Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.12.2012, 19:19   #1
Benkhk
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Hi liebes Trojaner-Board! Ich bin neu hier aber ich werd mir Mühe geben ein angenehmer Neuling zu sein
Ich hab auf meinem Rechner gestern so einen GVU-Trojaner gefunden. Hat mir alles gesperrt, aber ich konnte noch das Benutzerkonto wechseln. Vom anderen Konto aus hab ich Malwarebytes drüber gehaun und schwupps wars auf dem anderen Konto wieder weg. Das erschien mir alles zu einfach und deshalb fänd ichs toll wenn mal wer, der ein wenig mehr Ahnung hat als ich sich das ansehen könnte. Danke im Vorraus

Habe nachdem ich hier im Forum ein bischen was über diesen Trojaner gelesen habe, aswMBR drüber laufen lassen, habe aber nichts gefixt. Hier der Log:
Zitat:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-12 18:35:58
-----------------------------
18:35:58.315 OS Version: Windows x64 6.1.7601 Service Pack 1
18:35:58.315 Number of processors: 4 586 0x2505
18:35:58.315 ComputerName: CAROSPC UserName: Benni
18:35:59.657 Initialize success
18:36:05.460 AVAST engine defs: 12121200
18:36:07.971 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:36:07.971 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
18:36:08.049 Disk 0 MBR read successfully
18:36:08.049 Disk 0 MBR scan
18:36:08.049 Disk 0 Windows 7 default MBR code
18:36:08.081 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22000 MB offset 64
18:36:08.143 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119235 MB offset 45056064
18:36:08.143 Disk 0 Partition - 00 0F Extended LBA 335703 MB offset 289251328
18:36:08.174 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 335702 MB offset 289253376
18:36:08.283 Disk 0 scanning C:\Windows\system32\drivers
18:36:36.847 Service scanning
18:36:59.935 Modules scanning
18:36:59.935 Disk 0 trace - called modules:
18:37:00.013 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:37:00.013 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c7a060]
18:37:00.013 3 CLASSPNP.SYS[fffff88001b7e43f] -> nt!IofCallDriver -> [0xfffffa80049b8470]
18:37:00.029 5 ACPI.sys[fffff88000f0e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049bc050]
18:37:01.011 AVAST engine scan C:\Windows
18:37:15.036 AVAST engine scan C:\Windows\system32
18:40:24.046 AVAST engine scan C:\Windows\system32\drivers
18:40:39.069 AVAST engine scan C:\Users\Benni
18:44:52.195 AVAST engine scan C:\ProgramData
18:54:45.588 Scan finished successfully
18:57:28.500 Disk 0 MBR has been saved successfully to "C:\Users\Benni\Desktop\MBR.dat"
18:57:28.515 The log file has been saved successfully to "C:\Users\Benni\Desktop\aswMBR1log.txt"
Habe dann noch tdss killer laufen lassen, alles geskipt, hier der Log:

Zitat:
18:57:39.0240 3780 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:57:39.0427 3780 ============================================================
18:57:39.0427 3780 Current date / time: 2012/12/12 18:57:39.0427
18:57:39.0427 3780 SystemInfo:
18:57:39.0427 3780
18:57:39.0427 3780 OS Version: 6.1.7601 ServicePack: 1.0
18:57:39.0427 3780 Product type: Workstation
18:57:39.0427 3780 ComputerName: CAROSPC
18:57:39.0427 3780 UserName: Benni
18:57:39.0427 3780 Windows directory: C:\Windows
18:57:39.0427 3780 System windows directory: C:\Windows
18:57:39.0427 3780 Running under WOW64
18:57:39.0427 3780 Processor architecture: Intel x64
18:57:39.0427 3780 Number of processors: 4
18:57:39.0427 3780 Page size: 0x1000
18:57:39.0427 3780 Boot type: Normal boot
18:57:39.0427 3780 ============================================================
18:57:39.0926 3780 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:57:40.0035 3780 ============================================================
18:57:40.0035 3780 \Device\Harddisk0\DR0:
18:57:40.0035 3780 MBR partitions:
18:57:40.0035 3780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2AF8040, BlocksNum 0xE8E1800
18:57:40.0051 3780 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x113DA800, BlocksNum 0x28FAB000
18:57:40.0051 3780 ============================================================
18:57:40.0098 3780 C: <-> \Device\Harddisk0\DR0\Partition1
18:57:40.0144 3780 D: <-> \Device\Harddisk0\DR0\Partition2
18:57:40.0144 3780 ============================================================
18:57:40.0144 3780 Initialize success
18:57:40.0144 3780 ============================================================
18:57:50.0518 1268 ============================================================
18:57:50.0518 1268 Scan started
18:57:50.0518 1268 Mode: Manual; SigCheck; TDLFS;
