Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner 2.07 auf Windows Vista

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.10.2012, 15:08   #1
Horstmann
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Hallo,

auch ich habe mir leider einen GVU Trojaner eingefangen und möchte Euch um Hilfe bitten. Der Anleitung auf Trojaner Board bin ich gefolgt und habe die Log Files angehängt.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.10.2012 21:10:30 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Arian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,08% Memory free
4,23 Gb Paging File | 2,45 Gb Available in Paging File | 57,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127,21 Gb Total Space | 8,59 Gb Free Space | 6,75% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,28 Gb Free Space | 62,84% Space Free | Partition Type: NTFS
Drive G: | 11,75 Gb Total Space | 1,98 Gb Free Space | 16,87% Space Free | Partition Type: NTFS
 
Computer Name: VW | User Name: Arian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.22 19:41:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe
PRC - [2012.10.12 12:27:54 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012.10.11 22:15:43 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.08.23 15:16:44 | 001,193,176 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.08 21:04:06 | 000,070,656 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007.01.12 10:51:28 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.11 22:15:52 | 002,111,456 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012.10.11 22:15:50 | 000,157,664 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.10.11 22:15:50 | 000,021,984 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.09.22 19:24:34 | 000,008,704 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Thunderbird\Profiles\hayg3c5x.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
MOD - [2012.08.23 15:16:44 | 001,193,176 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2012.10.12 12:27:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.11 22:15:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.06 19:19:23 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.08.10 15:22:38 | 002,200,832 | ---- | M] (Agnitum Ltd.) [Auto | Stopped] -- C:\Program Files\Agnitum\Outpost Security Suite Pro\acs.exe -- (acssrv)
SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.15 11:55:14 | 000,431,384 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\pcouffin.sys -- (pcouffin)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Arian\AppData\Local\Temp\fxldypow.sys -- (fxldypow)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:24 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.08.19 17:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.06.15 15:21:16 | 000,338,520 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2011.06.15 15:21:12 | 000,084,312 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\VBFilt.dll -- (VBFilt)
DRV - [2011.06.15 15:21:10 | 000,078,656 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2011.06.15 15:21:04 | 000,764,880 | ---- | M] (Agnitum Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2011.03.28 19:53:12 | 000,033,880 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2011.02.02 18:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBEngNT.sys -- (VBEngNT)
DRV - [2011.01.14 20:11:15 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2011.01.05 21:18:25 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.01.05 21:18:25 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011.01.05 21:18:07 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011.01.05 21:17:56 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010.12.02 23:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010.09.28 13:03:09 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv07.sys -- (acedrv07)
DRV - [2010.09.28 13:03:09 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv06.sys -- (acedrv06)
DRV - [2010.09.28 13:03:09 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv05.sys -- (acedrv05)
DRV - [2010.09.28 13:03:09 | 000,097,280 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv04.sys -- (acedrv04)
DRV - [2010.09.28 13:03:09 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv03.sys -- (acedrv03)
DRV - [2010.09.28 13:03:09 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv02.sys -- (acedrv02)
DRV - [2010.09.28 13:03:09 | 000,093,696 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv01.sys -- (acedrv01)
DRV - [2010.02.19 17:56:18 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010.02.19 17:56:18 | 000,034,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2009.09.02 15:21:38 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 18:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.04.23 11:42:08 | 000,564,088 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009.02.17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008.03.17 18:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2007.10.04 22:24:00 | 007,628,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.09.26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.02.08 07:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006.12.08 14:02:50 | 000,275,072 | ---- | M] (Guillemont Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDvid.sys -- (APL531)
DRV - [2006.11.20 21:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.20 21:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.20 21:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.16 16:01:42 | 000,024,192 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\camfilt.sys -- (camfilt)
DRV - [2006.11.12 01:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.30 19:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.10.05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006.08.17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2005.09.23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004.09.29 12:45:08 | 000,026,356 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\I-magic.sys -- (TACXDEV)
DRV - [2004.07.26 11:01:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070405
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&ie=UTF-8
IE - HKCU\..\SearchScopes,DefaultScope = {BD7AF474-87E6-4D84-91DB-6E20CABD2968}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60342
IE - HKCU\..\SearchScopes\{624F85FF-C226-4D55-BEDB-9947BC90BD07}: "URL" = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_deDE321
IE - HKCU\..\SearchScopes\{BD7AF474-87E6-4D84-91DB-6E20CABD2968}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local localhost localhost localhost localhost localhost;*.local localhost;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Arian\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 16:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 16:07:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.26 14:38:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Arian\Program Files\DNA [2009.02.19 17:02:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 16:07:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 16:07:32 | 000,000,000 | ---D | M]
 
[2010.06.30 10:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions
[2010.06.30 10:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008.05.22 11:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.10.14 22:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions
[2010.04.29 09:47:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.04 01:30:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.09.18 20:52:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2007.09.25 23:13:09 | 000,000,000 | ---D | M] ("Fasterfox") -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009.11.10 23:07:29 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\firefox@tvunetworks.com
[2012.09.15 18:00:38 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\ich@maltegoetz.de
[2011.11.24 19:57:12 | 000,079,365 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\anticontainer@downthemall.net.xpi
[2012.10.14 22:41:15 | 000,340,281 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.10.11 15:02:07 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.30 14:38:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.15 17:11:04 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.10.14 22:37:03 | 000,000,944 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\searchplugins\icqplugin.xml
[2012.10.12 16:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.12 16:07:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.10.12 16:07:15 | 000,000,000 | ---D | M] ("Yummy CONDUIT Player") -- C:\Program Files\Mozilla Firefox\extensions\YPlayer@yummy.net
[2012.10.12 16:07:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.10.12 16:07:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 16:07:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009.09.21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2012.10.12 16:07:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 16:07:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.12 16:07:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.12 16:07:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: Gmail = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2008.01.20 16:29:03 | 000,223,006 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 7827 more lines...
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe" File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [TomTom] C:\Users\Arian\AppData\Roaming\E80161\E80161.exe ()
O4 - HKCU..\Run: [Xileobmyw] C:\Users\Arian\AppData\Roaming\Gybaz\dulik.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
F3 - HKCU WinNT: Load - (C:\Users\Arian\LOCALS~1\Temp\mswgqqq.com) -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAF018CD-C243-4E7B-B0DC-380877BB67CA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00ED8B3-C96D-49B1-8E48-CCA13BA1D7AE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Arian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Arian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{67292b95-71da-11dc-b0aa-0019b96596e7}\Shell\AutoRun\command - "" = H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{774f485d-1ef3-11de-bd00-0019b96596e7}\Shell - "" = AutoRun
O33 - MountPoints2\{774f485d-1ef3-11de-bd00-0019b96596e7}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{a174a8e7-10de-11dc-9ef3-0019b96596e7}\Shell\AutoRun\command - "" = .\Recycled\Driveinfo.exe
O33 - MountPoints2\{a174a8e7-10de-11dc-9ef3-0019b96596e7}\Shell\Open\Command - "" = .\Recycled\Driveinfo.exe
O33 - MountPoints2\{e7f5ca22-bfb1-11e0-966f-0019b96596e7}\Shell - "" = AutoRun
O33 - MountPoints2\{e7f5ca22-bfb1-11e0-966f-0019b96596e7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.22 19:41:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe
[2012.10.16 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Malwarebytes
[2012.10.16 21:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.16 21:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.16 21:42:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.16 21:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.16 21:01:43 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Local\CrashDumps
[2012.10.16 20:10:50 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Rouvez
[2012.10.16 20:10:49 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Gybaz
[2012.10.16 20:10:49 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Eguc
[2012.10.15 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Ubma
[2012.10.15 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Qiyq
[2012.10.15 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Qalium
[2012.10.15 20:39:55 | 000,000,000 | ---D | C] -- C:\Users\Arian\Local Settings
[2012.10.12 16:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.12 10:59:46 | 000,000,000 | ---D | C] -- C:\Users\Arian\Desktop\Medizinbücher
[2012.09.27 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Avira
[2012.09.27 17:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.27 17:51:38 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.27 17:51:38 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.27 17:51:38 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.27 17:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.09.27 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.09.25 22:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2012.09.25 22:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink deutsch
[2012.09.25 22:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink DE
[2012.09.25 22:20:45 | 000,000,000 | ---D | C] -- C:\Users\Arian\Documents\Alcohol 120%
[2012.09.25 22:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2012.09.25 22:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2012.09.25 22:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2012.09.24 22:13:09 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\TechSmith
[2012.09.24 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Local\TechSmith
[2012.09.24 22:12:14 | 000,000,000 | ---D | C] -- C:\Users\Arian\Documents\Camtasia Studio
[2012.09.24 17:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2008.01.26 22:17:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Arian\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Arian\*.tmp files -> C:\Users\Arian\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 21:11:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 21:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 20:51:16 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 20:51:16 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 20:42:32 | 000,302,592 | ---- | M] () -- C:\Users\Arian\Desktop\g59dx8n2.exe
[2012.10.23 19:58:34 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.23 18:53:15 | 000,262,183 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\nvModes.001
[2012.10.23 18:51:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 18:51:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.22 19:41:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe
[2012.10.22 19:13:01 | 000,000,020 | ---- | M] () -- C:\Users\Arian\defogger_reenable
[2012.10.22 19:10:57 | 000,050,477 | ---- | M] () -- C:\Users\Arian\Desktop\Defogger.exe
[2012.10.17 19:27:35 | 000,213,504 | ---- | M] () -- C:\Users\Arian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.16 20:15:19 | 000,000,047 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\msconfig.ini
[2012.10.09 22:34:56 | 000,304,389 | ---- | M] () -- C:\Users\Arian\Desktop\EKG-Kochbuch.pdf
[2012.10.08 18:36:33 | 000,262,183 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\nvModes.dat
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.25 22:07:35 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2012.09.24 21:18:15 | 000,843,844 | ---- | M] () -- C:\Users\Arian\Desktop\bend_u.pdf
[2012.09.24 16:45:30 | 000,060,864 | ---- | M] () -- C:\Users\Arian\g2mdlhlpx.exe
[2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Arian\*.tmp files -> C:\Users\Arian\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.23 20:42:06 | 000,302,592 | ---- | C] () -- C:\Users\Arian\Desktop\g59dx8n2.exe
[2012.10.22 19:12:02 | 000,000,020 | ---- | C] () -- C:\Users\Arian\defogger_reenable
[2012.10.22 19:10:56 | 000,050,477 | ---- | C] () -- C:\Users\Arian\Desktop\Defogger.exe
[2012.10.16 21:42:52 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 20:40:44 | 000,000,047 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\msconfig.ini
[2012.10.09 22:34:51 | 000,304,389 | ---- | C] () -- C:\Users\Arian\Desktop\EKG-Kochbuch.pdf
[2012.09.25 22:07:35 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2012.09.24 21:18:12 | 000,843,844 | ---- | C] () -- C:\Users\Arian\Desktop\bend_u.pdf
[2012.09.23 10:14:33 | 000,060,864 | ---- | C] () -- C:\Users\Arian\g2mdlhlpx.exe
[2012.02.05 11:32:53 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012.02.05 11:32:06 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012.02.05 11:29:49 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012.02.05 11:29:48 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012.02.05 11:29:48 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012.02.05 11:29:48 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012.01.11 09:54:41 | 000,097,792 | -HS- | C] () -- C:\Users\Arian\AppData\Roaming\msconfig.dat
[2011.09.10 14:14:48 | 000,000,261 | ---- | C] () -- C:\ProgramData\lxdi
[2011.06.17 18:09:28 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.05.17 21:45:15 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe
[2011.04.12 20:21:56 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.04 16:45:55 | 000,019,456 | ---- | C] () -- C:\Users\Arian\AppData\Local\WebpageIcons.db
[2009.12.22 18:11:09 | 000,000,701 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\init.dll
[2009.12.22 18:11:09 | 000,000,006 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\SYSTEM32.dll
[2009.12.22 18:11:06 | 000,000,701 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\sound.dll
[2008.05.14 17:59:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.01.26 22:17:42 | 000,087,608 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\inst.exe
[2008.01.26 22:17:42 | 000,007,887 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\pcouffin.cat
[2008.01.26 22:17:42 | 000,001,144 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\pcouffin.inf
[2008.01.23 19:26:12 | 000,000,093 | ---- | C] () -- C:\Users\Arian\AppData\Local\fusioncache.dat
[2007.11.23 19:17:35 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.08.19 18:57:10 | 000,007,268 | ---- | C] () -- C:\Users\Arian\AppData\Local\d3d9caps.dat
[2007.05.04 20:25:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.04.29 13:34:35 | 000,000,040 | -HS- | C] () -- C:\Users\Arian\AppData\Roaming\.zreglib
[2007.04.29 11:27:33 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007.04.27 21:41:09 | 000,022,869 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\UserTile.png
[2007.04.24 21:43:52 | 000,000,020 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\anzds
[2007.04.12 22:41:43 | 000,000,114 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\wklnhst.dat
[2007.04.12 22:29:26 | 000,262,183 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\nvModes.001
[2007.04.12 20:10:43 | 000,262,183 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\nvModes.dat
[2007.04.12 18:01:59 | 000,213,504 | ---- | C] () -- C:\Users\Arian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2617123096-2108651821-2447131207-1000\$a0b26d9b9a24ea4ea452b72e1356577e\n.
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.07.04 20:45:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\.pknowledge
[2011.12.20 11:25:57 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Agnitum
[2012.03.28 17:40:59 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Amazon
[2010.12.28 01:10:15 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Armagetron
[2011.12.09 10:36:04 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ASCOMP Software
[2011.12.22 11:43:46 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Ashampoo
[2010.12.25 20:55:24 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Azureus
[2010.12.25 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\BitTorrent
[2012.09.18 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\BOM
[2010.08.09 00:23:55 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Canneverbe Limited
[2009.05.20 22:27:00 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Ciclo
[2011.12.22 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2007.05.12 16:32:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\concept design
[2008.06.18 10:37:17 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Crossword Compiler Deutsch 8
[2011.12.25 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\DAEMON Tools Lite
[2010.12.09 10:00:07 | 000,000,000 | RHSD | M] -- C:\Users\Arian\AppData\Roaming\dll
[2008.08.30 11:01:53 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\DNA
[2011.05.04 14:58:14 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Downloaded Installations
[2008.05.01 17:32:15 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\drms
[2012.10.17 17:00:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Dropbox
[2010.04.28 10:28:39 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.02 17:57:31 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Dyyzy
[2009.04.11 08:28:17 | 000,000,000 | -HSD | M] -- C:\Users\Arian\AppData\Roaming\E80161
[2012.10.22 18:54:27 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Eguc
[2012.10.09 19:51:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\EndNote
[2011.08.06 17:11:55 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\GHISLER
[2010.06.28 09:47:52 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\GlarySoft
[2008.01.26 23:44:11 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\gtk-2.0
[2012.10.22 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Gybaz
[2010.02.08 10:20:53 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ICQ
[2007.04.12 20:06:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ICQLite
[2009.11.20 16:22:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\ImgBurn
[2011.12.25 12:05:54 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Leadertech
[2011.10.01 15:04:08 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Lexmark Productivity Studio
[2007.08.10 20:02:19 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\LimeWire
[2011.12.14 19:04:12 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\LowRateVoip
[2011.08.28 19:26:03 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\mkvtoolnix
[2011.05.04 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Nitro PDF
[2007.09.20 20:05:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\PeerNetworking
[2012.10.15 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Qalium
[2012.10.15 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Qiyq
[2012.10.16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Rouvez
[2011.03.19 23:23:54 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Rovio
[2011.09.05 11:58:20 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\SanDisk
[2011.05.15 22:49:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Simfy
[2011.03.19 11:50:46 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Similarity
[2007.04.29 11:29:24 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\SlySoft
[2010.08.12 18:26:12 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Sports Interactive
[2012.10.23 20:22:42 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Spotify
[2010.03.11 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Tacx
[2012.09.24 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TechSmith
[2012.07.17 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Teleca
[2007.04.26 17:31:15 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Template
[2012.07.17 17:02:40 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TerraTec
[2010.03.25 10:29:40 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TheFixerUpper
[2010.06.30 10:35:02 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Thunderbird
[2007.09.14 21:50:18 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TomTom
[2010.08.11 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TS3Client
[2007.04.22 10:57:53 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\TuneUp Software
[2012.10.15 20:40:33 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Ubma
[2011.11.18 22:20:13 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Unity
[2008.01.26 23:38:42 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Vso
[2011.02.14 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Windows Live Writer
[2011.08.28 19:55:25 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\XMedia Recode
[2010.03.25 16:49:30 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\XWindows Dock
[2010.01.23 15:20:45 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\YCanPDF
[2011.12.29 12:00:17 | 000,000,000 | ---D | M] -- C:\Users\Arian\AppData\Roaming\Zavy
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Meine Projekte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Hercules webcam:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Eigene Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C39E55C5

< End of report >
         
--- --- ---

Geändert von Horstmann (25.10.2012 um 15:17 Uhr)

Alt 25.10.2012, 15:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Code:
ATTFilter
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2617123096-2108651821-2447131207-1000\$a0b26d9b9a24ea4ea452b72e1356577e\n.
         
