 3568 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:17:33.0130 3568 msisadrv - ok
16:17:33.0162 3568 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:17:33.0193 3568 MSiSCSI - ok
16:17:33.0208 3568 msiserver - ok
16:17:33.0240 3568 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:17:33.0302 3568 MSKSSRV - ok
16:17:33.0318 3568 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:17:33.0349 3568 MSPCLOCK - ok
16:17:33.0364 3568 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:17:33.0396 3568 MSPQM - ok
16:17:33.0427 3568 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:17:33.0442 3568 MsRPC - ok
16:17:33.0442 3568 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:17:33.0458 3568 mssmbios - ok
16:17:33.0474 3568 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:17:33.0505 3568 MSTEE - ok
16:17:33.0520 3568 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:17:33.0536 3568 MTConfig - ok
16:17:33.0552 3568 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:17:33.0567 3568 Mup - ok
16:17:33.0583 3568 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:17:33.0645 3568 napagent - ok
16:17:33.0676 3568 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:17:33.0708 3568 NativeWifiP - ok
16:17:33.0754 3568 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:17:33.0786 3568 NDIS - ok
16:17:33.0801 3568 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:17:33.0832 3568 NdisCap - ok
16:17:33.0864 3568 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:17:33.0926 3568 NdisTapi - ok
16:17:33.0942 3568 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:17:33.0973 3568 Ndisuio - ok
16:17:34.0004 3568 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:17:34.0051 3568 NdisWan - ok
16:17:34.0066 3568 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:17:34.0113 3568 NDProxy - ok
16:17:34.0129 3568 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:17:34.0160 3568 NetBIOS - ok
16:17:34.0191 3568 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:17:34.0222 3568 NetBT - ok
16:17:34.0238 3568 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:17:34.0238 3568 Netlogon - ok
16:17:34.0269 3568 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:17:34.0316 3568 Netman - ok
16:17:34.0378 3568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:17:34.0394 3568 NetMsmqActivator - ok
16:17:34.0410 3568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:17:34.0441 3568 NetPipeActivator - ok
16:17:34.0456 3568 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:17:34.0534 3568 netprofm - ok
16:17:34.0550 3568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:17:34.0550 3568 NetTcpActivator - ok
16:17:34.0566 3568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:17:34.0566 3568 NetTcpPortSharing - ok
16:17:34.0597 3568 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:17:34.0612 3568 nfrd960 - ok
16:17:34.0628 3568 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:17:34.0675 3568 NlaSvc - ok
16:17:34.0690 3568 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:17:34.0722 3568 Npfs - ok
16:17:34.0737 3568 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:17:34.0784 3568 nsi - ok
16:17:34.0784 3568 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:17:34.0831 3568 nsiproxy - ok
16:17:34.0878 3568 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:17:34.0909 3568 Ntfs - ok
16:17:34.0924 3568 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:17:34.0971 3568 Null - ok
16:17:35.0002 3568 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:17:35.0034 3568 nvraid - ok
16:17:35.0049 3568 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:17:35.0049 3568 nvstor - ok
16:17:35.0080 3568 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:17:35.0096 3568 nv_agp - ok
16:17:35.0112 3568 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:17:35.0127 3568 ohci1394 - ok
16:17:35.0190 3568 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:17:35.0205 3568 ose64 - ok
16:17:35.0314 3568 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:17:35.0424 3568 osppsvc - ok
16:17:35.0455 3568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:17:35.0470 3568 p2pimsvc - ok
16:17:35.0502 3568 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:17:35.0517 3568 p2psvc - ok
16:17:35.0533 3568 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:17:35.0548 3568 Parport - ok
16:17:35.0564 3568 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:17:35.0580 3568 partmgr - ok
16:17:35.0595 3568 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:17:35.0611 3568 PcaSvc - ok
16:17:35.0642 3568 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:17:35.0642 3568 pci - ok
16:17:35.0658 3568 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:17:35.0673 3568 pciide - ok
16:17:35.0689 3568 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:17:35.0704 3568 pcmcia - ok