18:57:50.0518 1268 ============================================================
18:57:50.0940 1268 ================ Scan system memory ========================
18:57:50.0940 1268 System memory - ok
18:57:50.0940 1268 ================ Scan services =============================
18:57:51.0127 1268 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:57:51.0174 1268 1394ohci - ok
18:57:51.0205 1268 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:57:51.0220 1268 ACPI - ok
18:57:51.0252 1268 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:57:51.0267 1268 AcpiPmi - ok
18:57:51.0376 1268 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:57:51.0376 1268 AdobeARMservice - ok
18:57:51.0439 1268 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:57:51.0454 1268 adp94xx - ok
18:57:51.0486 1268 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:57:51.0501 1268 adpahci - ok
18:57:51.0532 1268 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:57:51.0532 1268 adpu320 - ok
18:57:51.0610 1268 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
18:57:51.0626 1268 ADSMService ( UnsignedFile.Multi.Generic ) - warning
18:57:51.0626 1268 ADSMService - detected UnsignedFile.Multi.Generic (1)
18:57:51.0642 1268 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:57:51.0673 1268 AeLookupSvc - ok
18:57:51.0704 1268 [ 079CBA3C5C9AB11B2B4E6BD729A860F2 ] AFBAgent C:\Windows\system32\FBAgent.exe
18:57:51.0720 1268 AFBAgent - ok
18:57:51.0766 1268 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:57:51.0782 1268 AFD - ok
18:57:51.0829 1268 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:57:51.0829 1268 agp440 - ok
18:57:51.0876 1268 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:57:51.0891 1268 ALG - ok
18:57:51.0907 1268 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:57:51.0922 1268 aliide - ok
18:57:51.0954 1268 [ 4DC67E735CF6FF48C0AA65ADDD9ED02B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:57:51.0969 1268 AMD External Events Utility - ok
18:57:51.0985 1268 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:57:52.0000 1268 amdide - ok
18:57:52.0032 1268 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:57:52.0047 1268 AmdK8 - ok
18:57:52.0203 1268 [ 83CE9DBEB00232195C55CA1A71EC4626 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:57:52.0312 1268 amdkmdag - ok
18:57:52.0344 1268 [ EDE53A9C875A1FB6281A8D25F56CCD72 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:57:52.0344 1268 amdkmdap - ok
18:57:52.0375 1268 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:57:52.0390 1268 AmdPPM - ok
18:57:52.0406 1268 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:57:52.0422 1268 amdsata - ok
18:57:52.0453 1268 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:57:52.0468 1268 amdsbs - ok
18:57:52.0484 1268 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:57:52.0484 1268 amdxata - ok
18:57:52.0578 1268 [ A122D68EA2541453F787F341877CB40B ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:57:52.0578 1268 AntiVirSchedulerService - ok
18:57:52.0624 1268 [ 2FE359EDEB34EFCF42574752F8AEBD3F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:57:52.0640 1268 AntiVirService - ok
18:57:52.0671 1268 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:57:52.0718 1268 AppID - ok
18:57:52.0749 1268 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:57:52.0780 1268 AppIDSvc - ok
18:57:52.0812 1268 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:57:52.0843 1268 Appinfo - ok
18:57:52.0890 1268 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:57:52.0905 1268 arc - ok
18:57:52.0921 1268 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:57:52.0936 1268 arcsas - ok
18:57:52.0952 1268 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
18:57:52.0952 1268 AsDsm - ok
18:57:53.0030 1268 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
18:57:53.0046 1268 ASLDRService - ok
18:57:53.0046 1268 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:57:53.0061 1268 ASMMAP64 - ok
18:57:53.0155 1268 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:57:53.0170 1268 aspnet_state - ok
18:57:53.0186 1268 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:57:53.0217 1268 AsyncMac - ok
18:57:53.0248 1268 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:57:53.0264 1268 atapi - ok
18:57:53.0326 1268 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:57:53.0436 1268 athr - ok
18:57:53.0514 1268 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:57:53.0514 1268 AtiHDAudioService - ok