Du hast ZeroAccess an Bord. Bitte ein Log mit CF machen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________

__________________

Alt 25.10.2012, 16:07   #3
Horstmann
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Hallo Cosinus,
ersteinmal vielen Dank für die schnelle Antwort und die Hilfe. Hier die Logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-25.01 - Arian 25.10.2012  16:32:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1071 [GMT 2:00]
ausgeführt von:: c:\users\Arian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Outpost Security Suite Pro *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
FW: Outpost Security Suite Pro *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Outpost Security Suite Pro *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\INSTALL.LOG
c:\users\Arian\AppData\Roaming\dll
c:\users\Arian\AppData\Roaming\init.dll
c:\users\Arian\AppData\Roaming\inst.exe
c:\users\Arian\AppData\Roaming\msconfig.dat
c:\users\Arian\AppData\Roaming\msconfig.ini
c:\users\Arian\AppData\Roaming\Qiyq
c:\users\Arian\AppData\Roaming\Qiyq\beci.exe
c:\users\Arian\AppData\Roaming\sound.dll
c:\users\Arian\AppData\Roaming\SYSTEM32.dll
c:\users\Arian\g2mdlhlpx.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\~GLH0014.TMP
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
G:\Setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-25 bis 2012-10-25  ))))))))))))))))))))))))))))))
.
.
2012-10-25 14:54 . 2012-10-25 14:56	--------	d-----w-	c:\users\Arian\AppData\Local\temp
2012-10-25 14:54 . 2012-10-25 14:54	--------	d-----w-	c:\users\SVEN~2.FIE\AppData\Local\temp
2012-10-25 14:54 . 2012-10-25 14:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-16 19:44 . 2012-10-16 19:44	--------	d-----w-	c:\users\Arian\AppData\Roaming\Malwarebytes
2012-10-16 19:42 . 2012-10-16 19:42	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-16 19:42 . 2012-09-29 17:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-16 19:42 . 2012-10-23 17:59	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-10-16 19:01 . 2012-10-16 19:01	--------	d-----w-	c:\users\Arian\AppData\Local\CrashDumps
2012-10-16 18:10 . 2012-10-16 18:10	--------	d-----w-	c:\users\Arian\AppData\Roaming\Rouvez
2012-10-16 18:10 . 2012-10-22 17:02	--------	d-----w-	c:\users\Arian\AppData\Roaming\Gybaz
2012-10-16 18:10 . 2012-10-22 16:54	--------	d-----w-	c:\users\Arian\AppData\Roaming\Eguc
2012-10-15 18:40 . 2012-10-15 18:40	--------	d-----w-	c:\users\Arian\AppData\Roaming\Ubma
2012-10-15 18:40 . 2012-10-15 18:40	--------	d-----w-	c:\users\Arian\AppData\Roaming\Qalium
2012-10-11 13:14 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-11 13:14 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-11 13:14 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-11 13:14 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-11 13:14 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-11 13:13 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-11 13:13 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-09-27 16:06 . 2012-09-27 16:06	--------	d-----w-	c:\users\Arian\AppData\Roaming\Avira
2012-09-27 15:51 . 2012-09-24 07:58	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-09-27 15:51 . 2012-09-13 08:58	134184	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-09-27 15:51 . 2012-09-13 08:58	83792	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-09-27 15:51 . 2012-09-27 15:51	--------	d-----w-	c:\programdata\Avira
2012-09-27 15:51 . 2012-09-27 15:51	--------	d-----w-	c:\program files\Avira
2012-09-25 20:30 . 2012-09-25 20:30	--------	d-----w-	c:\programdata\DVD Shrink
2012-09-25 20:30 . 2012-09-25 20:30	--------	d-----w-	c:\program files\DVD Shrink DE
2012-09-25 20:06 . 2012-09-25 20:06	--------	d-----w-	c:\program files\Common Files\TechSmith Shared
2012-09-25 20:06 . 2012-09-25 20:06	--------	d-----w-	c:\program files\TechSmith
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 10:27 . 2012-04-09 09:00	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-12 10:27 . 2011-05-16 10:10	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 08:17 . 2012-09-25 11:05	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDBDF63C-A98C-4B67-9864-A66B56BBCCCD}\mpengine.dll
2012-08-24 06:59 . 2012-09-22 10:11	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 10:11	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 10:10	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 10:11	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 10:11	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 10:11	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-21 11:01 . 2012-09-18 18:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2009-09-10 21:14	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-08-07 07:40 . 2012-08-07 07:40	231424	----a-w-	c:\windows\system32\tsc2_codec32.dll
2009-05-01 21:02 . 2012-10-12 14:07	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2012-10-12 14:07	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-10-12 14:07 . 2012-10-12 14:07	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-07-13 20:22	287872	----a-w-	c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Spotify Web Helper"="c:\users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-23 1193176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-14 68856]
"TomTom"="c:\users\Arian\AppData\Roaming\E80161\E80161.exe" [2009-04-11 92160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-12 303104]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-08-10 3138632]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2012-08-08 70656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0SsiEfr.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^p6_19_erinnerung.lnk]
backup=c:\windows\pss\p6_19_erinnerung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase6_Erinnerung.lnk]
backup=c:\windows\pss\phase6_Erinnerung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetPumper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-15 09:55	136472	----a-w-	c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-15 11:29	906968	----a-w-	c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51	35768	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-11-17 21:13	17920	----a-w-	c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55	55824	----a-w-	c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nike+ Connect]
2012-08-08 19:04	70656	----a-w-	c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2011-09-05 09:58	79872	----a-w-	c:\users\Arian\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-14 14:15	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-15 11:27	1352584	----a-w-	c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 acedrv01;acedrv01;c:\windows\system32\drivers\acedrv01.sys [x]
S2 acedrv02;acedrv02;c:\windows\system32\drivers\acedrv02.sys [x]
S2 acedrv03;acedrv03;c:\windows\system32\drivers\acedrv03.sys [x]
S2 acedrv04;acedrv04;c:\windows\system32\drivers\acedrv04.sys [x]
S2 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - fxldypow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 10:27]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 20:31]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 20:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de&amp;ie=UTF-8
uInternet Settings,ProxyOverride = *.local localhost localhost localhost localhost localhost;*.local localhost;*.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Arian\AppData\Roaming\Mozilla\Firefox\Profiles\3zzhvudk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2012-09-02 20:03; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Arian\AppData\Roaming\Mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: !HIDDEN! 2007-04-22 14:44; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2009-07-05 00:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)
HKCU-Run-Remote Control Editor - c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
HKCU-Run-Xileobmyw - c:\users\Arian\AppData\Roaming\Gybaz\dulik.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-mRouterConfig - c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
MSConfigStartUp-Remote Control Editor - c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-25 16:56
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2617123096-2108651821-2447131207-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,48,ff,e8,bf,ef,28,69,cb,5d,1e,92,11,d8,4f,a3,4f,fe,7e,8c,3c,
   df,b9,13,69,53,0d,ff,f2,46,fc,cc,1e,35,f5,06,66,61,b1,b0,22,18,39,57,2d,47,\
"rkeysecu"=hex:5a,bd,20,c1,2b,f7,a8,c6,88,df,33,9c,e7,64,07,3f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{294b689e-f136-4107-a481-4d9131633067}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2c4c750b-fd49-42d1-9920-6ecc3333069c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:15000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3532d115-b517-4df5-9124-b48af07f3135}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:15000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a05ba2b6-9130-44de-977b-09ae3ee87fcf}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a33c83ec-42c0-475c-b5f5-a3ee94a74569}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{baf018cd-c243-4e7b-b0dc-380877bb67ca}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0019b9
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c16056d0-d12e-4856-8b23-01b144b2e453}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001372
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ddc2bfa1-eccc-4499-9ce7-237580558d16}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f00ed8b3-c96d-49b1-8e48-cca13ba1d7ae}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a0019d2
"Dhcpv6State"=dword:00000000
"Dhcpv6InterfaceOptions"=hex:02,00,00,00,00,00,00,00,0e,00,00,00,00,00,00,00,
   ff,ff,ff,7f,00,01,00,01,0d,d5,73,bd,00,16,e3,cf,3b,42,00,00,17,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\progra~1\agnitum\outpos~1\wl_hook.dll
.
- - - - - - - > 'lsass.exe'(840)
c:\progra~1\agnitum\outpos~1\wl_hook.dll
c:\windows\system32\relog_ap.dll
.
Zeit der Fertigstellung: 2012-10-25  17:03:41
ComboFix-quarantined-files.txt  2012-10-25 15:03
.
Vor Suchlauf: 7.275.020.288 Bytes frei
Nach Suchlauf: 7.261.376.512 Bytes frei
.
- - End Of File - - C6ACADFED567141162E7A0EF650DBCAD
         
--- --- ---
__________________

Alt 25.10.2012, 19:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Folder::
c:\users\Arian\AppData\Roaming\Rouvez
c:\users\Arian\AppData\Roaming\Gybaz
c:\users\Arian\AppData\Roaming\Eguc
c:\users\Arian\AppData\Roaming\Ubma
c:\users\Arian\AppData\Roaming\Qalium
C:\Users\Arian\AppData\Roaming\E80161
C:\$Recycle.Bin\S-1-5-21-2617123096-2108651821-2447131207-1000\$a0b26d9b9a24ea4ea452b72e1356577e

Registry::
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
""=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTom"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
  00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.10.2012, 08:35   #5
Horstmann
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Hallo Cosinus,
vielen Dank für deine Zeit und Mühe. Nachfolgend die Log Datei, die ich nach deiner Anleitung erstellt habe:
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-25.02 - Arian 26.10.2012   9:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1078 [GMT 2:00]
ausgeführt von:: c:\users\Arian\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Arian\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Outpost Security Suite Pro *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
FW: Outpost Security Suite Pro *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Outpost Security Suite Pro *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Arian\AppData\Roaming\E80161
c:\users\Arian\AppData\Roaming\E80161\E80161.exe
c:\users\Arian\AppData\Roaming\Eguc
c:\users\Arian\AppData\Roaming\Eguc\uteb.tmp
c:\users\Arian\AppData\Roaming\Eguc\uteb.zyu
c:\users\Arian\AppData\Roaming\Gybaz
c:\users\Arian\AppData\Roaming\Qalium
c:\users\Arian\AppData\Roaming\Qalium\fezu.oho
c:\users\Arian\AppData\Roaming\Qalium\fezu.tmp
c:\users\Arian\AppData\Roaming\Rouvez
c:\users\Arian\AppData\Roaming\Rouvez\ofder.zue
c:\users\Arian\AppData\Roaming\Ubma
c:\users\Arian\AppData\Roaming\Ubma\yzgy.exd
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-26 bis 2012-10-26  ))))))))))))))))))))))))))))))
.
.
2012-10-26 07:25 . 2012-10-26 07:26	--------	d-----w-	c:\users\Arian\AppData\Local\temp
2012-10-26 07:25 . 2012-10-26 07:25	--------	d-----w-	c:\users\SVEN~2.FIE\AppData\Local\temp
2012-10-26 07:25 . 2012-10-26 07:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-16 19:44 . 2012-10-16 19:44	--------	d-----w-	c:\users\Arian\AppData\Roaming\Malwarebytes
2012-10-16 19:42 . 2012-10-16 19:42	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-16 19:42 . 2012-09-29 17:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-16 19:42 . 2012-10-23 17:59	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-10-16 19:01 . 2012-10-16 19:01	--------	d-----w-	c:\users\Arian\AppData\Local\CrashDumps
2012-10-11 13:14 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-11 13:14 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-11 13:14 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-11 13:14 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-11 13:14 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-11 13:13 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-11 13:13 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-09-27 16:06 . 2012-09-27 16:06	--------	d-----w-	c:\users\Arian\AppData\Roaming\Avira
2012-09-27 15:51 . 2012-09-24 07:58	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-09-27 15:51 . 2012-09-13 08:58	134184	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-09-27 15:51 . 2012-09-13 08:58	83792	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-09-27 15:51 . 2012-09-27 15:51	--------	d-----w-	c:\programdata\Avira
2012-09-27 15:51 . 2012-09-27 15:51	--------	d-----w-	c:\program files\Avira
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 10:27 . 2012-04-09 09:00	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-12 10:27 . 2011-05-16 10:10	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 08:17 . 2012-09-25 11:05	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDBDF63C-A98C-4B67-9864-A66B56BBCCCD}\mpengine.dll
2012-08-24 06:59 . 2012-09-22 10:11	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 10:11	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 10:10	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 10:11	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 10:11	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 10:11	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-21 11:01 . 2012-09-18 18:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2009-09-10 21:14	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-08-07 07:40 . 2012-08-07 07:40	231424	----a-w-	c:\windows\system32\tsc2_codec32.dll
2009-05-01 21:02 . 2012-10-12 14:07	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2012-10-12 14:07	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-10-12 14:07 . 2012-10-12 14:07	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Arian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-07-13 20:22	287872	----a-w-	c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Spotify Web Helper"="c:\users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-23 1193176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-14 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-12 303104]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-08-10 3138632]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2012-08-08 70656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	a\0u\0t\0o\0c\0h\0e\0c\0k\0 \0a\0u\0t\0o\0c\0h\0k\0 \0*\0\0\0
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^p6_19_erinnerung.lnk]
backup=c:\windows\pss\p6_19_erinnerung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase6_Erinnerung.lnk]
backup=c:\windows\pss\phase6_Erinnerung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-15 09:55	136472	----a-w-	c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-15 11:29	906968	----a-w-	c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51	35768	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-11-17 21:13	17920	----a-w-	c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55	55824	----a-w-	c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nike+ Connect]
2012-08-08 19:04	70656	----a-w-	c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2011-09-05 09:58	79872	----a-w-	c:\users\Arian\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-14 14:15	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-15 11:27	1352584	----a-w-	c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 acedrv01;acedrv01;c:\windows\system32\drivers\acedrv01.sys [x]
S2 acedrv02;acedrv02;c:\windows\system32\drivers\acedrv02.sys [x]
S2 acedrv03;acedrv03;c:\windows\system32\drivers\acedrv03.sys [x]
S2 acedrv04;acedrv04;c:\windows\system32\drivers\acedrv04.sys [x]
S2 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 10:27]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 20:31]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 20:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de&amp;ie=UTF-8
uInternet Settings,ProxyOverride = *.local localhost localhost localhost localhost localhost;*.local localhost;*.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Arian\AppData\Roaming\Mozilla\Firefox\Profiles\3zzhvudk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2012-09-02 20:03; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Arian\AppData\Roaming\Mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: !HIDDEN! 2007-04-22 14:44; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2009-07-05 00:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-10-26 09:26
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2617123096-2108651821-2447131207-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,48,ff,e8,bf,ef,28,69,cb,5d,1e,92,11,d8,4f,a3,4f,fe,7e,8c,3c,
   df,b9,13,69,53,0d,ff,f2,46,fc,cc,1e,35,f5,06,66,61,b1,b0,22,18,39,57,2d,47,\
"rkeysecu"=hex:5a,bd,20,c1,2b,f7,a8,c6,88,df,33,9c,e7,64,07,3f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\relog_ap.dll
.
Zeit der Fertigstellung: 2012-10-26  09:31:39
ComboFix-quarantined-files.txt  2012-10-26 07:31
ComboFix2.txt  2012-10-25 15:03
.
Vor Suchlauf: 6.841.143.296 Bytes frei
Nach Suchlauf: 7.778.701.312 Bytes frei
.
- - End Of File - - D2EF88AC487D9770281053C1A476C480
         
--- --- ---


Alt 26.10.2012, 13:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Code:
ATTFilter
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Outpost Security Suite Pro *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
         
Beides gleichzeitig geht nicht. Deinstallieren einen der beiden. Ich würde Outpost kicken.
__________________
--> GVU Trojaner 2.07 auf Windows Vista

Alt 26.10.2012, 13:33   #7
Horstmann
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



hallo,
hab outpost gekickt. soll ich jetzt nochmal die logfile neu erstellen?
vielen dank!!!