16:17:35.0720 3568 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:17:35.0720 3568 pcw - ok
16:17:35.0751 3568 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:17:35.0798 3568 PEAUTH - ok
16:17:35.0845 3568 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:17:35.0876 3568 PeerDistSvc - ok
16:17:35.0954 3568 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:17:35.0985 3568 PerfHost - ok
16:17:36.0032 3568 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:17:36.0110 3568 pla - ok
16:17:36.0172 3568 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:17:36.0204 3568 PlugPlay - ok
16:17:36.0219 3568 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:17:36.0250 3568 PNRPAutoReg - ok
16:17:36.0266 3568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:17:36.0297 3568 PNRPsvc - ok
16:17:36.0313 3568 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:17:36.0375 3568 PolicyAgent - ok
16:17:36.0406 3568 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:17:36.0469 3568 Power - ok
16:17:36.0500 3568 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:17:36.0531 3568 PptpMiniport - ok
16:17:36.0562 3568 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:17:36.0594 3568 Processor - ok
16:17:36.0609 3568 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:17:36.0640 3568 ProfSvc - ok
16:17:36.0656 3568 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:17:36.0672 3568 ProtectedStorage - ok
16:17:36.0703 3568 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:17:36.0750 3568 Psched - ok
16:17:36.0796 3568 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:17:36.0828 3568 ql2300 - ok
16:17:36.0843 3568 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:17:36.0859 3568 ql40xx - ok
16:17:36.0874 3568 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:17:36.0906 3568 QWAVE - ok
16:17:36.0937 3568 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:17:36.0968 3568 QWAVEdrv - ok
16:17:36.0984 3568 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:17:37.0030 3568 RasAcd - ok
16:17:37.0046 3568 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:17:37.0108 3568 RasAgileVpn - ok
16:17:37.0108 3568 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:17:37.0155 3568 RasAuto - ok
16:17:37.0171 3568 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:17:37.0218 3568 Rasl2tp - ok
16:17:37.0249 3568 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:17:37.0296 3568 RasMan - ok
16:17:37.0311 3568 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:17:37.0358 3568 RasPppoe - ok
16:17:37.0374 3568 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:17:37.0405 3568 RasSstp - ok
16:17:37.0452 3568 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:17:37.0498 3568 rdbss - ok
16:17:37.0514 3568 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:17:37.0545 3568 rdpbus - ok
16:17:37.0561 3568 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:17:37.0592 3568 RDPCDD - ok
16:17:37.0608 3568 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:17:37.0623 3568 RDPDR - ok
16:17:37.0639 3568 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:17:37.0670 3568 RDPENCDD - ok
16:17:37.0686 3568 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:17:37.0717 3568 RDPREFMP - ok
16:17:37.0748 3568 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:17:37.0748 3568 RDPWD - ok
16:17:37.0779 3568 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:17:37.0795 3568 rdyboost - ok
16:17:37.0810 3568 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:17:37.0857 3568 RemoteAccess - ok
16:17:37.0888 3568 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:17:37.0935 3568 RemoteRegistry - ok
16:17:37.0951 3568 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:17:37.0998 3568 RpcEptMapper - ok
16:17:38.0013 3568 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:17:38.0029 3568 RpcLocator - ok
16:17:38.0044 3568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:17:38.0076 3568 RpcSs - ok
16:17:38.0107 3568 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:17:38.0138 3568 rspndr - ok
16:17:38.0169 3568 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:17:38.0185 3568 s3cap - ok
16:17:38.0200 3568 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:17:38.0200 3568 SamSs - ok
16:17:38.0216 3568 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:17:38.0232 3568 sbp2port - ok
16:17:38.0325 3568 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:17:38.0356 3568 SBSDWSCService - ok
16:17:38.0372 3568 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:17:38.0419 3568 SCardSvr - ok
16:17:38.0434 3568 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:17:38.0481 3568 scfilter - ok
16:17:38.0512 3568 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:17:38.0559 3568 Schedule - ok