18:57:53.0529 1268 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:57:53.0545 1268 ATKGFNEXSrv - ok
18:57:53.0576 1268 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:57:53.0623 1268 AudioEndpointBuilder - ok
18:57:53.0623 1268 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:57:53.0670 1268 AudioSrv - ok
18:57:53.0716 1268 [ AA8F79A1BDFC03B3BC70C44AB00589B4 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:57:53.0732 1268 avgntflt - ok
18:57:53.0763 1268 [ 852E3C0A60D368C487949E55AD52A47F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:57:53.0779 1268 avipbb - ok
18:57:53.0794 1268 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:57:53.0810 1268 avkmgr - ok
18:57:53.0841 1268 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:57:53.0872 1268 AxInstSV - ok
18:57:53.0904 1268 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:57:53.0935 1268 b06bdrv - ok
18:57:53.0966 1268 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:57:53.0997 1268 b57nd60a - ok
18:57:54.0044 1268 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:57:54.0060 1268 BDESVC - ok
18:57:54.0091 1268 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:57:54.0122 1268 Beep - ok
18:57:54.0169 1268 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:57:54.0216 1268 BFE - ok
18:57:54.0247 1268 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:57:54.0309 1268 BITS - ok
18:57:54.0340 1268 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:57:54.0356 1268 blbdrive - ok
18:57:54.0387 1268 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:57:54.0418 1268 bowser - ok
18:57:54.0450 1268 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:57:54.0465 1268 BrFiltLo - ok
18:57:54.0465 1268 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:57:54.0496 1268 BrFiltUp - ok
18:57:54.0528 1268 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:57:54.0543 1268 Browser - ok
18:57:54.0559 1268 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:57:54.0574 1268 Brserid - ok
18:57:54.0590 1268 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:57:54.0606 1268 BrSerWdm - ok
18:57:54.0621 1268 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:57:54.0637 1268 BrUsbMdm - ok
18:57:54.0637 1268 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:57:54.0652 1268 BrUsbSer - ok
18:57:54.0668 1268 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:57:54.0684 1268 BTHMODEM - ok
18:57:54.0715 1268 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:57:54.0762 1268 bthserv - ok
18:57:54.0762 1268 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:57:54.0808 1268 cdfs - ok
18:57:54.0855 1268 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:57:54.0871 1268 cdrom - ok
18:57:54.0918 1268 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:57:54.0949 1268 CertPropSvc - ok
18:57:54.0964 1268 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:57:54.0980 1268 circlass - ok
18:57:55.0011 1268 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:57:55.0027 1268 CLFS - ok
18:57:55.0105 1268 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:57:55.0120 1268 clr_optimization_v2.0.50727_32 - ok
18:57:55.0167 1268 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:57:55.0183 1268 clr_optimization_v2.0.50727_64 - ok
18:57:55.0245 1268 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:57:55.0245 1268 clr_optimization_v4.0.30319_32 - ok
18:57:55.0276 1268 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:57:55.0292 1268 clr_optimization_v4.0.30319_64 - ok
18:57:55.0323 1268 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:57:55.0339 1268 CmBatt - ok
18:57:55.0354 1268 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:57:55.0370 1268 cmdide - ok
18:57:55.0417 1268 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:57:55.0432 1268 CNG - ok
18:57:55.0479 1268 [ 1D6C3F92AF23E352875438085F6AEDEE ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:57:55.0510 1268 CnxtHdAudService - ok
18:57:55.0557 1268 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:57:55.0573 1268 Compbatt - ok
18:57:55.0604 1268 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:57:55.0620 1268 CompositeBus - ok
18:57:55.0635 1268 COMSysApp - ok
18:57:55.0651 1268 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:57:55.0666 1268 crcdisk - ok
18:57:55.0698 1268 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:57:55.0729 1268 CryptSvc - ok
18:57:55.0760 1268 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:57:55.0791 1268 DcomLaunch - ok
18:57:55.0822 1268 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:57:55.0869 1268 defragsvc - ok