Alt 26.10.2012, 13:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.10.2012, 14:02   #9
Horstmann
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Hallo,
hab alles so gemacht wie du gesagt hast.Anbei poste ich jetzt den Report des Tools:
Vielen Dank!!!

14:56:48.0463 2276 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:56:48.0917 2276 ============================================================
14:56:48.0917 2276 Current date / time: 2012/10/26 14:56:48.0917
14:56:48.0917 2276 SystemInfo:
14:56:48.0917 2276
14:56:48.0918 2276 OS Version: 6.0.6002 ServicePack: 2.0
14:56:48.0918 2276 Product type: Workstation
14:56:48.0918 2276 ComputerName: VW
14:56:48.0918 2276 UserName: Arian
14:56:48.0918 2276 Windows directory: C:\Windows
14:56:48.0918 2276 System windows directory: C:\Windows
14:56:48.0918 2276 Processor architecture: Intel x86
14:56:48.0918 2276 Number of processors: 2
14:56:48.0918 2276 Page size: 0x1000
14:56:48.0918 2276 Boot type: Normal boot
14:56:48.0918 2276 ============================================================
14:56:53.0274 2276 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:56:53.0311 2276 ============================================================
14:56:53.0311 2276 \Device\Harddisk0\DR0:
14:56:53.0521 2276 MBR partitions:
14:56:53.0521 2276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000
14:56:53.0521 2276 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0xFE69800
14:56:53.0549 2276 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x112943C1, BlocksNum 0x178083F
14:56:53.0549 2276 ============================================================
14:56:53.0751 2276 C: <-> \Device\Harddisk0\DR0\Partition2
14:56:53.0886 2276 D: <-> \Device\Harddisk0\DR0\Partition1
14:56:54.0224 2276 G: <-> \Device\Harddisk0\DR0\Partition3
14:56:54.0225 2276 ============================================================
14:56:54.0225 2276 Initialize success
14:56:54.0225 2276 ============================================================
14:58:22.0792 2560 ============================================================
14:58:22.0792 2560 Scan started
14:58:22.0792 2560 Mode: Manual; SigCheck; TDLFS;
14:58:22.0792 2560 ============================================================
14:58:27.0786 2560 ================ Scan system memory ========================
14:58:27.0786 2560 System memory - ok
14:58:27.0788 2560 ================ Scan services =============================
14:58:30.0283 2560 [ 9AD3AC19F5A9968DB4297C4319D7CDDB ] acedrv01 C:\Windows\system32\drivers\acedrv01.sys
14:58:30.0478 2560 acedrv01 ( UnsignedFile.Multi.Generic ) - warning
14:58:30.0478 2560 acedrv01 - detected UnsignedFile.Multi.Generic (1)
14:58:30.0568 2560 [ E00A398C09A6515769A4BC39E91064EB ] acedrv02 C:\Windows\system32\drivers\acedrv02.sys
14:58:30.0705 2560 acedrv02 ( UnsignedFile.Multi.Generic ) - warning
14:58:30.0705 2560 acedrv02 - detected UnsignedFile.Multi.Generic (1)
14:58:30.0724 2560 [ 903DE75450A5CC4B26C3D33E3A64FC58 ] acedrv03 C:\Windows\system32\drivers\acedrv03.sys
14:58:30.0784 2560 acedrv03 ( UnsignedFile.Multi.Generic ) - warning
14:58:30.0784 2560 acedrv03 - detected UnsignedFile.Multi.Generic (1)
14:58:30.0792 2560 [ 2D838D7CE9B7CDAFDEC7ED43CC99FA1E ] acedrv04 C:\Windows\system32\drivers\acedrv04.sys
14:58:30.0883 2560 acedrv04 ( UnsignedFile.Multi.Generic ) - warning
14:58:30.0884 2560 acedrv04 - detected UnsignedFile.Multi.Generic (1)
14:58:30.0918 2560 [ 0A1E97197609F92D2425B67DA0BB0A7F ] acedrv05 C:\Windows\system32\drivers\acedrv05.sys
14:58:30.0951 2560 acedrv05 ( UnsignedFile.Multi.Generic ) - warning
14:58:30.0951 2560 acedrv05 - detected UnsignedFile.Multi.Generic (1)
14:58:30.0981 2560 [ 44010948BDE6ADE50DD1386657C73E83 ] acedrv06 C:\Windows\system32\drivers\acedrv06.sys
14:58:31.0059 2560 acedrv06 ( UnsignedFile.Multi.Generic ) - warning
14:58:31.0059 2560 acedrv06 - detected UnsignedFile.Multi.Generic (1)
14:58:31.0136 2560 [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] acedrv07 C:\Windows\system32\drivers\acedrv07.sys
14:58:31.0235 2560 acedrv07 ( UnsignedFile.Multi.Generic ) - warning
14:58:31.0235 2560 acedrv07 - detected UnsignedFile.Multi.Generic (1)
14:58:31.0496 2560 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:58:31.0564 2560 ACPI - ok
14:58:33.0031 2560 [ 24A72A954F5686C522E18F7E70A59BCE ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
14:58:33.0249 2560 AcrSch2Svc - ok
14:58:33.0486 2560 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:58:33.0548 2560 AdobeARMservice - ok
14:58:33.0934 2560 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:58:34.0007 2560 AdobeFlashPlayerUpdateSvc - ok
14:58:34.0150 2560 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:58:34.0201 2560 adp94xx - ok
14:58:34.0262 2560 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:58:34.0330 2560 adpahci - ok
14:58:34.0392 2560 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:58:34.0408 2560 adpu160m - ok
14:58:34.0422 2560 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:58:34.0440 2560 adpu320 - ok
14:58:34.0638 2560 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:58:34.0813 2560 AeLookupSvc - ok
14:58:34.0962 2560 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:58:35.0093 2560 AFD - ok
14:58:35.0221 2560 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:58:35.0287 2560 agp440 - ok
14:58:35.0342 2560 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:58:35.0357 2560 aic78xx - ok
14:58:35.0465 2560 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:58:35.0670 2560 ALG - ok
14:58:35.0719 2560 [ 3A99CB23A2D326FD532618705D6E3048 ] aliide C:\Windows\system32\drivers\aliide.sys
14:58:35.0780 2560 aliide - ok
14:58:35.0858 2560 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:58:35.0872 2560 amdagp - ok
14:58:35.0903 2560 [ 4333C133DBD71C7D7FE4FB1B83F9EE3E ] amdide C:\Windows\system32\drivers\amdide.sys
14:58:35.0917 2560 amdide - ok
14:58:36.0016 2560 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:58:36.0268 2560 AmdK7 - ok
14:58:36.0305 2560 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:58:36.0435 2560 AmdK8 - ok
14:58:36.0892 2560 [ 98A8B7D168D035FEFDEFA18F759115F6 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:58:36.0960 2560 AntiVirSchedulerService - ok
14:58:37.0045 2560 [ AAACAE485AE81D0A449FBC754880C791 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:58:37.0104 2560 AntiVirService - ok
14:58:37.0194 2560 [ 64F24088DBB1D68EE9963F66F8EB68CF ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
14:58:37.0259 2560 AnyDVD - ok
14:58:37.0437 2560 [ 29C537D74694DE38B07B8D0C37BC25C5 ] APL531 C:\Windows\system32\Drivers\HDvid.sys
14:58:37.0579 2560 APL531 ( UnsignedFile.Multi.Generic ) - warning
14:58:37.0579 2560 APL531 - detected UnsignedFile.Multi.Generic (1)
14:58:37.0679 2560 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:58:37.0797 2560 Appinfo - ok
14:58:38.0196 2560 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:58:38.0252 2560 Apple Mobile Device - ok
14:58:38.0426 2560 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
14:58:38.0441 2560 arc - ok
14:58:38.0668 2560 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:58:38.0735 2560 arcsas - ok
14:58:38.0900 2560 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:58:38.0990 2560 AsyncMac - ok
14:58:39.0063 2560 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:58:39.0078 2560 atapi - ok
14:58:39.0193 2560 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:58:39.0289 2560 AudioEndpointBuilder - ok
14:58:39.0297 2560 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:58:39.0325 2560 Audiosrv - ok
14:58:39.0404 2560 [ 583B68234A159BA64090F3CAE7360F03 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:58:39.0467 2560 avgntflt - ok
14:58:39.0552 2560 [ C499333D8915597FE415F0058EFFD7D2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:58:39.0569 2560 avipbb - ok
14:58:39.0678 2560 [ 52EC5F852B42136C513B9009A3C27891 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:58:39.0743 2560 avkmgr - ok
14:58:39.0907 2560 [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
14:58:40.0025 2560 bcm4sbxp - ok
14:58:40.0163 2560 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:58:40.0272 2560 Beep - ok
14:58:40.0387 2560 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
14:58:40.0524 2560 BFE - ok
14:58:40.0917 2560 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
14:58:41.0167 2560 BITS - ok
14:58:41.0173 2560 blbdrive - ok
14:58:41.0520 2560 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:58:41.0837 2560 Bonjour Service - ok
14:58:41.0963 2560 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:58:42.0035 2560 bowser - ok
14:58:42.0262 2560 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:58:42.0295 2560 BrFiltLo - ok
14:58:42.0318 2560 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:58:42.0364 2560 BrFiltUp - ok
14:58:42.0488 2560 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:58:42.0612 2560 Browser - ok
14:58:42.0725 2560 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:58:42.0873 2560 Brserid - ok
14:58:42.0964 2560 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:58:43.0060 2560 BrSerWdm - ok
14:58:43.0194 2560 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:58:43.0309 2560 BrUsbMdm - ok
14:58:43.0346 2560 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:58:43.0471 2560 BrUsbSer - ok
14:58:43.0551 2560 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:58:43.0641 2560 BTHMODEM - ok
14:58:43.0776 2560 [ E156C353FCBC05DB5DEE57BE0592F2D4 ] camfilt C:\Windows\system32\Drivers\camfilt.sys
14:58:43.0930 2560 camfilt ( UnsignedFile.Multi.Generic ) - warning
14:58:43.0930 2560 camfilt - detected UnsignedFile.Multi.Generic (1)
14:58:44.0574 2560 catchme - ok
14:58:44.0701 2560 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:58:44.0805 2560 cdfs - ok
14:58:44.0917 2560 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:58:45.0007 2560 cdrom - ok
14:58:45.0105 2560 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:58:45.0217 2560 CertPropSvc - ok
14:58:45.0333 2560 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
14:58:45.0425 2560 circlass - ok
14:58:45.0500 2560 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:58:45.0562 2560 CLFS - ok
14:58:46.0167 2560 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:58:46.0232 2560 clr_optimization_v2.0.50727_32 - ok
14:58:46.0937 2560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:58:47.0167 2560 clr_optimization_v4.0.30319_32 - ok
14:58:47.0246 2560 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:58:47.0332 2560 CmBatt - ok
14:58:47.0446 2560 [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:58:47.0501 2560 cmdide - ok
14:58:47.0562 2560 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:58:47.0624 2560 Compbatt - ok
14:58:47.0630 2560 COMSysApp - ok
14:58:47.0677 2560 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:58:47.0741 2560 crcdisk - ok
14:58:47.0797 2560 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:58:47.0909 2560 Crusoe - ok
14:58:47.0990 2560 Crypkey License - ok
14:58:48.0067 2560 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:58:48.0179 2560 CryptSvc - ok
14:58:48.0291 2560 [ 310C5EC0B4278211089F0A5E915D025F ] cvintdrv C:\Windows\system32\drivers\cvintdrv.sys
14:58:48.0373 2560 cvintdrv ( UnsignedFile.Multi.Generic ) - warning
14:58:48.0373 2560 cvintdrv - detected UnsignedFile.Multi.Generic (1)
14:58:48.0801 2560 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:58:48.0989 2560 DcomLaunch - ok
14:58:49.0082 2560 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:58:49.0161 2560 DfsC - ok
14:58:50.0078 2560 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:58:50.0347 2560 DFSR - ok
14:58:50.0488 2560 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:58:50.0544 2560 Dhcp - ok
14:58:50.0652 2560 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:58:50.0675 2560 disk - ok
14:58:50.0783 2560 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:58:50.0859 2560 Dnscache - ok
14:58:50.0982 2560 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:58:51.0047 2560 dot3svc - ok
14:58:51.0159 2560 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:58:51.0191 2560 DPS - ok
14:58:51.0304 2560 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:58:51.0360 2560 drmkaud - ok
14:58:51.0526 2560 [ 01D5B95D0A12A916BBDC258629113258 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
14:58:51.0570 2560 DSBrokerService ( UnsignedFile.Multi.Generic ) - warning
14:58:51.0570 2560 DSBrokerService - detected UnsignedFile.Multi.Generic (1)
14:58:51.0679 2560 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
14:58:51.0790 2560 DSproct ( UnsignedFile.Multi.Generic ) - warning
14:58:51.0790 2560 DSproct - detected UnsignedFile.Multi.Generic (1)
14:58:51.0868 2560 [ 64FA28C15DD71A80BEF3527E1EF07DF6 ] dsunidrv C:\Program Files\DellSupport\Drivers\dsunidrv.sys
14:58:51.0915 2560 dsunidrv ( UnsignedFile.Multi.Generic ) - warning
14:58:51.0915 2560 dsunidrv - detected UnsignedFile.Multi.Generic (1)
14:58:52.0115 2560 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:58:52.0161 2560 DXGKrnl - ok
14:58:52.0394 2560 [ 7505290504C8E2D172FA378CC0497BCC ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
14:58:52.0482 2560 e1express - ok
14:58:52.0602 2560 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:58:52.0658 2560 E1G60 - ok
14:58:52.0782 2560 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:58:52.0846 2560 EapHost - ok
14:58:53.0032 2560 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:58:53.0052 2560 Ecache - ok
14:58:53.0219 2560 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:58:53.0311 2560 ehRecvr - ok
14:58:53.0344 2560 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
14:58:53.0635 2560 ehSched - ok
14:58:53.0650 2560 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
14:58:53.0693 2560 ehstart - ok
14:58:53.0785 2560 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
14:58:53.0864 2560 ElbyCDIO - ok
14:58:54.0126 2560 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:58:54.0196 2560 elxstor - ok
14:58:54.0579 2560 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:58:54.0706 2560 EMDMgmt - ok
14:58:54.0862 2560 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:58:54.0918 2560 EventSystem - ok
14:58:55.0081 2560 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:58:55.0217 2560 exfat - ok
14:58:55.0377 2560 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:58:55.0491 2560 fastfat - ok
14:58:55.0602 2560 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:58:55.0678 2560 fdc - ok
14:58:55.0794 2560 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:58:55.0874 2560 fdPHost - ok
14:58:55.0925 2560 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:58:55.0994 2560 FDResPub - ok
14:58:56.0109 2560 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:58:56.0135 2560 FileInfo - ok
14:58:56.0166 2560 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:58:56.0223 2560 Filetrace - ok
14:58:56.0272 2560 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:58:56.0350 2560 flpydisk - ok
14:58:56.0469 2560 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:58:56.0489 2560 FltMgr - ok
14:58:56.0662 2560 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
14:58:56.0792 2560 FontCache - ok
14:58:56.0905 2560 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:58:56.0919 2560 FontCache3.0.0.0 - ok
14:58:57.0023 2560 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:58:57.0125 2560 Fs_Rec - ok
14:58:57.0261 2560 [ 7C17235845D5AE3FB33EAD47B5881521 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
14:58:57.0274 2560 FTDIBUS - ok
14:58:57.0302 2560 [ 23220A4709CC5785F9633BA71416145C ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
14:58:57.0314 2560 FTSER2K - ok
14:58:57.0345 2560 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:58:57.0360 2560 gagp30kx - ok
14:58:57.0467 2560 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:58:57.0493 2560 GEARAspiWDM - ok
14:58:57.0613 2560 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:58:57.0722 2560 gpsvc - ok
14:58:58.0042 2560 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b1767bde6700 C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:58.0055 2560 gupdate1c9b1767bde6700 - ok
14:58:58.0108 2560 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:58.0121 2560 gupdatem - ok
14:58:58.0268 2560 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:58:58.0281 2560 gusvc - ok
14:58:58.0407 2560 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
14:58:58.0439 2560 hamachi - ok
14:58:58.0514 2560 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:58:58.0626 2560 HdAudAddService - ok
14:58:58.0895 2560 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:58:59.0013 2560 HDAudBus - ok
14:58:59.0072 2560 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:58:59.0194 2560 HidBth - ok
14:58:59.0211 2560 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:58:59.0306 2560 HidIr - ok
14:58:59.0434 2560 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
14:58:59.0496 2560 hidserv - ok
14:58:59.0675 2560 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:58:59.0751 2560 HidUsb - ok
14:58:59.0828 2560 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:58:59.0896 2560 hkmsvc - ok
14:58:59.0951 2560 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:58:59.0971 2560 HpCISSs - ok
14:59:00.0494 2560 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:59:00.0614 2560 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:59:00.0614 2560 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:59:00.0949 2560 [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:59:01.0124 2560 HSF_DPV - ok
14:59:01.0189 2560 [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:59:01.0264 2560 HSXHWAZL - ok
14:59:01.0455 2560 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:59:01.0555 2560 HTTP - ok
14:59:01.0633 2560 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:59:01.0667 2560 i2omp - ok
14:59:01.0799 2560 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:59:02.0013 2560 i8042prt - ok
14:59:02.0073 2560 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:59:02.0109 2560 iaStorV - ok
14:59:02.0356 2560 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:59:02.0399 2560 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:59:02.0399 2560 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:59:02.0648 2560 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:59:02.0721 2560 idsvc - ok
14:59:02.0737 2560 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:59:02.0751 2560 iirsp - ok
14:59:02.0963 2560 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:59:03.0058 2560 IKEEXT - ok
14:59:03.0158 2560 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
14:59:03.0173 2560 intelide - ok
14:59:03.0271 2560 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:59:03.0299 2560 intelppm - ok
14:59:03.0399 2560 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:59:03.0454 2560 IPBusEnum - ok
14:59:03.0479 2560 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:59:03.0517 2560 IpFilterDriver - ok
14:59:03.0610 2560 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:59:03.0688 2560 iphlpsvc - ok
14:59:03.0694 2560 IpInIp - ok
14:59:03.0729 2560 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:59:03.0787 2560 IPMIDRV - ok
14:59:03.0887 2560 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:59:03.0956 2560 IPNAT - ok
14:59:04.0183 2560 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:59:04.0229 2560 iPod Service - ok
14:59:04.0331 2560 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:59:04.0414 2560 IRENUM - ok
14:59:04.0480 2560 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:59:04.0497 2560 isapnp - ok
14:59:04.0637 2560 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:59:04.0655 2560 iScsiPrt - ok
14:59:04.0675 2560 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:59:04.0698 2560 iteatapi - ok
14:59:04.0805 2560 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:59:04.0863 2560 iteraid - ok
14:59:04.0915 2560 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:59:04.0932 2560 kbdclass - ok
14:59:05.0026 2560 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:59:05.0081 2560 kbdhid - ok
14:59:05.0192 2560 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:59:05.0270 2560 KeyIso - ok
14:59:05.0500 2560 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:59:05.0556 2560 KSecDD - ok
14:59:05.0749 2560 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:59:05.0945 2560 KtmRm - ok
14:59:06.0025 2560 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
14:59:06.0121 2560 LanmanServer - ok
14:59:06.0229 2560 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:59:06.0336 2560 LanmanWorkstation - ok
14:59:06.0382 2560 Lbd - ok
14:59:06.0762 2560 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
14:59:06.0782 2560 LBTServ - ok
14:59:06.0914 2560 [ 70035567754BED4E6AD353CA3F175127 ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
14:59:06.0963 2560 LEqdUsb - ok
14:59:07.0050 2560 [ 32491B6BAE0AFAD1D7A62C0EF0AF4321 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
14:59:07.0073 2560 LHidEqd - ok
14:59:07.0165 2560 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:59:07.0188 2560 LHidFilt - ok
14:59:07.0273 2560 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:59:07.0352 2560 lltdio - ok
14:59:07.0403 2560 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:59:07.0461 2560 lltdsvc - ok
14:59:07.0528 2560 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:59:07.0580 2560 lmhosts - ok
14:59:07.0682 2560 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:59:07.0739 2560 LMouFilt - ok
14:59:07.0837 2560 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:59:07.0874 2560 LSI_FC - ok
14:59:07.0890 2560 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:59:07.0906 2560 LSI_SAS - ok
14:59:08.0011 2560 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:59:08.0033 2560 LSI_SCSI - ok
14:59:08.0153 2560 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:59:08.0225 2560 luafv - ok
14:59:08.0324 2560 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus.sys
14:59:08.0446 2560 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
14:59:08.0446 2560 MarvinBus - detected UnsignedFile.Multi.Generic (1)
14:59:08.0473 2560 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:59:08.0488 2560 MBAMProtector - ok
14:59:08.0643 2560 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:59:08.0772 2560 MBAMScheduler - ok
14:59:08.0994 2560 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:59:09.0126 2560 MBAMService - ok
14:59:09.0213 2560 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:59:09.0279 2560 Mcx2Svc - ok
14:59:09.0357 2560 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:59:09.0394 2560 mdmxsdk - ok
14:59:09.0489 2560 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
14:59:09.0513 2560 megasas - ok
14:59:09.0902 2560 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:59:09.0923 2560 Microsoft Office Groove Audit Service - ok
14:59:10.0019 2560 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:59:10.0086 2560 MMCSS - ok
14:59:10.0257 2560 [ D7780974883D255548A5EBB07F2D0EEC ] mod7700 C:\Windows\system32\DRIVERS\dvb7700all.sys
14:59:10.0333 2560 mod7700 - ok
14:59:10.0356 2560 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:59:10.0385 2560 Modem - ok
14:59:10.0488 2560 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:59:10.0550 2560 monitor - ok
14:59:10.0568 2560 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:59:10.0584 2560 mouclass - ok
14:59:10.0630 2560 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:59:10.0681 2560 mouhid - ok
14:59:10.0824 2560 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:59:10.0849 2560 MountMgr - ok
14:59:11.0030 2560 [ 24409A2A9F0351E208E14F609340FB25 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:59:11.0100 2560 MozillaMaintenance - ok
14:59:11.0330 2560 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
14:59:11.0404 2560 mpio - ok
14:59:11.0474 2560 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:59:11.0671 2560 mpsdrv - ok
14:59:11.0827 2560 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
14:59:11.0899 2560 MpsSvc - ok
14:59:11.0954 2560 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:59:11.0979 2560 Mraid35x - ok
14:59:12.0073 2560 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:59:12.0105 2560 MRxDAV - ok
14:59:12.0196 2560 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:59:12.0271 2560 mrxsmb - ok
14:59:12.0395 2560 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:59:12.0447 2560 mrxsmb10 - ok
14:59:12.0479 2560 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:59:12.0512 2560 mrxsmb20 - ok
14:59:12.0545 2560 [ F0EC3A4E0693A34B148723B4DA31668C ] msahci C:\Windows\system32\drivers\msahci.sys
14:59:12.0558 2560 msahci - ok
14:59:12.0573 2560 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:59:12.0589 2560 msdsm - ok
14:59:12.0699 2560 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:59:12.0780 2560 MSDTC - ok
14:59:12.0873 2560 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:59:12.0944 2560 Msfs - ok
14:59:13.0042 2560 [ 956741C67ABAA78B19AADC5474936842 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
14:59:13.0165 2560 MSHUSBVideo - ok
14:59:13.0276 2560 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:59:13.0291 2560 msisadrv - ok
14:59:13.0396 2560 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:59:13.0460 2560 MSiSCSI - ok
14:59:13.0497 2560 msiserver - ok
14:59:13.0565 2560 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:59:13.0659 2560 MSKSSRV - ok
14:59:13.0754 2560 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:59:13.0845 2560 MSPCLOCK - ok
14:59:13.0900 2560 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:59:13.0943 2560 MSPQM - ok
14:59:14.0050 2560 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:59:14.0078 2560 MsRPC - ok
14:59:14.0169 2560 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:59:14.0184 2560 mssmbios - ok
14:59:14.0266 2560 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:59:14.0331 2560 MSTEE - ok
14:59:14.0414 2560 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:59:14.0435 2560 Mup - ok
14:59:14.0555 2560 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:59:14.0640 2560 napagent - ok
14:59:14.0728 2560 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:59:14.0748 2560 NativeWifiP - ok
14:59:14.0859 2560 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:59:14.0906 2560 NDIS - ok
14:59:15.0017 2560 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:59:15.0054 2560 NdisTapi - ok
14:59:15.0151 2560 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:59:15.0192 2560 Ndisuio - ok
14:59:15.0289 2560 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:59:15.0325 2560 NdisWan - ok