16:17:38.0590 3568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:17:38.0622 3568 SCPolicySvc - ok
16:17:38.0653 3568 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:17:38.0668 3568 SDRSVC - ok
16:17:38.0700 3568 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:17:38.0731 3568 secdrv - ok
16:17:38.0746 3568 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:17:38.0793 3568 seclogon - ok
16:17:38.0809 3568 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:17:38.0840 3568 SENS - ok
16:17:38.0856 3568 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:17:38.0887 3568 SensrSvc - ok
16:17:38.0902 3568 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:17:38.0934 3568 Serenum - ok
16:17:38.0965 3568 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:17:38.0980 3568 Serial - ok
16:17:39.0012 3568 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:17:39.0027 3568 sermouse - ok
16:17:39.0058 3568 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:17:39.0105 3568 SessionEnv - ok
16:17:39.0136 3568 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:17:39.0168 3568 sffdisk - ok
16:17:39.0183 3568 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:17:39.0214 3568 sffp_mmc - ok
16:17:39.0230 3568 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:17:39.0261 3568 sffp_sd - ok
16:17:39.0261 3568 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:17:39.0292 3568 sfloppy - ok
16:17:39.0339 3568 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:17:39.0417 3568 SharedAccess - ok
16:17:39.0448 3568 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:17:39.0495 3568 ShellHWDetection - ok
16:17:39.0526 3568 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:17:39.0526 3568 SiSRaid2 - ok
16:17:39.0542 3568 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:17:39.0558 3568 SiSRaid4 - ok
16:17:39.0620 3568 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:17:39.0651 3568 SkypeUpdate - ok
16:17:39.0682 3568 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:17:39.0745 3568 Smb - ok
16:17:39.0776 3568 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:17:39.0792 3568 SNMPTRAP - ok
16:17:39.0792 3568 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:17:39.0807 3568 spldr - ok
16:17:39.0823 3568 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:17:39.0838 3568 Spooler - ok
16:17:39.0932 3568 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:17:40.0010 3568 sppsvc - ok
16:17:40.0026 3568 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:17:40.0057 3568 sppuinotify - ok
16:17:40.0088 3568 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:17:40.0104 3568 srv - ok
16:17:40.0135 3568 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:17:40.0166 3568 srv2 - ok
16:17:40.0182 3568 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:17:40.0197 3568 srvnet - ok
16:17:40.0228 3568 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:17:40.0275 3568 SSDPSRV - ok
16:17:40.0275 3568 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:17:40.0322 3568 SstpSvc - ok
16:17:40.0338 3568 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:17:40.0338 3568 stexstor - ok
16:17:40.0369 3568 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:17:40.0416 3568 stisvc - ok
16:17:40.0447 3568 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:17:40.0447 3568 storflt - ok
16:17:40.0478 3568 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:17:40.0494 3568 StorSvc - ok
16:17:40.0509 3568 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:17:40.0509 3568 storvsc - ok
16:17:40.0540 3568 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:17:40.0540 3568 swenum - ok
16:17:40.0572 3568 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:17:40.0618 3568 swprv - ok
16:17:40.0665 3568 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:17:40.0743 3568 SysMain - ok
16:17:40.0759 3568 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:17:40.0790 3568 TabletInputService - ok
16:17:40.0806 3568 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:17:40.0852 3568 TapiSrv - ok
16:17:40.0868 3568 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:17:40.0915 3568 TBS - ok
16:17:40.0962 3568 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:17:41.0024 3568 Tcpip - ok
16:17:41.0055 3568 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:17:41.0086 3568 TCPIP6 - ok
16:17:41.0118 3568 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:17:41.0180 3568 tcpipreg - ok
16:17:41.0211 3568 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:17:41.0227 3568 TDPIPE - ok
16:17:41.0258 3568 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:17:41.0289 3568 TDTCP - ok
16:17:41.0320 3568 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:17:41.0367 3568 tdx - ok
16:17:41.0445 3568 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
16:17:41.0492 3568 TeamViewer6 - ok