18:57:55.0885 1268 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:57:55.0916 1268 DfsC - ok
18:57:55.0947 1268 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:57:55.0963 1268 Dhcp - ok
18:57:55.0994 1268 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:57:56.0025 1268 discache - ok
18:57:56.0072 1268 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:57:56.0072 1268 Disk - ok
18:57:56.0119 1268 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:57:56.0134 1268 Dnscache - ok
18:57:56.0150 1268 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:57:56.0197 1268 dot3svc - ok
18:57:56.0212 1268 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:57:56.0259 1268 DPS - ok
18:57:56.0275 1268 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:57:56.0290 1268 drmkaud - ok
18:57:56.0337 1268 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:57:56.0384 1268 DXGKrnl - ok
18:57:56.0415 1268 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:57:56.0446 1268 EapHost - ok
18:57:56.0524 1268 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:57:56.0618 1268 ebdrv - ok
18:57:56.0665 1268 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:57:56.0696 1268 EFS - ok
18:57:56.0743 1268 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:57:56.0774 1268 ehRecvr - ok
18:57:56.0805 1268 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:57:56.0821 1268 ehSched - ok
18:57:56.0868 1268 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:57:56.0899 1268 elxstor - ok
18:57:56.0914 1268 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:57:56.0930 1268 ErrDev - ok
18:57:56.0977 1268 [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
18:57:56.0977 1268 ETD - ok
18:57:57.0008 1268 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:57:57.0055 1268 EventSystem - ok
18:57:57.0086 1268 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:57:57.0117 1268 exfat - ok
18:57:57.0148 1268 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:57:57.0180 1268 fastfat - ok
18:57:57.0226 1268 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:57:57.0258 1268 Fax - ok
18:57:57.0273 1268 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:57:57.0289 1268 fdc - ok
18:57:57.0304 1268 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:57:57.0336 1268 fdPHost - ok
18:57:57.0367 1268 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:57:57.0398 1268 FDResPub - ok
18:57:57.0429 1268 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:57:57.0445 1268 FileInfo - ok
18:57:57.0460 1268 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:57:57.0492 1268 Filetrace - ok
18:57:57.0523 1268 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:57:57.0523 1268 flpydisk - ok
18:57:57.0554 1268 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:57:57.0570 1268 FltMgr - ok
18:57:57.0601 1268 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:57:57.0663 1268 FontCache - ok
18:57:57.0710 1268 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:57:57.0710 1268 FontCache3.0.0.0 - ok
18:57:57.0741 1268 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:57:57.0757 1268 FsDepends - ok
18:57:57.0772 1268 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:57:57.0788 1268 fssfltr - ok
18:57:57.0866 1268 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:57:57.0913 1268 fsssvc - ok
18:57:57.0944 1268 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:57:57.0960 1268 Fs_Rec - ok
18:57:57.0991 1268 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:57:58.0006 1268 fvevol - ok
18:57:58.0038 1268 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:57:58.0038 1268 gagp30kx - ok
18:57:58.0084 1268 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:57:58.0131 1268 gpsvc - ok
18:57:58.0147 1268 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:57:58.0162 1268 hcw85cir - ok
18:57:58.0209 1268 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:57:58.0240 1268 HdAudAddService - ok
18:57:58.0256 1268 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:57:58.0272 1268 HDAudBus - ok
18:57:58.0287 1268 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:57:58.0303 1268 HECIx64 - ok
18:57:58.0303 1268 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:57:58.0318 1268 HidBatt - ok
18:57:58.0350 1268 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:57:58.0365 1268 HidBth - ok
18:57:58.0396 1268 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:57:58.0412 1268 HidIr - ok
18:57:58.0428 1268 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:57:58.0474 1268 hidserv - ok