14:59:15.0419 2560 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:59:15.0529 2560 NDProxy - ok
14:59:15.0612 2560 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:59:15.0673 2560 NetBIOS - ok
14:59:15.0777 2560 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:59:15.0837 2560 netbt - ok
14:59:15.0893 2560 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:59:15.0909 2560 Netlogon - ok
14:59:16.0108 2560 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:59:16.0236 2560 Netman - ok
14:59:16.0395 2560 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:59:16.0428 2560 netprofm - ok
14:59:16.0536 2560 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:59:16.0590 2560 NetTcpPortSharing - ok
14:59:17.0507 2560 [ ACC6170D80C69E50145B370023B64ED3 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
14:59:17.0778 2560 NETw3v32 - ok
14:59:18.0629 2560 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
14:59:18.0950 2560 NETw4v32 - ok
14:59:19.0061 2560 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\Windows\system32\ckldrv.sys
14:59:19.0138 2560 NetworkX ( UnsignedFile.Multi.Generic ) - warning
14:59:19.0138 2560 NetworkX - detected UnsignedFile.Multi.Generic (1)
14:59:19.0167 2560 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:59:19.0181 2560 nfrd960 - ok
14:59:19.0293 2560 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:59:19.0367 2560 NlaSvc - ok
14:59:19.0517 2560 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:59:19.0543 2560 Npfs - ok
14:59:19.0646 2560 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:59:19.0716 2560 nsi - ok
14:59:19.0768 2560 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:59:19.0835 2560 nsiproxy - ok
14:59:19.0841 2560 ntcdrdrv - ok
14:59:20.0204 2560 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:59:20.0401 2560 Ntfs - ok
14:59:20.0462 2560 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:59:20.0554 2560 ntrigdigi - ok
14:59:20.0643 2560 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:59:20.0703 2560 Null - ok
14:59:21.0563 2560 [ DC89868592D74DE404406C9420C3F277 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:59:22.0887 2560 nvlddmkm - ok
14:59:23.0248 2560 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:59:23.0264 2560 nvraid - ok
14:59:23.0350 2560 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:59:23.0365 2560 nvstor - ok
14:59:23.0389 2560 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:59:23.0405 2560 nv_agp - ok
14:59:23.0411 2560 NwlnkFlt - ok
14:59:23.0419 2560 NwlnkFwd - ok
14:59:23.0812 2560 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:59:23.0863 2560 odserv - ok
14:59:23.0967 2560 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:59:24.0023 2560 ohci1394 - ok
14:59:24.0150 2560 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:59:24.0179 2560 ose - ok
14:59:24.0301 2560 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:59:24.0448 2560 p2pimsvc - ok
14:59:24.0734 2560 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:59:24.0812 2560 p2psvc - ok
14:59:24.0932 2560 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
14:59:24.0991 2560 Parport - ok
14:59:25.0115 2560 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:59:25.0132 2560 partmgr - ok
14:59:25.0142 2560 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:59:25.0213 2560 Parvdm - ok
14:59:25.0315 2560 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:59:25.0415 2560 PcaSvc - ok
14:59:25.0549 2560 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:59:25.0599 2560 pci - ok
14:59:25.0713 2560 [ 20B869152448F80AC49CF10264E91F5E ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:59:25.0726 2560 pciide - ok
14:59:25.0752 2560 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:59:25.0770 2560 pcmcia - ok
14:59:25.0912 2560 pcouffin - ok
14:59:26.0138 2560 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:59:26.0285 2560 PEAUTH - ok
14:59:26.0482 2560 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:59:26.0692 2560 pla - ok
14:59:26.0823 2560 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:59:26.0887 2560 PlugPlay - ok
14:59:27.0076 2560 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:59:27.0136 2560 PNRPAutoReg - ok
14:59:27.0298 2560 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:59:27.0383 2560 PNRPsvc - ok
14:59:27.0501 2560 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:59:27.0618 2560 PolicyAgent - ok
14:59:27.0709 2560 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:59:27.0769 2560 PptpMiniport - ok
14:59:27.0859 2560 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
14:59:27.0962 2560 Processor - ok
14:59:28.0125 2560 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:59:28.0199 2560 ProfSvc - ok
14:59:28.0251 2560 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:59:28.0267 2560 ProtectedStorage - ok
14:59:28.0376 2560 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\system32\PSIService.exe
14:59:28.0433 2560 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
14:59:28.0433 2560 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
14:59:28.0584 2560 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:59:28.0756 2560 PSched - ok
14:59:29.0002 2560 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:59:29.0075 2560 ql2300 - ok
14:59:29.0125 2560 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:59:29.0142 2560 ql40xx - ok
14:59:29.0357 2560 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:59:29.0425 2560 QWAVE - ok
14:59:29.0506 2560 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:59:29.0532 2560 QWAVEdrv - ok
14:59:30.0088 2560 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
14:59:30.0350 2560 R300 - ok
14:59:30.0485 2560 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:59:30.0528 2560 RasAcd - ok
14:59:30.0600 2560 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:59:30.0749 2560 RasAuto - ok
14:59:30.0848 2560 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:59:30.0906 2560 Rasl2tp - ok
14:59:31.0030 2560 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:59:31.0098 2560 RasMan - ok
14:59:31.0177 2560 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:59:31.0227 2560 RasPppoe - ok
14:59:31.0312 2560 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:59:31.0378 2560 RasSstp - ok
14:59:31.0441 2560 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:59:31.0527 2560 rdbss - ok
14:59:31.0660 2560 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:59:31.0728 2560 RDPCDD - ok
14:59:31.0802 2560 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:59:32.0022 2560 rdpdr - ok
14:59:32.0129 2560 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:59:32.0232 2560 RDPENCDD - ok
14:59:32.0322 2560 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:59:32.0449 2560 RDPWD - ok
14:59:32.0560 2560 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:59:32.0640 2560 RemoteAccess - ok
14:59:32.0785 2560 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:59:32.0845 2560 RemoteRegistry - ok
14:59:33.0007 2560 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
14:59:33.0182 2560 rimmptsk - ok
14:59:33.0200 2560 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
14:59:33.0261 2560 rimsptsk - ok
14:59:33.0283 2560 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
14:59:33.0349 2560 rismxdp - ok
14:59:33.0381 2560 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:59:33.0499 2560 RpcLocator - ok
14:59:33.0556 2560 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:59:33.0606 2560 RpcSs - ok
14:59:33.0760 2560 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:59:33.0828 2560 rspndr - ok
14:59:33.0833 2560 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:59:33.0849 2560 SamSs - ok
14:59:33.0902 2560 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:59:33.0956 2560 sbp2port - ok
14:59:34.0127 2560 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:59:34.0296 2560 SCardSvr - ok
14:59:34.0614 2560 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:59:34.0784 2560 Schedule - ok
14:59:34.0912 2560 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:59:34.0934 2560 SCPolicySvc - ok
14:59:35.0062 2560 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:59:35.0108 2560 sdbus - ok
14:59:35.0241 2560 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:59:35.0347 2560 SDRSVC - ok
14:59:35.0384 2560 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:59:35.0480 2560 secdrv - ok
14:59:35.0525 2560 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:59:35.0598 2560 seclogon - ok
14:59:35.0736 2560 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
14:59:35.0790 2560 SENS - ok
14:59:35.0873 2560 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:59:35.0934 2560 Serenum - ok
14:59:35.0993 2560 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
14:59:36.0078 2560 Serial - ok
14:59:36.0160 2560 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:59:36.0203 2560 sermouse - ok
14:59:36.0311 2560 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:59:36.0391 2560 SessionEnv - ok
14:59:36.0471 2560 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:59:36.0532 2560 sffdisk - ok
14:59:36.0589 2560 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:59:36.0679 2560 sffp_mmc - ok
14:59:36.0767 2560 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:59:36.0836 2560 sffp_sd - ok
14:59:36.0886 2560 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:59:36.0961 2560 sfloppy - ok
14:59:37.0083 2560 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:59:37.0192 2560 SharedAccess - ok
14:59:37.0297 2560 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:59:37.0374 2560 ShellHWDetection - ok
14:59:37.0406 2560 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:59:37.0422 2560 sisagp - ok
14:59:37.0433 2560 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:59:37.0447 2560 SiSRaid2 - ok
14:59:37.0459 2560 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:59:37.0474 2560 SiSRaid4 - ok
14:59:37.0781 2560 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:59:37.0811 2560 SkypeUpdate - ok
14:59:38.0344 2560 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:59:38.0622 2560 slsvc - ok
14:59:38.0771 2560 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:59:38.0832 2560 SLUINotify - ok
14:59:38.0910 2560 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:59:38.0983 2560 Smb - ok
14:59:39.0092 2560 [ 68FC62A72BD6D8E9DFE3718440BE94A0 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
14:59:39.0121 2560 snapman - ok
14:59:39.0153 2560 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:59:39.0171 2560 SNMPTRAP - ok
14:59:39.0268 2560 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:59:39.0289 2560 spldr - ok
14:59:39.0396 2560 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:59:39.0559 2560 Spooler - ok
14:59:39.0625 2560 sptd - ok
14:59:39.0710 2560 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:59:39.0833 2560 srv - ok
14:59:39.0965 2560 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:59:40.0010 2560 srv2 - ok
14:59:40.0033 2560 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:59:40.0077 2560 srvnet - ok
14:59:40.0185 2560 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:59:40.0265 2560 SSDPSRV - ok
14:59:40.0329 2560 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:59:40.0349 2560 ssmdrv - ok
14:59:40.0460 2560 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:59:40.0562 2560 SstpSvc - ok
14:59:40.0762 2560 StarOpen - ok
14:59:41.0138 2560 [ AB2B9349ADA4AC5EC74B622B8303FE23 ] StarWindService C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
14:59:41.0203 2560 StarWindService ( UnsignedFile.Multi.Generic ) - warning
14:59:41.0203 2560 StarWindService - detected UnsignedFile.Multi.Generic (1)
14:59:41.0247 2560 Steam Client Service - ok
14:59:41.0419 2560 [ 9CEA131B5EB0EA653F6B3EA80B54956D ] STHDA C:\Windows\system32\drivers\stwrt.sys
14:59:41.0599 2560 STHDA - ok
14:59:41.0786 2560 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:59:41.0896 2560 stisvc - ok
14:59:41.0900 2560 stllssvr - ok
14:59:42.0039 2560 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:59:42.0060 2560 swenum - ok
14:59:42.0172 2560 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:59:42.0266 2560 swprv - ok
14:59:42.0318 2560 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:59:42.0343 2560 Symc8xx - ok
14:59:42.0356 2560 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:59:42.0371 2560 Sym_hi - ok
14:59:42.0377 2560 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:59:42.0392 2560 Sym_u3 - ok
14:59:42.0540 2560 [ 1F5192248A364D4AB68DB063D18A2139 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:59:42.0566 2560 SynTP - ok
14:59:42.0770 2560 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
14:59:42.0878 2560 SysMain - ok
14:59:42.0932 2560 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:59:42.0986 2560 TabletInputService - ok
14:59:43.0087 2560 [ DA713B313E4FCD94097305FFDE9BDDE7 ] TACXDEV C:\Windows\system32\Drivers\I-magic.sys
14:59:43.0176 2560 TACXDEV - ok
14:59:43.0387 2560 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:59:43.0449 2560 TapiSrv - ok
14:59:43.0524 2560 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:59:43.0555 2560 TBS - ok
14:59:43.0831 2560 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:59:43.0940 2560 Tcpip - ok
14:59:44.0109 2560 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:59:44.0217 2560 Tcpip6 - ok
14:59:44.0299 2560 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:59:44.0416 2560 tcpipreg - ok
14:59:44.0531 2560 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:59:44.0770 2560 TDPIPE - ok
14:59:44.0923 2560 [ 3B7B6779EB231F731BBA8F9FE67AADFC ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
14:59:45.0102 2560 tdrpman - ok
14:59:45.0226 2560 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:59:45.0290 2560 TDTCP - ok
14:59:45.0381 2560 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:59:45.0439 2560 tdx - ok
14:59:45.0480 2560 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:59:45.0497 2560 TermDD - ok
14:59:45.0538 2560 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:59:45.0682 2560 TermService - ok
14:59:45.0747 2560 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:59:45.0766 2560 Themes - ok
14:59:45.0792 2560 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:59:45.0821 2560 THREADORDER - ok
14:59:45.0990 2560 [ B0B3122BFF3910E0BA97014045467778 ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys
14:59:46.0013 2560 tifsfilter - ok
14:59:46.0140 2560 [ 13BFE330880AC0CE8672D00AA5AFF738 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
14:59:46.0172 2560 timounter - ok
14:59:46.0371 2560 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
14:59:46.0386 2560 TomTomHOMEService - ok
14:59:46.0488 2560 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:59:46.0529 2560 TrkWks - ok
14:59:46.0645 2560 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:59:46.0669 2560 TrustedInstaller - ok
14:59:46.0776 2560 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:59:46.0838 2560 tssecsrv - ok
14:59:46.0941 2560 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:59:47.0012 2560 tunmp - ok
14:59:47.0087 2560 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:59:47.0124 2560 tunnel - ok
14:59:47.0161 2560 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:59:47.0188 2560 uagp35 - ok
14:59:47.0294 2560 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:59:47.0353 2560 udfs - ok
14:59:47.0435 2560 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:59:47.0476 2560 UI0Detect - ok
14:59:47.0587 2560 [ 5E86DBB68D49B3A0DA99F76F1C2CAB01 ] UimBus C:\Windows\system32\DRIVERS\UimBus.sys
14:59:47.0615 2560 UimBus - ok
14:59:47.0713 2560 [ 05CA10764D2E1B5F822E966FF96D9F1F ] Uim_IM C:\Windows\system32\Drivers\Uim_IM.sys
14:59:47.0737 2560 Uim_IM - ok
14:59:47.0768 2560 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:59:47.0783 2560 uliagpkx - ok
14:59:47.0822 2560 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:59:47.0841 2560 uliahci - ok
14:59:47.0857 2560 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:59:47.0873 2560 UlSata - ok
14:59:47.0885 2560 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:59:47.0901 2560 ulsata2 - ok
14:59:47.0995 2560 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:59:48.0024 2560 umbus - ok
14:59:48.0123 2560 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:59:48.0196 2560 upnphost - ok
14:59:48.0229 2560 USBAAPL - ok
14:59:48.0327 2560 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:59:48.0351 2560 usbaudio - ok
14:59:48.0459 2560 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:59:48.0499 2560 usbccgp - ok
14:59:48.0520 2560 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:59:48.0600 2560 usbcir - ok
14:59:48.0678 2560 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:59:48.0702 2560 usbehci - ok
14:59:48.0785 2560 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:59:48.0819 2560 usbhub - ok
14:59:48.0862 2560 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:59:48.0937 2560 usbohci - ok
14:59:49.0063 2560 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:59:49.0100 2560 usbprint - ok
14:59:49.0202 2560 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:59:49.0225 2560 usbscan - ok
14:59:49.0325 2560 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:59:49.0385 2560 USBSTOR - ok
14:59:49.0464 2560 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:59:49.0518 2560 usbuhci - ok
14:59:49.0617 2560 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:59:49.0692 2560 usbvideo - ok
14:59:49.0794 2560 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:59:49.0874 2560 UxSms - ok
14:59:49.0985 2560 [ 92CEBC2BC7BE2C8D49391B365569F306 ] vaxscsi C:\Windows\System32\Drivers\vaxscsi.sys
14:59:50.0041 2560 vaxscsi - ok
14:59:50.0202 2560 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:59:50.0301 2560 vds - ok
14:59:50.0351 2560 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:59:50.0441 2560 vga - ok
14:59:50.0559 2560 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:59:50.0595 2560 VgaSave - ok
14:59:50.0673 2560 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:59:50.0690 2560 viaagp - ok
14:59:50.0765 2560 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:59:50.0820 2560 ViaC7 - ok
14:59:50.0838 2560 [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide C:\Windows\system32\drivers\viaide.sys
14:59:50.0853 2560 viaide - ok
14:59:50.0946 2560 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:59:51.0007 2560 volmgr - ok
14:59:51.0275 2560 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:59:51.0393 2560 volmgrx - ok
14:59:51.0615 2560 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:59:51.0653 2560 volsnap - ok
14:59:51.0765 2560 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:59:51.0841 2560 vsmraid - ok
14:59:52.0104 2560 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:59:52.0195 2560 VSS - ok
14:59:52.0380 2560 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:59:52.0518 2560 W32Time - ok
14:59:52.0564 2560 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:59:52.0636 2560 WacomPen - ok
14:59:52.0757 2560 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:59:52.0826 2560 Wanarp - ok
14:59:52.0831 2560 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:59:52.0856 2560 Wanarpv6 - ok
14:59:53.0034 2560 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:59:53.0087 2560 wcncsvc - ok
14:59:53.0180 2560 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:59:53.0239 2560 WcsPlugInService - ok
14:59:53.0290 2560 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
14:59:53.0321 2560 Wd - ok
14:59:53.0524 2560 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:59:53.0590 2560 Wdf01000 - ok
14:59:53.0604 2560 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:59:53.0657 2560 WdiServiceHost - ok
14:59:53.0662 2560 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:59:53.0694 2560 WdiSystemHost - ok
14:59:53.0846 2560 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
14:59:53.0866 2560 WebClient - ok
14:59:54.0016 2560 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:59:54.0075 2560 Wecsvc - ok
14:59:54.0188 2560 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:59:54.0254 2560 wercplsupport - ok
14:59:54.0350 2560 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:59:54.0424 2560 WerSvc - ok
14:59:54.0635 2560 [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:59:54.0696 2560 winachsf - ok
14:59:54.0925 2560 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:59:54.0974 2560 WinDefend - ok
14:59:55.0154 2560 [ 032793A8E6288C4C60FF30542EEAB22B ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
14:59:55.0370 2560 WinDriver6 - ok
14:59:55.0373 2560 WinHttpAutoProxySvc - ok
14:59:55.0602 2560 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:59:55.0678 2560 Winmgmt - ok
14:59:56.0206 2560 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:59:56.0498 2560 WinRM - ok
14:59:56.0653 2560 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:59:56.0746 2560 Wlansvc - ok
14:59:56.0853 2560 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:59:56.0875 2560 WmiAcpi - ok
14:59:57.0021 2560 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:59:57.0055 2560 wmiApSrv - ok
14:59:57.0782 2560 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:59:57.0973 2560 WMPNetworkSvc - ok
14:59:58.0181 2560 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:59:58.0313 2560 WPCSvc - ok
14:59:58.0424 2560 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:59:58.0573 2560 WPDBusEnum - ok
14:59:58.0697 2560 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:59:58.0822 2560 WpdUsb - ok
15:00:00.0227 2560 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:00:00.0430 2560 WPFFontCache_v0400 - ok
15:00:00.0553 2560 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:00:00.0651 2560 ws2ifsl - ok
15:00:00.0718 2560 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
15:00:00.0828 2560 wscsvc - ok
15:00:00.0835 2560 WSearch - ok
15:00:01.0890 2560 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:00:02.0456 2560 wuauserv - ok
15:00:02.0592 2560 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:00:02.0688 2560 WUDFRd - ok
15:00:02.0779 2560 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:00:02.0855 2560 wudfsvc - ok
15:00:02.0976 2560 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
15:00:03.0039 2560 XAudio - ok
15:00:03.0314 2560 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
15:00:03.0431 2560 XAudioService - ok
15:00:03.0442 2560 ================ Scan global ===============================
15:00:03.0552 2560 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:00:03.0887 2560 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:00:03.0958 2560 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:00:04.0241 2560 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:00:04.0252 2560 [Global] - ok
15:00:04.0253 2560 ================ Scan MBR ==================================
15:00:04.0273 2560 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
15:00:06.0512 2560 \Device\Harddisk0\DR0 - ok
15:00:06.0513 2560 ================ Scan VBR ==================================
15:00:06.0568 2560 [ 534FE453DA23E579C6736D1445BD5E9C ] \Device\Harddisk0\DR0\Partition1
15:00:06.0646 2560 \Device\Harddisk0\DR0\Partition1 - ok
15:00:06.0700 2560 [ 9D625BD90CBF2797C5FA2624206D3651 ] \Device\Harddisk0\DR0\Partition2
15:00:06.0766 2560 \Device\Harddisk0\DR0\Partition2 - ok
15:00:06.0770 2560 [ A5216A405F57244B4EF29E4882D72496 ] \Device\Harddisk0\DR0\Partition3
15:00:06.0772 2560 \Device\Harddisk0\DR0\Partition3 - ok
15:00:06.0773 2560 ============================================================
15:00:06.0773 2560 Scan finished
15:00:06.0773 2560 ============================================================
15:00:06.0786 3352 Detected object count: 19
15:00:06.0786 3352 Actual detected object count: 19
15:00:15.0432 3352 acedrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0432 3352 acedrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0432 3352 acedrv02 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0432 3352 acedrv02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0435 3352 acedrv03 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0435 3352 acedrv03 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0437 3352 acedrv04 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0437 3352 acedrv04 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0439 3352 acedrv05 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0440 3352 acedrv05 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0442 3352 acedrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0442 3352 acedrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0445 3352 acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0445 3352 acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0448 3352 APL531 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0448 3352 APL531 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0450 3352 camfilt ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0450 3352 camfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0453 3352 cvintdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0453 3352 cvintdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0456 3352 DSBrokerService ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0456 3352 DSBrokerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0458 3352 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0458 3352 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0461 3352 dsunidrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0461 3352 dsunidrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0464 3352 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0464 3352 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0466 3352 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0467 3352 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0469 3352 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0469 3352 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0471 3352 NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0472 3352 NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0474 3352 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0474 3352 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:15.0477 3352 StarWindService ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:15.0477 3352 StarWindService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 26.10.2012, 14:19   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.10.2012, 14:52   #11
Horstmann
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Hallo hab den scan durchgeführt! Anbei die logfile! Vielen Dank für deine Mühe!