16:17:41.0508 3568 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:17:41.0523 3568 TermDD - ok
16:17:41.0554 3568 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:17:41.0586 3568 TermService - ok
16:17:41.0617 3568 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:17:41.0648 3568 Themes - ok
16:17:41.0648 3568 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:17:41.0695 3568 THREADORDER - ok
16:17:41.0695 3568 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:17:41.0742 3568 TrkWks - ok
16:17:41.0773 3568 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:17:41.0820 3568 TrustedInstaller - ok
16:17:41.0835 3568 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:17:41.0866 3568 tssecsrv - ok
16:17:41.0898 3568 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:17:41.0944 3568 TsUsbFlt - ok
16:17:41.0976 3568 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:17:42.0022 3568 tunnel - ok
16:17:42.0054 3568 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:17:42.0054 3568 uagp35 - ok
16:17:42.0100 3568 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:17:42.0194 3568 udfs - ok
16:17:42.0210 3568 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:17:42.0225 3568 UI0Detect - ok
16:17:42.0241 3568 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:17:42.0256 3568 uliagpkx - ok
16:17:42.0272 3568 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:17:42.0288 3568 umbus - ok
16:17:42.0303 3568 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:17:42.0319 3568 UmPass - ok
16:17:42.0350 3568 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:17:42.0381 3568 UmRdpService - ok
16:17:42.0397 3568 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:17:42.0444 3568 upnphost - ok
16:17:42.0459 3568 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:17:42.0475 3568 usbccgp - ok
16:17:42.0490 3568 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:17:42.0506 3568 usbcir - ok
16:17:42.0522 3568 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:17:42.0537 3568 usbehci - ok
16:17:42.0537 3568 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:17:42.0553 3568 usbhub - ok
16:17:42.0568 3568 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:17:42.0600 3568 usbohci - ok
16:17:42.0615 3568 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:17:42.0631 3568 usbprint - ok
16:17:42.0662 3568 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:17:42.0678 3568 USBSTOR - ok
16:17:42.0693 3568 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:17:42.0709 3568 usbuhci - ok
16:17:42.0740 3568 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:17:42.0756 3568 usbvideo - ok
16:17:42.0787 3568 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:17:42.0834 3568 UxSms - ok
16:17:42.0849 3568 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:17:42.0865 3568 VaultSvc - ok
16:17:42.0880 3568 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:17:42.0880 3568 vdrvroot - ok
16:17:42.0912 3568 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:17:42.0958 3568 vds - ok
16:17:42.0974 3568 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:17:43.0005 3568 vga - ok
16:17:43.0021 3568 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:17:43.0068 3568 VgaSave - ok
16:17:43.0099 3568 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:17:43.0099 3568 vhdmp - ok
16:17:43.0130 3568 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:17:43.0146 3568 viaide - ok
16:17:43.0161 3568 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:17:43.0177 3568 vmbus - ok
16:17:43.0192 3568 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:17:43.0192 3568 VMBusHID - ok
16:17:43.0208 3568 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:17:43.0224 3568 volmgr - ok
16:17:43.0239 3568 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:17:43.0255 3568 volmgrx - ok
16:17:43.0270 3568 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:17:43.0286 3568 volsnap - ok
16:17:43.0333 3568 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:17:43.0348 3568 vsmraid - ok
16:17:43.0395 3568 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:17:43.0473 3568 VSS - ok
16:17:43.0489 3568 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:17:43.0504 3568 vwifibus - ok
16:17:43.0536 3568 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:17:43.0551 3568 vwififlt - ok
16:17:43.0582 3568 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:17:43.0614 3568 vwifimp - ok
16:17:43.0645 3568 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:17:43.0692 3568 W32Time - ok
16:17:43.0723 3568 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:17:43.0770 3568 WacomPen - ok
16:17:43.0894 3568 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:17:43.0988 3568 WANARP - ok
16:17:44.0004 3568 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:17:44.0035 3568 Wanarpv6 - ok