18:57:58.0506 1268 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:57:58.0521 1268 HidUsb - ok
18:57:58.0537 1268 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:57:58.0568 1268 hkmsvc - ok
18:57:58.0599 1268 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:57:58.0615 1268 HomeGroupListener - ok
18:57:58.0646 1268 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:57:58.0662 1268 HomeGroupProvider - ok
18:57:58.0708 1268 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:57:58.0708 1268 HpSAMD - ok
18:57:58.0755 1268 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:57:58.0786 1268 HTTP - ok
18:57:58.0833 1268 [ D96A290F699081AE737390C0FE329D7C ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:57:58.0849 1268 hwdatacard - ok
18:57:58.0880 1268 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:57:58.0896 1268 hwpolicy - ok
18:57:58.0942 1268 [ E0C7255498640FC64B19AAE17FD6F965 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
18:57:58.0974 1268 hwusbdev - ok
18:57:58.0989 1268 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:57:59.0005 1268 i8042prt - ok
18:57:59.0036 1268 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:57:59.0052 1268 iaStor - ok
18:57:59.0083 1268 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:57:59.0098 1268 iaStorV - ok
18:57:59.0161 1268 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:57:59.0208 1268 idsvc - ok
18:57:59.0223 1268 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:57:59.0239 1268 iirsp - ok
18:57:59.0270 1268 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:57:59.0332 1268 IKEEXT - ok
18:57:59.0364 1268 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:57:59.0395 1268 Impcd - ok
18:57:59.0410 1268 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:57:59.0426 1268 intelide - ok
18:57:59.0457 1268 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:57:59.0473 1268 intelppm - ok
18:57:59.0504 1268 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:57:59.0551 1268 IPBusEnum - ok
18:57:59.0566 1268 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:57:59.0598 1268 IpFilterDriver - ok
18:57:59.0629 1268 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:57:59.0660 1268 iphlpsvc - ok
18:57:59.0676 1268 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:57:59.0691 1268 IPMIDRV - ok
18:57:59.0722 1268 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:57:59.0754 1268 IPNAT - ok
18:57:59.0769 1268 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:57:59.0785 1268 IRENUM - ok
18:57:59.0800 1268 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:57:59.0816 1268 isapnp - ok
18:57:59.0847 1268 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:57:59.0863 1268 iScsiPrt - ok
18:57:59.0894 1268 [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
18:57:59.0910 1268 JMCR - ok
18:57:59.0941 1268 [ DE4B2249D95C7815D06A39EA5FF4EE53 ] JME C:\Windows\system32\DRIVERS\JME.sys
18:57:59.0941 1268 JME - ok
18:57:59.0956 1268 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:57:59.0972 1268 kbdclass - ok
18:57:59.0988 1268 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:58:00.0003 1268 kbdhid - ok
18:58:00.0034 1268 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
18:58:00.0034 1268 kbfiltr - ok
18:58:00.0066 1268 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:58:00.0081 1268 KeyIso - ok
18:58:00.0112 1268 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:58:00.0112 1268 KSecDD - ok
18:58:00.0144 1268 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:58:00.0159 1268 KSecPkg - ok
18:58:00.0175 1268 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:58:00.0222 1268 ksthunk - ok
18:58:00.0237 1268 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:58:00.0284 1268 KtmRm - ok
18:58:00.0315 1268 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:58:00.0362 1268 LanmanServer - ok
18:58:00.0393 1268 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:58:00.0424 1268 LanmanWorkstation - ok
18:58:00.0456 1268 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:58:00.0487 1268 lltdio - ok
18:58:00.0534 1268 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:58:00.0565 1268 lltdsvc - ok
18:58:00.0580 1268 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:58:00.0627 1268 lmhosts - ok
18:58:00.0705 1268 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:58:00.0705 1268 LMS ( UnsignedFile.Multi.Generic ) - warning
18:58:00.0705 1268 LMS - detected UnsignedFile.Multi.Generic (1)
18:58:00.0768 1268 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:58:00.0783 1268 LSI_FC - ok