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-26 15:23:57
-----------------------------
15:23:57.475 OS Version: Windows 6.0.6002 Service Pack 2
15:23:57.475 Number of processors: 2 586 0xF06
15:23:57.476 ComputerName: VW UserName:
15:23:59.126 Initialize success
15:24:08.473 AVAST engine defs: 12102600
15:24:19.757 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:24:19.760 Disk 0 Vendor: ST9160821AS 3.CDD Size: 152627MB BusType: 3
15:24:19.855 Disk 0 MBR read successfully
15:24:19.858 Disk 0 MBR scan
15:24:19.920 Disk 0 Windows XP default MBR code
15:24:19.943 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
15:24:19.950 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
15:24:20.049 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 130259 MB offset 21133312
15:24:20.055 Disk 0 Partition - 00 0F Extended LBA 12033 MB offset 287916930
15:24:20.140 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 12033 MB offset 287916993
15:24:20.159 Disk 0 scanning sectors +312560640
15:24:20.438 Disk 0 scanning C:\Windows\system32\drivers
15:25:00.615 Service scanning
15:26:02.280 Modules scanning
15:27:08.145 Disk 0 trace - called modules:
15:27:08.170 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
15:27:08.176 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8984aac8]
15:27:08.182 3 CLASSPNP.SYS[8bfa98b3] -> nt!IofCallDriver -> [0x88e0a860]
15:27:08.187 5 acpi.sys[8ba986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x88dddb98]
15:27:10.426 AVAST engine scan C:\Windows
15:27:38.201 AVAST engine scan C:\Windows\system32
15:34:02.320 AVAST engine scan C:\Windows\system32\drivers
15:34:30.522 AVAST engine scan C:\Users\Arian
15:49:17.562 Disk 0 MBR has been saved successfully to "C:\Users\Arian\Desktop\MBR.dat"
15:49:17.570 The log file has been saved successfully to "C:\Users\Arian\Desktop\aswMBR.txt"

Alt 26.10.2012, 15:04   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Sieht auch gut aus

Ok, eine Kontrolle bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.10.2012, 16:35   #13
Horstmann
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Das freut mich, wenn du das so siehst....vielen Dank, dass du dir so viel Zeit nimmst!