16:17:44.0097 3568 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:17:44.0144 3568 WatAdminSvc - ok
16:17:44.0175 3568 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:17:44.0206 3568 wbengine - ok
16:17:44.0222 3568 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:17:44.0238 3568 WbioSrvc - ok
16:17:44.0253 3568 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:17:44.0300 3568 wcncsvc - ok
16:17:44.0316 3568 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:17:44.0331 3568 WcsPlugInService - ok
16:17:44.0347 3568 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:17:44.0347 3568 Wd - ok
16:17:44.0378 3568 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:17:44.0394 3568 Wdf01000 - ok
16:17:44.0409 3568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:17:44.0425 3568 WdiServiceHost - ok
16:17:44.0440 3568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:17:44.0456 3568 WdiSystemHost - ok
16:17:44.0472 3568 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:17:44.0487 3568 WebClient - ok
16:17:44.0518 3568 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:17:44.0596 3568 Wecsvc - ok
16:17:44.0628 3568 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:17:44.0690 3568 wercplsupport - ok
16:17:44.0690 3568 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:17:44.0721 3568 WerSvc - ok
16:17:44.0752 3568 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:17:44.0784 3568 WfpLwf - ok
16:17:44.0799 3568 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:17:44.0815 3568 WIMMount - ok
16:17:44.0830 3568 WinDefend - ok
16:17:44.0846 3568 WinHttpAutoProxySvc - ok
16:17:44.0893 3568 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:17:44.0955 3568 Winmgmt - ok
16:17:45.0018 3568 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:17:45.0080 3568 WinRM - ok
16:17:45.0127 3568 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:17:45.0142 3568 WinUsb - ok
16:17:45.0158 3568 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:17:45.0189 3568 Wlansvc - ok
16:17:45.0220 3568 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:17:45.0236 3568 WmiAcpi - ok
16:17:45.0267 3568 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:17:45.0283 3568 wmiApSrv - ok
16:17:45.0298 3568 WMPNetworkSvc - ok
16:17:45.0314 3568 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:17:45.0314 3568 WPCSvc - ok
16:17:45.0345 3568 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:17:45.0361 3568 WPDBusEnum - ok
16:17:45.0376 3568 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:17:45.0423 3568 ws2ifsl - ok
16:17:45.0439 3568 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:17:45.0470 3568 wscsvc - ok
16:17:45.0470 3568 WSearch - ok
16:17:45.0532 3568 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:17:45.0579 3568 wuauserv - ok
16:17:45.0595 3568 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:17:45.0626 3568 WudfPf - ok
16:17:45.0657 3568 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:17:45.0688 3568 WUDFRd - ok
16:17:45.0720 3568 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:17:45.0782 3568 wudfsvc - ok
16:17:45.0798 3568 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:17:45.0829 3568 WwanSvc - ok
16:17:45.0860 3568 ================ Scan global ===============================
16:17:45.0876 3568 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:17:45.0907 3568 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:17:45.0907 3568 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:17:45.0938 3568 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:17:45.0969 3568 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:17:45.0969 3568 [Global] - ok
16:17:45.0969 3568 ================ Scan MBR ==================================
16:17:45.0985 3568 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:17:46.0203 3568 \Device\Harddisk0\DR0 - ok
16:17:46.0219 3568 ================ Scan VBR ==================================
16:17:46.0219 3568 [ ADF7F5220ACED9C6CB44ECDDEEEEA68F ] \Device\Harddisk0\DR0\Partition1
16:17:46.0219 3568 \Device\Harddisk0\DR0\Partition1 - ok
16:17:46.0250 3568 [ 630C7AE6B263E160B0EBD3C0BAC9C216 ] \Device\Harddisk0\DR0\Partition2
16:17:46.0250 3568 \Device\Harddisk0\DR0\Partition2 - ok
16:17:46.0266 3568 [ D7B8D0F76E7C6EE1ABA6804652C609F3 ] \Device\Harddisk0\DR0\Partition3
16:17:46.0266 3568 \Device\Harddisk0\DR0\Partition3 - ok
16:17:46.0266 3568 ============================================================
16:17:46.0266 3568 Scan finished
16:17:46.0266 3568 ============================================================
16:17:46.0281 3272 Detected object count: 1
16:17:46.0281 3272 Actual detected object count: 1
16:17:56.0967 3272 CronService ( UnsignedFile.Multi.Generic ) - skipped by user
16:17:56.0967 3272 CronService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 28.09.2012, 17:10   #8
markusg
/// Malware-holic
 