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.10.2012 17:11:02 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Arian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,44% Memory free
4,23 Gb Paging File | 2,98 Gb Available in Paging File | 70,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127,21 Gb Total Space | 8,17 Gb Free Space | 6,42% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,28 Gb Free Space | 62,84% Space Free | Partition Type: NTFS
Drive G: | 11,75 Gb Total Space | 1,98 Gb Free Space | 16,88% Space Free | Partition Type: NTFS
Drive H: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: VW | User Name: Arian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Arian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\RocketDock\RocketDock.exe ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (StarWindService) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (StarOpen) --  File not found
DRV - (sptd) -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys File not found
DRV - (pcouffin) -- System32\Drivers\pcouffin.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (ntcdrdrv) -- system32\DRIVERS\ntcdrdrv.sys File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Arian\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (vaxscsi) -- C:\Windows\System32\drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\Windows\System32\drivers\tdrpman.sys (Acronis)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (acedrv07) -- C:\Windows\System32\drivers\acedrv07.sys (Protect Software GmbH)
DRV - (acedrv06) -- C:\Windows\System32\drivers\acedrv06.sys (Protect Software GmbH)
DRV - (acedrv05) -- C:\Windows\System32\drivers\acedrv05.sys (Protect Software GmbH)
DRV - (acedrv04) -- C:\Windows\System32\drivers\acedrv04.sys (Protect Software GmbH)
DRV - (acedrv03) -- C:\Windows\System32\drivers\acedrv03.sys (ACE GmbH)
DRV - (acedrv02) -- C:\Windows\System32\drivers\acedrv02.sys (ACE GmbH)
DRV - (acedrv01) -- C:\Windows\System32\drivers\acedrv01.sys (ACE GmbH)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (NetworkX) -- C:\Windows\System32\Ckldrv.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (APL531) -- C:\Windows\System32\drivers\HDvid.sys (Guillemont Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (camfilt) -- C:\Windows\System32\drivers\camfilt.sys (Guillemot Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv) -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (TACXDEV) -- C:\Windows\System32\drivers\I-magic.sys ()
DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&amp;ie=UTF-8
IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes,DefaultScope = {BD7AF474-87E6-4D84-91DB-6E20CABD2968}
IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60342
IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes\{624F85FF-C226-4D55-BEDB-9947BC90BD07}: "URL" = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_deDE321
IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\SearchScopes\{BD7AF474-87E6-4D84-91DB-6E20CABD2968}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local localhost localhost localhost localhost localhost;*.local localhost;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Arian\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 16:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 16:07:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.26 14:38:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Arian\Program Files\DNA [2009.02.19 17:02:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 16:07:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 16:07:32 | 000,000,000 | ---D | M]
 
[2010.06.30 10:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions
[2010.06.30 10:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008.05.22 11:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.10.26 10:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions
[2010.04.29 09:47:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.04 01:30:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.09.18 20:52:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2007.09.25 23:13:09 | 000,000,000 | ---D | M] ("Fasterfox") -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009.11.10 23:07:29 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\firefox@tvunetworks.com
[2012.09.15 18:00:38 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Arian\AppData\Roaming\mozilla\Firefox\Profiles\3zzhvudk.default\extensions\ich@maltegoetz.de
[2011.11.24 19:57:12 | 000,079,365 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\anticontainer@downthemall.net.xpi
[2012.10.14 22:41:15 | 000,340,281 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.10.11 15:02:07 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.30 14:38:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.15 17:11:04 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.10.26 10:08:56 | 000,000,944 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\mozilla\firefox\profiles\3zzhvudk.default\searchplugins\icqplugin.xml
[2012.10.12 16:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.12 16:07:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.10.12 16:07:15 | 000,000,000 | ---D | M] ("Yummy CONDUIT Player") -- C:\Program Files\Mozilla Firefox\extensions\YPlayer@yummy.net
[2012.10.12 16:07:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.10.12 16:07:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 16:07:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009.09.21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2012.10.12 16:07:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 16:07:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.12 16:07:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.12 16:07:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: Gmail = C:\Users\Arian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.10.26 09:25:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000..\Run: [Spotify Web Helper] C:\Users\Arian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAF018CD-C243-4E7B-B0DC-380877BB67CA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00ED8B3-C96D-49B1-8E48-CCA13BA1D7AE}: DhcpNameServer = 83.169.185.33 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Arian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Arian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (a)
O34 - HKLM BootExecute: (u)
O34 - HKLM BootExecute: (t)
O34 - HKLM BootExecute: (o)
O34 - HKLM BootExecute: (c)
O34 - HKLM BootExecute: (h)
O34 - HKLM BootExecute: (e)
O34 - HKLM BootExecute: (c)
O34 - HKLM BootExecute: (k)
O34 - HKLM BootExecute: (a)
O34 - HKLM BootExecute: (u)
O34 - HKLM BootExecute: (t)
O34 - HKLM BootExecute: (o)
O34 - HKLM BootExecute: (c)
O34 - HKLM BootExecute: (h)
O34 - HKLM BootExecute: (k)
O34 - HKLM BootExecute: (*)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2617123096-2108651821-2447131207-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.26 15:20:45 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Arian\Desktop\aswMBR.exe
[2012.10.26 14:42:49 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Arian\Desktop\tdsskiller.exe
[2012.10.26 09:31:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.26 09:31:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.26 09:31:43 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Local\temp
[2012.10.26 09:01:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.10.25 16:27:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.25 16:27:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.25 16:27:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.25 16:27:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.25 16:26:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.25 16:19:12 | 004,988,534 | R--- | C] (Swearware) -- C:\Users\Arian\Desktop\ComboFix.exe
[2012.10.22 19:41:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe
[2012.10.16 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Malwarebytes
[2012.10.16 21:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.16 21:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.16 21:42:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.16 21:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.16 21:01:43 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Local\CrashDumps
[2012.10.15 20:39:55 | 000,000,000 | ---D | C] -- C:\Users\Arian\Local Settings
[2012.10.12 16:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.12 10:59:46 | 000,000,000 | ---D | C] -- C:\Users\Arian\Desktop\Medizinbücher
[2012.10.11 15:14:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.11 15:13:36 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.11 15:13:35 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.09.27 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Arian\AppData\Roaming\Avira
[2012.09.27 17:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.27 17:51:38 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.27 17:51:38 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.27 17:51:38 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.27 17:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.09.27 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2008.01.26 22:17:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Arian\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Arian\*.tmp files -> C:\Users\Arian\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.26 17:11:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.26 17:11:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.26 17:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.26 17:02:44 | 000,262,183 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\nvModes.001
[2012.10.26 17:01:29 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 17:01:28 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 17:01:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.26 15:49:17 | 000,000,512 | ---- | M] () -- C:\Users\Arian\Desktop\MBR.dat
[2012.10.26 15:20:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Arian\Desktop\aswMBR.exe
[2012.10.26 14:42:50 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Arian\Desktop\tdsskiller.exe
[2012.10.26 13:39:55 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.26 13:39:55 | 000,607,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.26 13:39:55 | 000,131,678 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.26 13:39:55 | 000,108,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.26 09:25:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.26 08:59:12 | 004,988,534 | R--- | M] (Swearware) -- C:\Users\Arian\Desktop\ComboFix.exe
[2012.10.23 20:42:32 | 000,302,592 | ---- | M] () -- C:\Users\Arian\Desktop\g59dx8n2.exe
[2012.10.23 19:58:34 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.22 19:41:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arian\Desktop\OTL.exe
[2012.10.22 19:13:01 | 000,000,020 | ---- | M] () -- C:\Users\Arian\defogger_reenable
[2012.10.22 19:10:57 | 000,050,477 | ---- | M] () -- C:\Users\Arian\Desktop\Defogger.exe
[2012.10.17 19:27:35 | 000,213,504 | ---- | M] () -- C:\Users\Arian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.12 12:27:54 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.12 12:27:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.09 22:34:56 | 000,304,389 | ---- | M] () -- C:\Users\Arian\Desktop\EKG-Kochbuch.pdf
[2012.10.08 18:36:33 | 000,262,183 | ---- | M] () -- C:\Users\Arian\AppData\Roaming\nvModes.dat
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Arian\*.tmp files -> C:\Users\Arian\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.26 15:49:17 | 000,000,512 | ---- | C] () -- C:\Users\Arian\Desktop\MBR.dat
[2012.10.25 16:27:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.25 16:27:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.25 16:27:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.25 16:27:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.25 16:27:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.23 20:42:06 | 000,302,592 | ---- | C] () -- C:\Users\Arian\Desktop\g59dx8n2.exe
[2012.10.22 19:12:02 | 000,000,020 | ---- | C] () -- C:\Users\Arian\defogger_reenable
[2012.10.22 19:10:56 | 000,050,477 | ---- | C] () -- C:\Users\Arian\Desktop\Defogger.exe
[2012.10.16 21:42:52 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.09 22:34:51 | 000,304,389 | ---- | C] () -- C:\Users\Arian\Desktop\EKG-Kochbuch.pdf
[2012.02.05 11:32:53 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012.02.05 11:32:06 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012.02.05 11:29:49 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012.02.05 11:29:48 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012.02.05 11:29:48 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012.02.05 11:29:48 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011.09.10 14:14:48 | 000,000,261 | ---- | C] () -- C:\ProgramData\lxdi
[2011.06.17 18:09:28 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.05.17 21:45:15 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe
[2011.04.12 20:21:56 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.04 16:45:55 | 000,019,456 | ---- | C] () -- C:\Users\Arian\AppData\Local\WebpageIcons.db
[2008.05.14 17:59:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.01.26 22:17:42 | 000,007,887 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\pcouffin.cat
[2008.01.26 22:17:42 | 000,001,144 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\pcouffin.inf
[2008.01.23 19:26:12 | 000,000,093 | ---- | C] () -- C:\Users\Arian\AppData\Local\fusioncache.dat
[2007.11.23 19:17:35 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.08.19 18:57:10 | 000,007,268 | ---- | C] () -- C:\Users\Arian\AppData\Local\d3d9caps.dat
[2007.05.04 20:25:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.04.29 13:34:35 | 000,000,040 | -HS- | C] () -- C:\Users\Arian\AppData\Roaming\.zreglib
[2007.04.29 11:27:33 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007.04.27 21:41:09 | 000,022,869 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\UserTile.png
[2007.04.24 21:43:52 | 000,000,020 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\anzds
[2007.04.12 22:41:43 | 000,000,114 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\wklnhst.dat
[2007.04.12 22:29:26 | 000,262,183 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\nvModes.001
[2007.04.12 20:10:43 | 000,262,183 | ---- | C] () -- C:\Users\Arian\AppData\Roaming\nvModes.dat
[2007.04.12 18:01:59 | 000,213,504 | ---- | C] () -- C:\Users\Arian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Meine Projekte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Hercules webcam:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Arian\Documents\Eigene Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C39E55C5

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.10.2012 17:11:02 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Arian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,44% Memory free
4,23 Gb Paging File | 2,98 Gb Available in Paging File | 70,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127,21 Gb Total Space | 8,17 Gb Free Space | 6,42% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,28 Gb Free Space | 62,84% Space Free | Partition Type: NTFS
Drive G: | 11,75 Gb Total Space | 1,98 Gb Free Space | 16,88% Space Free | Partition Type: NTFS
Drive H: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: VW | User Name: Arian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2617123096-2108651821-2447131207-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021CE6B5-29E7-47E9-B4F0-8082C1D13564}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{049FB088-F756-433C-BDDA-A78DAF3ACDD3}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{0513F805-EE41-4481-8F9B-D709BBD97390}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{09FFAF7E-960D-4ABA-A045-85BDA089DFE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0A8DFADB-D503-412D-B3C0-E114A47EA519}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{0BDF2BEC-847F-49FD-8EAC-B3C672CADC8F}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{0E04FB00-3695-455E-A0B4-4C8C301A10C6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{13977CDB-7542-4BA7-AF1D-7C320EC8F41C}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{1E923DC5-5E46-40F5-903D-BB6BC1653C3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1F229CA4-592B-4054-B9D7-F69A200C032A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2723FCC0-B8E0-4F43-89F4-61081BF2C3A8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2FB6931A-54B5-4C68-B55E-81F1552F27D3}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{33FC821B-6B63-4E2E-B682-3EBBB0AF2BE5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{3A80DED8-DABC-4C36-8670-880373201E43}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{429F39BA-EE00-407D-842A-A95A8D80E097}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{513EE075-DB1A-474E-8EDF-AC41FC6694EE}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{543848BB-5E2E-4133-AEFD-6926FC0BE268}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{5F31737F-F58E-46F2-B252-613905BBCE2A}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{6A1C3FD5-6C5C-4B6C-9B40-7892168EAE26}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B89AA1D-E8D8-419B-9F81-AF3CD086D79C}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{718B4142-DE4D-4759-BF2C-F363A88804C5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{86E67164-CA97-436B-8BA6-8E5F29E10533}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{94B89420-A642-4E02-BA7A-E1973445CA5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9B021B77-8070-477A-9CFF-5D4CFDB6D5B4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A17F10E9-A40D-416E-B5FE-0DDDEF5DE9D8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A3433567-8BBF-4F91-B6AD-B0CF80C01A85}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AA50E7E7-AE3E-4222-840F-BAD77794FA91}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{ABE23920-0CFA-4345-81EA-9DE9A753EFD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ACE20BE8-225E-40FE-B543-70BE4536A494}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{ADA203EE-DFF7-44EB-A15C-E4E1C338A511}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{B55BF4EB-4ABA-4261-A308-BB18A77B19DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C18E8273-483E-4780-A5D0-C531A2D45EEE}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D2CC04D7-842D-4546-B770-65F3DF9334A7}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{EF22441F-6214-4540-B3DA-DD8A121512AF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{F3F8D745-A110-479D-99BE-66241F422013}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{F6E9DCA2-3075-4997-99DD-69E6D415EA62}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FC7FFC37-308B-4CDF-9B67-9294A2D8F0A0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{FE5A3DB0-FD7C-46E2-9847-5F6721223DD9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0382256D-1651-4C96-9933-38590899D06D}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{052F2719-8293-430F-A620-269562DCA924}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{063E21C7-01AE-4209-BE5B-B7084278F60C}" = protocol=6 | dir=out | app=system | 
"{06BB7ECA-77EF-459D-8224-E6B2991F31DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{0A80D270-C23A-492E-B53D-B70EBE0E0853}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe | 
"{0B7E23F5-814F-44B8-9571-8AAEAE2154C4}" = protocol=6 | dir=in | app=c:\users\arian\appdata\local\temp\{37e0e4c5-eb61-4713-8aaf-2cb47f67d7f3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{128B0756-6B7D-49E5-A21F-0096DC8661AF}" = protocol=17 | dir=in | app=e:\alicesetup.exe | 
"{16A3FB3B-95EB-4B37-8CD7-FBE36D432A6D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{187333D2-F05F-42D8-84E4-CBA2FB8000EF}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{1DFBC355-1D44-4B06-BE7E-39503376E234}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{1E98B140-97D8-47A4-BE32-EFB1CCF3191D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{205E2994-96F9-49C2-A5D7-337A263F636D}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{20E91D0D-2674-4021-97A3-8FAF206B5E71}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{2131FBCE-22EC-4B6C-9C77-539DB8FC827C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2B21D0BF-276A-4F89-B937-0684F1A1BBEB}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe | 
"{2B4356B2-6329-4A9C-89DB-CF0080D42E36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B8E7C39-C7B1-45CE-83E5-4ACB8A474C28}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe | 
"{31286402-279E-4980-AE6E-FD9287BF6A2D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{32D4D9B2-49A8-4C8F-84B3-922A76B97631}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{3335D37B-3BD3-49BD-86A0-6AF1DD67E392}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe | 
"{34BE37AE-DF5F-46DD-86C3-7592AEA24CD5}" = protocol=17 | dir=in | app=c:\program files\spssinc\statistics17\spsswinwrapide.exe | 
"{34ECF6AF-41F4-4818-8C71-F9B46B2AC8EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{35323808-4BB9-4A62-8B8C-5E0E8CCE19B6}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{37055D18-A6A1-40A7-A880-6BF2B622EF11}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{378AA7DF-33F1-4684-83B4-D58B7742B4F1}" = protocol=6 | dir=in | app=e:\alicesetup.exe | 
"{3AD8C74E-B84B-4A77-BF1A-11FAA57C4FFE}" = protocol=6 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe | 
"{44C0FD9E-7945-4F36-812C-E322CBD90EDA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe | 
"{455708D8-2C26-4B4A-A244-D0754A468C30}" = protocol=6 | dir=in | app=c:\program files\spssinc\statistics17\statistics.com | 
"{4576091A-667D-4DB8-A8D1-DFEB6F2CDA32}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{4798BFF9-1525-4EB8-9248-0ABB0A76AC49}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe | 
"{48671982-DCFE-46A3-B4F1-224A96A73034}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe | 
"{4A1D79D2-B736-4AC6-AB2D-592133C27182}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"{50575455-377E-4577-9737-0ACED7B66C0C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe | 
"{50EFE315-D74B-4556-ABD0-91D6995D4FA3}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe | 
"{56DFAB51-737A-484D-B637-30AD4AAD94FB}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{5D28380B-A0B8-4EA0-ACE6-1757E5CCB0A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5D65BC8D-FA54-433A-A51F-00C0009F63EE}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{63469CA6-5805-4A4B-ACE4-09BBB89EA872}" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"{63826B34-3562-4A0A-BADD-A36B5F72249C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{64ABB2D4-F1C6-4625-879B-BC6824C5DD7D}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{66F445CC-68A3-4126-A7E8-CF242C303DC4}" = protocol=17 | dir=in | app=c:\users\arian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{69824F82-AD9A-4D68-BBB3-F5BC3FB0AD3D}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{6AFB49BB-5BD7-485F-B98C-E85D4E42F8B0}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | 
"{6C5A802F-D4AC-4B6A-B128-74C1072C9A03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6D8655CE-FD8C-4A41-8F80-4E483D347BBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6F5BD54B-212C-40EB-B6CE-85E7EA407A26}" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"{6FA38E9B-B034-4B01-9CD8-87499689049E}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{72291701-964D-4EA8-B956-CFF2A7B15C2E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{73A8AF21-F2AF-4E8E-88DB-3FE5C403635A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{7514CA3C-5F94-4745-AFE6-66F67882AD52}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7974B2F1-7B19-490E-9738-F802059AFFFA}" = protocol=17 | dir=in | app=c:\program files\spssinc\statistics17\statistics.com | 
"{80E01EC6-F8BF-4991-A9BF-16CA3271F760}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{8664A34B-E1BC-4794-9CC1-666B6C90BCB8}" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 3\onlinetv.exe | 
"{892EEE45-DBD7-4518-9838-6D1BDBC0B914}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{8AA2F4E9-4AB5-4066-B16F-A579F78800C5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2010\fm.exe | 
"{8F038E99-7581-438F-95DA-5D2878F01B17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{906C9B10-7EC0-4CAD-9B17-805197678255}" = protocol=6 | dir=in | app=c:\program files\spssinc\statistics17\statistics.exe | 
"{92293D3B-7FC8-4782-BB14-E43FAAF0DB01}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{93A4C150-75F4-408F-B18F-D1F5E480942D}" = protocol=17 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe | 
"{9A694649-8380-410E-89E0-F784B3190E38}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{9AF02751-3175-4CAB-B566-9D18999E0018}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{9BFAC798-200D-420D-827F-D3909F7350CC}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{9E289384-BB9A-4F63-AB2B-9173BFE97A42}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A0B338EC-6151-40C0-A018-E48F8B4CBA22}" = protocol=6 | dir=in | app=c:\program files\spssinc\statistics17\spsswinwrapide.exe | 
"{A15B92D9-1421-4504-BDB9-2B9ECF3F0352}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{A1DB9AC2-458F-4381-84E4-9B8119D36113}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{A2B5C049-1130-4672-AC2E-D3D9DF58812E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{A3417207-337B-411B-AF4B-FB2F709B1D8B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A5CEFA79-F005-477F-B5B5-0E34A5CD21F3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{A68C80CD-84CD-4411-AD0E-C214079B7596}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | 
"{A9329D06-F6D7-4880-8886-31D681131760}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A963DFC3-2F03-43C9-B758-45D4EF582E02}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{B04714C5-E93C-4779-BAC5-95DE3B0BC24B}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{B068F8CE-E89F-4971-ADF4-0D1C59A7B0DA}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{B132A689-FFD3-4693-842D-8CC7CA853E0C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{B274D054-5526-4362-BD58-E7EE041CB031}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{B3435E08-F493-4719-8A65-3276B7F309F1}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{B44FC895-6EF0-42C8-9DF5-280C235A6268}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{BC714F0F-F477-49CC-B44F-D697B5625C4A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{BCB8F71E-F5A9-4FDE-8501-CC45419DE5D2}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{BE98DBBA-BB40-4C32-8EB2-02D9762BA1DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C01C611B-1047-4C2A-A60D-505806E6B697}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C068D891-1178-4FE7-BB4D-3A6FCBA9D592}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{C21742DC-ACB8-4CBE-822A-87626D18D9CC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | 
"{C40F7A58-92EA-438B-8D91-138E312F75DD}" = protocol=6 | dir=in | app=c:\users\arian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C42C1F48-F00B-4BDB-A28E-474E4D1BCD9A}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{CB70BA9B-54B3-4F96-9912-D0B556933042}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{CCBCDB22-FB0B-4A58-9B40-DD0E363EC5C9}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{CEA9CE3C-E7C6-403E-BE80-2BE8296C827D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CEEBCF99-B45C-419A-9DE3-F50CE8CBC830}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{D209A119-5D58-45F9-BE83-12115021EE0E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe | 
"{D4D031A4-8B7B-456D-A4ED-99625DAAB39D}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{D5446439-65F8-428C-98C0-D1079F4FA5B2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{D5E0CB67-06EA-4159-A962-2A0B6341A060}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{DA8222DE-D7FC-4368-898B-31345A44528C}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{DBA73136-CC06-4A11-A0EC-7337114D1E88}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DC6B3B3D-EA45-4166-8257-395DEEB52A3F}" = protocol=17 | dir=in | app=c:\program files\spssinc\statistics17\statistics.exe | 
"{DE4C368E-7930-424D-9188-C8B2AF0AEE77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E2D6DD53-024D-42C0-A94D-8EB4D2E32584}" = protocol=17 | dir=in | app=c:\users\arian\appdata\local\temp\{37e0e4c5-eb61-4713-8aaf-2cb47f67d7f3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{E2E2DB10-AD3B-47B8-BFE7-D9D75D6A06D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E6F85A16-4448-4C76-B9F4-3DC8BB484E10}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | 
"{E8132F37-B18B-49BA-80D3-B795756FD44E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{EBEDA74B-6B17-431D-9360-85477B23B19E}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe | 
"{EC118054-DA1D-46EF-9BDE-58EA7E133E9E}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{F03AD1DE-8DCF-4A1E-BCC9-5567F4262A35}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F1CFE3F4-98A5-4D41-9202-0B96AD3523A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5DF856C-FB73-4D9B-B6B3-996257ED6285}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe | 
"{F6BB4F71-5528-4071-9E49-1E2ED1A549F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{F7DC54EC-7365-459C-99EC-11370E75463D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"{FE4A99DE-6776-41C3-9718-DF384A402887}" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 3\onlinetv.exe | 
"TCP Query User{02D915B3-A094-4F99-9E52-3947AB6454FD}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe | 
"TCP Query User{0643E886-A505-4B23-8930-28DE396436AA}C:\westwood\ar2\game.exe" = protocol=6 | dir=in | app=c:\westwood\ar2\game.exe | 
"TCP Query User{08BABBB3-F08B-4C3A-938D-1E4D4BCD1F32}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{0A209357-6A28-4E1D-B3B1-D0D3CD96AE09}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe | 
"TCP Query User{1149F54B-5A76-4ED7-BDEA-AB85BED2C165}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{124D616D-BA1D-456C-A7FE-02FE0BABFCD0}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{1DCF370E-E346-4C7D-9A95-13F2CD800EA5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{2234A992-2466-4788-B3E7-419803A1B696}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe | 
"TCP Query User{2BC616F3-CE1A-4F8A-964A-B9644EB84CFC}C:\users\arian\appdata\local\temp\4000002d500070d45b7622\starcraft.exe" = protocol=6 | dir=in | app=c:\users\arian\appdata\local\temp\4000002d500070d45b7622\starcraft.exe | 
"TCP Query User{2F66581C-28B5-48BA-B889-D6AD139C01D8}C:\users\arian\desktop\dvd\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\dvd\age of empires ii\empires2.exe | 
"TCP Query User{32616573-4D71-4E09-A62A-7C105EF2242D}C:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe | 
"TCP Query User{33624005-6040-48CE-9C3F-92451AFF910E}C:\program files\anno 1602 königs-edition\1602.exe" = protocol=6 | dir=in | app=c:\program files\anno 1602 königs-edition\1602.exe | 
"TCP Query User{34070CD4-9F9E-45F0-B360-494B5199BBB6}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{3B3E930C-6F70-40E2-A426-E8FEAC8C0CBC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{3B99CD4A-0807-43CF-A5B5-8F7A15D22512}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{3C7914E5-6400-4839-A7A8-813ADE792FF7}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{3CE24E1F-76D6-4FD1-90B7-6F0FCFAFE608}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | 
"TCP Query User{3E9640C9-5524-4F47-8394-D7C228346015}C:\program files\langenscheidt t1 7_0\stdalone\mt_alone.exe" = protocol=6 | dir=in | app=c:\program files\langenscheidt t1 7_0\stdalone\mt_alone.exe | 
"TCP Query User{3FB9675A-6D74-4A00-8DA2-4A1762CD8760}C:\users\arian\desktop\dvd\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\dvd\stronghold crusader\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{4312E7C1-D3B0-4B07-ABBF-C6787A2C0525}C:\users\arian\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\arian\program files\dna\btdna.exe | 
"TCP Query User{4A83E954-E830-48F7-A299-15720E31C98E}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{4BA33F9A-3F7D-4EFD-9E99-1E1FC33E405D}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{4CBFFA5B-0CE9-4A61-B99B-9384247EC56E}E:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=e:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"TCP Query User{4CCAEABA-280D-435C-9E68-6CD1B83D59E6}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{4E4B110C-7D35-4204-9442-88B2BFE29BBA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{5671C86F-EFC7-40BC-A163-DC3E677ACC3D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{568A9489-E821-4ABF-AFF8-BCA5F901EEE1}C:\program files\langenscheidt t1 7_0\aborttranslation.exe" = protocol=6 | dir=in | app=c:\program files\langenscheidt t1 7_0\aborttranslation.exe | 
"TCP Query User{5919162A-E744-4C0F-A0FC-24A1BBAF9CE3}J:\spiele\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=j:\spiele\age of empires ii\empires2.exe | 
"TCP Query User{599BA2C9-B34A-48A0-9C88-A4B0C3348FFA}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 
"TCP Query User{5A61E940-F9F5-46CB-B578-D622FE7E74B5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{5AE4B6AD-05D3-4C9A-870D-66D945EEA8E6}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | 
"TCP Query User{63C11F43-F545-4F62-A0CB-86B6FF6B5E23}C:\users\arian\stronghold\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\arian\stronghold\stronghold crusader.exe | 
"TCP Query User{668A0ED0-CF47-4513-BA25-0DFA806E35F7}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{69942273-68CF-4E72-BC2C-810EF19B5313}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{6A1A9746-5F27-4116-9A83-FEC36F834C8D}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe | 
"TCP Query User{6A7CE717-A242-402D-9789-5F9A2FF0E534}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{6D7382D7-560D-4B6E-837C-1602438F16B1}C:\users\arian\desktop\dvd\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\dvd\age of empires ii\empires2.exe | 
"TCP Query User{6F2E7F77-B9FB-47AB-A85B-63465F97D5F8}C:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"TCP Query User{704AABC4-6D0F-4A77-A9D6-F462A88B95FB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{716219F3-FE4E-406A-BF90-26AF7BF65F65}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe | 
"TCP Query User{734F1E92-2A06-4657-84E3-9D2B6EAA1D02}C:\users\arian\desktop\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\soldat\soldat.exe | 
"TCP Query User{73902273-9B85-4039-83EB-5E36E3FF9190}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{75C4F7F8-EC65-4D50-9B11-F0E712CF8B20}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | 
"TCP Query User{84AC6EA1-5EBD-4562-B04F-D3585E541199}C:\program files\adac\accf2008_1\adac_browser.exe" = protocol=6 | dir=in | app=c:\program files\adac\accf2008_1\adac_browser.exe | 
"TCP Query User{8CA04C31-02D7-4956-A6F4-9F683CCC10ED}C:\westwood\ar2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ar2\gamemd.exe | 
"TCP Query User{8D86CCF2-D579-4FA7-BA76-02178D2F3FE5}E:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=e:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe | 
"TCP Query User{90483ED8-BFBD-4BBB-BA16-C4F8D040C93A}J:\spiele\soldat\soldat.exe" = protocol=6 | dir=in | app=j:\spiele\soldat\soldat.exe | 
"TCP Query User{99F567FB-9DFA-4ECA-B646-44BB75C9EC1E}C:\users\arian\desktop\dvd\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\dvd\soldat\soldat.exe | 
"TCP Query User{9D92CEDD-C003-4BB7-AF74-FBAD922BB495}C:\users\arian\desktop\dvd\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\dvd\flatout\flatout.exe | 
"TCP Query User{9E5F2389-3249-430D-8FA9-1621718C5498}C:\program files\lowratevoip\lowratevoip.exe" = protocol=6 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe | 
"TCP Query User{A46F0E3C-5EFD-47DE-9F80-D45C80C0E47C}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | 
"TCP Query User{A6921ED4-C45C-43E3-A0A4-307931B51B74}C:\users\arian\appdata\local\temp\rarsfx0\wwp.exe" = protocol=6 | dir=in | app=c:\users\arian\appdata\local\temp\rarsfx0\wwp.exe | 
"TCP Query User{A71916ED-297C-48E5-B1B7-88993BDF2EDF}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe | 
"TCP Query User{B23749B6-AAB2-45C5-96C4-2EB7B48841EA}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{BBEC21EA-48CE-43A6-9233-71EF3FB4746D}C:\users\arian\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\age of empires ii\empires2.exe | 
"TCP Query User{BC83967B-398D-42C0-A258-1EBE9DB90431}I:\gedöhns\flatout\flatout.exe" = protocol=6 | dir=in | app=i:\gedöhns\flatout\flatout.exe | 
"TCP Query User{BE3AA8E4-47D9-41C0-BA56-34EBDD401AFD}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{BEEA3E62-A12E-41C7-9C1F-DB6F61636CB3}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"TCP Query User{C0EED9DA-80C5-4E2B-B775-DCD33ED1A6CE}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{C14C1D09-6051-4C2F-B27F-A01A42B97C01}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{C5CF81DA-22C5-4D1E-B92F-829E011407AA}C:\users\arian\desktop\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\stronghold crusader\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{C85A5620-CE07-468C-8436-558A91C77C30}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{CC95269B-7CE3-43BE-AA52-116376B6CFA7}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe | 
"TCP Query User{CD031F30-55EE-4689-944A-7EA7BC1E6857}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{CD57761A-2295-4362-A1F1-137D336C8638}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{CD6CCEFB-4C63-47A3-A1B8-B9E9743D9B65}C:\users\arian\desktop\battlefield 1942 an nusder (nusder)\battlefield 1942 an nusder (nusder)\bf1942.exe" = protocol=6 | dir=in | app=c:\users\arian\desktop\battlefield 1942 an nusder (nusder)\battlefield 1942 an nusder (nusder)\bf1942.exe | 
"TCP Query User{CE2ED6D6-FF79-4631-98EF-C4BF47E9F596}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{D0E9315A-575B-4574-94E1-B83BFF4A97F4}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe | 
"TCP Query User{D18AE4D5-2845-4440-9772-8D816477147A}C:\bluebyte\siedler3\s3.exe" = protocol=6 | dir=in | app=c:\bluebyte\siedler3\s3.exe | 
"TCP Query User{D3EBAD0D-9DC0-4F82-8612-1C3C47D9DB10}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{DD7A9CBB-99DD-47F9-AA46-288BFFA7259F}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | 
"TCP Query User{DD93E360-10D4-4AE1-8530-B37090B36FAF}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{E24CA77A-70CB-468F-B390-672F5E895BF2}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{E443FA98-DF61-488B-B7F9-5C3A828D66F2}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{F0E91746-7AC0-4933-B414-169F29576BCE}C:\users\arian\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\users\arian\soldat\soldat.exe | 
"TCP Query User{F726E091-6E6C-4377-ACB8-5359C216E94C}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe | 
"TCP Query User{F8C24041-C40F-41C6-AB3B-A767B90F2945}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
"UDP Query User{042D5AF2-0257-4325-8EB3-EA6D54F73E92}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | 
"UDP Query User{06559BB2-0592-4FDB-B500-791509BBD3E2}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{0B1F1E02-463E-4300-B1AB-891A60B4E3CA}J:\spiele\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=j:\spiele\age of empires ii\empires2.exe | 
"UDP Query User{0BEE9CD1-110B-4192-AAFF-48211D6F2907}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe | 
"UDP Query User{0C22C145-8C44-4875-A7F9-18DAE8EF5D82}C:\program files\langenscheidt t1 7_0\stdalone\mt_alone.exe" = protocol=17 | dir=in | app=c:\program files\langenscheidt t1 7_0\stdalone\mt_alone.exe | 
"UDP Query User{0E015D25-B2FB-4CDB-B353-19DC751E4844}C:\users\arian\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\users\arian\soldat\soldat.exe | 
"UDP Query User{1566EE6C-010A-438F-A3B9-DC5930A51272}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{17F5B8C9-07AC-4A4A-87B5-004A6548F95D}C:\users\arian\appdata\local\temp\rarsfx0\wwp.exe" = protocol=17 | dir=in | app=c:\users\arian\appdata\local\temp\rarsfx0\wwp.exe | 
"UDP Query User{185E5CCC-B18E-4C45-8B61-0E61A81D50A3}C:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"UDP Query User{20B9A5DC-250A-49A6-B13E-BEBC41D6DB72}C:\program files\adac\accf2008_1\adac_browser.exe" = protocol=17 | dir=in | app=c:\program files\adac\accf2008_1\adac_browser.exe | 
"UDP Query User{20D3CAE9-BB50-4721-92AB-9E6DBBDF7BCF}I:\gedöhns\flatout\flatout.exe" = protocol=17 | dir=in | app=i:\gedöhns\flatout\flatout.exe | 
"UDP Query User{250935A6-7862-4401-BDA8-A7B152D5F17A}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{297C18CB-555B-4CF0-9BF8-38B75A72016D}E:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=e:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe | 
"UDP Query User{299C19F3-0ECA-46B7-9E4C-C89EC7DE55F2}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{2AC3A7F5-AE81-4B7A-A582-0F06EEC52EF2}C:\users\arian\desktop\dvd\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\dvd\stronghold crusader\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{2DE2400D-5AD4-483A-BE3B-7F69B037799B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{3527D317-6136-4554-91CA-E38F7DF706C4}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe | 
"UDP Query User{357D63FF-7AE7-4E0C-9CC9-F07F2157BA55}C:\program files\langenscheidt t1 7_0\aborttranslation.exe" = protocol=17 | dir=in | app=c:\program files\langenscheidt t1 7_0\aborttranslation.exe | 
"UDP Query User{35A4E9F9-8B76-4277-81F3-DE5A023DB98A}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{36A43996-ED1A-4373-8D1A-7F67F57B1224}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | 
"UDP Query User{39BBEB38-D1C1-49ED-8BA9-7A6BA02FC2E5}C:\users\arian\desktop\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\stronghold crusader\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{39CC69D7-7FA1-43C6-BE06-09F8F178519F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{3A5EE414-12F8-4602-A439-60CA26F71CAB}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe | 
"UDP Query User{3EFF0E46-0DB3-4992-8171-39BDF40C4554}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{4121EAFB-ED15-4BE6-B80E-003AD41A673B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{41AB180B-5973-4961-A6A1-DA2FFC4F960D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{48151368-A4DA-4DF6-9A9F-0BA990F24602}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{4A18A766-B259-4793-8C2E-166A2E87D800}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{4E58AAB5-813B-4A1B-8AB5-B31453935D8F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{5C6521DC-2854-43A3-ADFF-F6D0E0EB06D7}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe | 
"UDP Query User{682A58DA-5D5D-4E0F-A89A-48079A821785}C:\users\arian\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\age of empires ii\empires2.exe | 
"UDP Query User{689C4798-0043-4D6F-8964-682B494A4132}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{6A4D68B2-0B06-4A8E-A76C-04E27F7ABB1B}C:\program files\lowratevoip\lowratevoip.exe" = protocol=17 | dir=in | app=c:\program files\lowratevoip\lowratevoip.exe | 
"UDP Query User{6A88FC7F-58FD-400A-AE47-ACB23D620A06}C:\users\arian\desktop\battlefield 1942 an nusder (nusder)\battlefield 1942 an nusder (nusder)\bf1942.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\battlefield 1942 an nusder (nusder)\battlefield 1942 an nusder (nusder)\bf1942.exe | 
"UDP Query User{6B2E8521-1B32-4681-8F49-CE354FA98AE1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{75275D05-C34A-4FB9-B69B-3DCB5D0FE186}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{7EC523E7-57E5-4996-B55D-F89B5B6152F8}C:\users\arian\desktop\dvd\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\dvd\age of empires ii\empires2.exe | 
"UDP Query User{83DC567A-2390-4779-8068-51C6FCE66F02}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{88804C8B-7BBE-49FC-AFD4-3DA5898B0F6F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{8BCB0D9B-0299-47C6-9A14-5507637D0E80}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{9101CE38-72F2-4E86-BB80-83B43FA6F51B}C:\users\arian\desktop\dvd\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\dvd\age of empires ii\empires2.exe | 
"UDP Query User{94F52F6B-E72C-4BAF-AE66-805C403AFA28}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | 
"UDP Query User{968D18E6-D78C-476C-B14C-233A067C0362}C:\users\arian\desktop\dvd\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\dvd\soldat\soldat.exe | 
"UDP Query User{9E8B6A95-F584-4855-B8E4-34194BF9BD35}C:\users\arian\stronghold\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\arian\stronghold\stronghold crusader.exe | 
"UDP Query User{A1240E19-BD6A-456B-8903-094FA3E17C25}C:\users\arian\desktop\dvd\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\dvd\flatout\flatout.exe | 
"UDP Query User{A1B68938-13FF-4443-AF8B-D4253138037B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{A4856D1E-6983-40A0-A4AC-89411FB0D738}C:\bluebyte\siedler3\s3.exe" = protocol=17 | dir=in | app=c:\bluebyte\siedler3\s3.exe | 
"UDP Query User{A7F9A935-C31A-4716-A4DE-54B7B0AFB5D0}J:\spiele\soldat\soldat.exe" = protocol=17 | dir=in | app=j:\spiele\soldat\soldat.exe | 
"UDP Query User{AD228DBF-82F3-48D1-8793-04EC7C4FE284}C:\westwood\ar2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ar2\gamemd.exe | 
"UDP Query User{AD89952D-3211-4281-9053-D1B5A1F6FE5C}C:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\stats.exe | 
"UDP Query User{AF5AA539-295D-4966-8BFC-8EE87AA24104}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | 
"UDP Query User{B0B722E5-0272-44F4-93DA-5517564CC870}E:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=e:\medizinbücher\virtual\stubexe\8.0.1135\@programfiles@\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"UDP Query User{B60C3133-36F4-45C9-A6EF-86F3233713A6}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe | 
"UDP Query User{B722E867-629C-42BA-946E-271A296F483B}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{B9661A1B-1536-42BD-9321-2D0A0D18944E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{BA7CF065-D313-450A-BAC6-5BFD116B120F}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"UDP Query User{BD36C37C-88A0-43A8-BABA-5BE19E379C85}C:\users\arian\appdata\local\temp\4000002d500070d45b7622\starcraft.exe" = protocol=17 | dir=in | app=c:\users\arian\appdata\local\temp\4000002d500070d45b7622\starcraft.exe | 
"UDP Query User{BE755B45-B3F9-4F0F-84A8-9AFED3BCC27A}C:\users\arian\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\arian\program files\dna\btdna.exe | 
"UDP Query User{BF12580F-0931-477E-8EE1-203CDC24D177}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{C29F36E3-680B-4A29-B986-46276014154A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | 
"UDP Query User{CB9B1820-0F85-4009-B12C-54ECA68E402F}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe | 
"UDP Query User{D77BA0B7-01A9-4A55-8578-3983D13CCC10}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{D84E6408-9F45-43B4-854C-A8412A75478A}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe | 
"UDP Query User{DE5B24BE-C358-4060-973F-BB8EA700D078}C:\program files\anno 1602 königs-edition\1602.exe" = protocol=17 | dir=in | app=c:\program files\anno 1602 königs-edition\1602.exe | 
"UDP Query User{DFCC2991-B6F7-4FCC-A9C7-4CB28F2D6EF4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{E3A2BCC9-9723-4DE1-AADB-4823A0CA5E6A}C:\westwood\ar2\game.exe" = protocol=17 | dir=in | app=c:\westwood\ar2\game.exe | 
"UDP Query User{E41111DE-94EA-4D42-B91F-8CE7201C3B24}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{EA375A9A-5176-451A-8D6F-4E0AF5DE2ED6}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe | 
"UDP Query User{ECEE502A-A8CF-4A3B-91E3-DBA14E1FD16A}C:\users\arian\desktop\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\users\arian\desktop\soldat\soldat.exe | 
"UDP Query User{EED2EFFC-82D3-48F2-B460-FCDE7CBE8A96}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{F2F6BDDD-9586-4101-AD0C-0395CD1A8415}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F56FC22B-8C39-4AC1-B6F1-FFE5BA20B20C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{F5757CB9-6BAE-4F0E-851C-5ABC3833B618}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe | 
"UDP Query User{FA2DAADC-32C6-4024-89A1-83E6C5EA102B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{FAF1E669-B799-43D9-9CEB-B0BE45F6958D}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 
"UDP Query User{FD0EB518-A3FC-4FC1-ABBF-B934CA60A1DE}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{FF6B6E86-CB0E-4322-B5C9-5835FF8634AC}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{27E3BC84-8151-4F76-9D53-A810394CADAC}" = hpg3010
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CFA9674-2EF7-464A-A0BE-E8208263C0BF}" = Hammerexamen 0411
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D40CBCF-8437-4CBD-88DF-A25927539486}" = Camtasia Studio 8
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96F0EF0A-5852-470D-94AD-6F39DD51C3D4}" = NI LabWindows/CVI 7.1 Run Time Engine
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C012BF9F-79EA-4601-9778-BFE9B3CE83A1}" = hpg3010QFolder
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis*True*Image*WD*Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE10CFE5-FA4B-4D01-B587-7EBB77505C7E}" = 3M Littmann Introduction to Heart Sounds
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E2A59F15-F731-4062-9BB7-3C99D8F15756}" = HP Scanjet G3010
"{E5967BD4-7519-47B9-AEB8-48EE4782FD2A}" = Tacx Trainer software
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.29
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0CFDC72-63D2-4086-A54F-1514494394A0}" = Hercules DualPix HD Webcam
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 610] [2006-12-01]
"FLV Player" = FLV Player 2.0 (build 25)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Google Updater" = Google Updater
"Hactronic_is1" = Hactronic 2.02
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"ImgBurn" = ImgBurn
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LowRateVoip_is1" = LowRateVoip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mendeley Desktop" = Mendeley Desktop 0.9.9.2
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nike+ Connect" = Nike+ Connect
"NVIDIA Drivers" = NVIDIA Drivers
"RocketDock_is1" = RocketDock 1.3.5
"SopCast" = SopCast 3.4.7
"Steam App 34000" = Football Manager 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tacx Trainer software" = Tacx Trainer software
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Totalcmd" = Total Commander (Remove or Repair)
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.2
"Walter de Gruyter Pschyrembel" = Walter de Gruyter - Pschyrembel
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2617123096-2108651821-2447131207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.3.0.1009
"Sansa Updater" = Sansa Updater
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.10.2012 06:01:47 | Computer Name = VW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5263302
 