BKA Trojaner Ukash 1.15 Windows 7 - Standard

BKA Trojaner Ukash 1.15 Windows 7



ist ok, keine gefahr geht von dem objekt aus.

lade den CCleaner standard:
CCleaner Download - CCleaner 3.23.1823
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.09.2012, 18:06   #9
Forya
 
BKA Trojaner Ukash 1.15 Windows 7 - Standard

BKA Trojaner Ukash 1.15 Windows 7



Hallo Markus,

Auftrag erledigt, die liste ist im anhang.

Soll ich eigentlich nochmal Malwarebytes und OTL durchlaufen lassen und schauen was angezeigt wird?

Beste Grüße & Danke, Forya

hier das install.txt file

Alt 03.10.2012, 18:50   #10
markusg
/// Malware-holic
 
BKA Trojaner Ukash 1.15 Windows 7 - Standard

BKA Trojaner Ukash 1.15 Windows 7



sorry für die wartezeit, deinstlaiere:
Facebook Video Calling

öffne otl bereinigen, pc startet neu
öffne ccleaner, analysieren starten, pc neustarten
wenn er läuft wie gewünscht, absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.74

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu BKA Trojaner Ukash 1.15 Windows 7
administrator, anti-malware, appdata, autostart, browser, dateien, explorer, forum, helper, keine kontrolle, löschen, malwarebytes, microsoft, pup.adbundle, pup.vshareredir, software, spybot, trojan.agent, trojan.ransom.fgen, trojaner, updates, windows, zugriff




Ähnliche Themen: BKA Trojaner Ukash 1.15 Windows 7


  1. Windows XP Professional: Ukash-Trojaner entfernen.
    Log-Analyse und Auswertung - 28.12.2013 (10)
  2. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  3. Ukash Trojaner 2.10 Windows 7
    Plagegeister aller Art und deren Bekämpfung - 12.02.2013 (2)
  4. Windows 8 Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (7)
  5. Ukash Trojaner unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (5)
  6. Ukash Trojaner auf Windows XP
    Log-Analyse und Auswertung - 09.08.2012 (4)
  7. GVU Windows Trojaner (100 Euro Ukash)
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (17)
  8. BKA-Ukash Trojaner - Windows 7
    Log-Analyse und Auswertung - 27.06.2012 (34)
  9. Windows Update Trojaner (ukash, 256Bit AES, 100€)
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (5)
  10. Ukash 100€ Trojaner Windows XP SP3 PC infiziert
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (47)
  11. UKash Windows Secure Trojaner mit Windows XP eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  12. Verschlüsselungs-Trojaner - Windows Update/Ukash
    Plagegeister aller Art und deren Bekämpfung - 24.05.2012 (1)
  13. Windows Trojaner mit ukash code
    Log-Analyse und Auswertung - 01.05.2012 (7)
  14. Ukash Trojaner Windows 7 (64 Bit)
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (3)
  15. Ukash Trojaner Windows 7 64bit
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (3)
  16. UKash Windows Security Trojaner
    Log-Analyse und Auswertung - 01.04.2012 (11)
  17. Windows-Kopie Trojaner wie BKA/ Ukash
    Log-Analyse und Auswertung - 21.08.2011 (5)

Zum Thema BKA Trojaner Ukash 1.15 Windows 7 - Hallo liebes Forum, ich hab mir seit gestern den BKA Trojaner eingefangen, nachdem ich aufgrund von meiner Zeit im Ausland einige Updates nicht gemacht hatte (Java und Service Pack!) Anfangs - BKA Trojaner Ukash 1.15 Windows 7...
Archiv
Du betrachtest: BKA Trojaner Ukash 1.15 Windows 7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.