Error - 26.10.2012 06:01:47 | Computer Name = VW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5263302
 
Error - 26.10.2012 06:01:48 | Computer Name = VW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.10.2012 06:01:48 | Computer Name = VW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5264379
 
Error - 26.10.2012 06:01:48 | Computer Name = VW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5264379
 
Error - 26.10.2012 06:01:49 | Computer Name = VW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.10.2012 06:01:49 | Computer Name = VW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5265471
 
Error - 26.10.2012 06:01:49 | Computer Name = VW | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5265471
 
Error - 26.10.2012 08:36:38 | Computer Name = VW | Source = VSS | ID = 8194
Description = 
 
Error - 26.10.2012 09:51:39 | Computer Name = VW | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6662.5003 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: eb4  Anfangszeit: 01cdb380c747b8b2  Zeitpunkt
 der Beendigung: 179
 
[ Media Center Events ]
Error - 17.04.2008 13:20:50 | Computer Name = w | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
Error - 11.02.2012 03:45:37 | Computer Name = VW | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 02/11/2012 08:45:36
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
[ OSession Events ]
Error - 30.05.2008 13:25:34 | Computer Name = w | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.07.2009 12:40:53 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 69
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 21.09.2009 06:04:26 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 146
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.12.2009 09:09:43 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.01.2010 04:17:05 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.05.2010 05:57:06 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1186
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.09.2010 14:07:56 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 296
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 04.07.2011 04:34:06 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 590
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.07.2011 15:40:28 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 90
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.12.2011 06:26:41 | Computer Name = VW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.10.2012 08:48:58 | Computer Name = VW | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 26.10.2012 08:49:00 | Computer Name = VW | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.10.2012 08:49:32 | Computer Name = VW | Source = DCOM | ID = 10005
Description = 
 
Error - 26.10.2012 08:49:47 | Computer Name = VW | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 26.10.2012 08:52:19 | Computer Name = VW | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 26.10.2012 11:01:52 | Computer Name = VW | Source = DCOM | ID = 10000
Description = 
 
Error - 26.10.2012 11:02:14 | Computer Name = VW | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.10.2012 11:02:14 | Computer Name = VW | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.10.2012 11:05:12 | Computer Name = VW | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 26.10.2012 11:07:20 | Computer Name = VW | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.11 für die Netzwerkkarte mit der Netzwerkadresse
 0019D2BC5471 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
 
< End of report >
         
--- --- ---

Alt 26.10.2012, 22:30   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.10.2012, 13:03   #15
Horstmann
 
GVU Trojaner 2.07 auf Windows Vista - Standard

GVU Trojaner 2.07 auf Windows Vista



Hallo Cosinus, nochmals danke, dass du dir so viel Mühe gibst. Hab den Scan mit Malwarebytes gemacht und hänge das Logfile an. Der Scan mit ESET dauert aktuell noch an, weist aber schon 7 Funde auf, wohingegen bei Malwarebytes nix angezeigt wurde. Sobald der Scan abgeschlossen ist poste ich auch das Logfile vom ESET Online scanner!
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.27.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Arian :: VW [Administrator]

Schutz: Aktiviert

27.10.2012 09:42:08
mbam-log-2012-10-27 (09-42-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241753
Laufzeit: 11 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
So und hier ist die logfile vom ESET Online Scanner. Während des Runs wurden 7 Funde angezeigt. (überwiegend Trojaner.)
Code:
ATTFilter
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
         

Antwort

Themen zu GVU Trojaner 2.07 auf Windows Vista
acedrv05.sys, angehängt, anleitung, board, eingefangen, files, gefangen, gen, gvu trojaner, gvu trojaner 2.07, leitung, log, log files, recycle.bin, remote control, spotify web helper, troja, trojaner, trojaner board, trojaner eingefangen, vista, windows, windows vista



Ähnliche Themen: GVU Trojaner 2.07 auf Windows Vista


  1. GVU Trojaner auf Windows Vista
    Log-Analyse und Auswertung - 19.04.2014 (12)
  2. GVU - Trojaner in Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (2)
  3. Windows Vista Trojaner
    Log-Analyse und Auswertung - 09.10.2013 (17)
  4. GVU Trojaner auf windows vista
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (1)
  5. Windows Vista GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (1)
  6. gvu trojaner windows vista
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (23)
  7. GVU Trojaner Windows Vista
    Log-Analyse und Auswertung - 22.07.2013 (1)
  8. GVU/Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (5)
  9. GVU-Trojaner auf Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (1)
  10. GVU- Trojaner Windows Vista
    Log-Analyse und Auswertung - 20.01.2013 (7)
  11. GVU Trojaner , Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (23)
  12. BKA Trojaner 1.15 (Windows Vista)
    Log-Analyse und Auswertung - 05.10.2012 (37)
  13. GUV Trojaner Windows Vista
    Log-Analyse und Auswertung - 01.08.2012 (3)
  14. Windows Vista GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (8)
  15. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  16. BKA-Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  17. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)

Zum Thema GVU Trojaner 2.07 auf Windows Vista - Hallo, auch ich habe mir leider einen GVU Trojaner eingefangen und möchte Euch um Hilfe bitten. Der Anleitung auf Trojaner Board bin ich gefolgt und habe die Log Files angehängt.OTL - GVU Trojaner 2.07 auf Windows Vista...
Archiv
Du betrachtest: GVU Trojaner 2.07 auf Windows Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.