18:58:00.0799 1268 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:58:00.0799 1268 LSI_SAS - ok
18:58:00.0814 1268 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:58:00.0830 1268 LSI_SAS2 - ok
18:58:00.0846 1268 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:58:00.0861 1268 LSI_SCSI - ok
18:58:00.0877 1268 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:58:00.0924 1268 luafv - ok
18:58:00.0939 1268 lxdn_device - ok
18:58:00.0970 1268 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys
18:58:01.0002 1268 ManyCam - ok
18:58:01.0033 1268 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:58:01.0048 1268 Mcx2Svc - ok
18:58:01.0064 1268 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:58:01.0064 1268 megasas - ok
18:58:01.0095 1268 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:58:01.0111 1268 MegaSR - ok
18:58:01.0142 1268 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:58:01.0189 1268 MMCSS - ok
18:58:01.0220 1268 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:58:01.0251 1268 Modem - ok
18:58:01.0267 1268 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:58:01.0282 1268 monitor - ok
18:58:01.0329 1268 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:58:01.0329 1268 mouclass - ok
18:58:01.0360 1268 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:58:01.0376 1268 mouhid - ok
18:58:01.0407 1268 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:58:01.0407 1268 mountmgr - ok
18:58:01.0470 1268 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:58:01.0470 1268 MozillaMaintenance - ok
18:58:01.0501 1268 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:58:01.0516 1268 mpio - ok
18:58:01.0532 1268 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:58:01.0563 1268 mpsdrv - ok
18:58:01.0610 1268 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:58:01.0657 1268 MpsSvc - ok
18:58:01.0688 1268 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:58:01.0704 1268 MRxDAV - ok
18:58:01.0735 1268 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:58:01.0750 1268 mrxsmb - ok
18:58:01.0782 1268 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:58:01.0797 1268 mrxsmb10 - ok
18:58:01.0844 1268 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:58:01.0860 1268 mrxsmb20 - ok
18:58:01.0891 1268 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:58:01.0891 1268 msahci - ok
18:58:01.0922 1268 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:58:01.0938 1268 msdsm - ok
18:58:01.0953 1268 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:58:01.0969 1268 MSDTC - ok
18:58:02.0000 1268 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:58:02.0031 1268 Msfs - ok
18:58:02.0047 1268 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:58:02.0078 1268 mshidkmdf - ok
18:58:02.0094 1268 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:58:02.0109 1268 msisadrv - ok
18:58:02.0156 1268 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:58:02.0187 1268 MSiSCSI - ok
18:58:02.0187 1268 msiserver - ok
18:58:02.0218 1268 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:58:02.0265 1268 MSKSSRV - ok
18:58:02.0265 1268 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:58:02.0312 1268 MSPCLOCK - ok
18:58:02.0328 1268 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:58:02.0359 1268 MSPQM - ok
18:58:02.0390 1268 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:58:02.0406 1268 MsRPC - ok
18:58:02.0437 1268 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:58:02.0437 1268 mssmbios - ok
18:58:02.0452 1268 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:58:02.0484 1268 MSTEE - ok
18:58:02.0499 1268 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:58:02.0515 1268 MTConfig - ok
18:58:02.0546 1268 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
18:58:02.0562 1268 MTsensor - ok
18:58:02.0562 1268 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:58:02.0577 1268 Mup - ok
18:58:02.0608 1268 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:58:02.0655 1268 napagent - ok
18:58:02.0686 1268 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:58:02.0718 1268 NativeWifiP - ok
18:58:02.0780 1268 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:58:02.0811 1268 NDIS - ok
18:58:02.0842 1268 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:58:02.0874 1268 NdisCap - ok
18:58:02.0905 1268 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:58:02.0936 1268 NdisTapi - ok
18:58:02.0967 1268 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:58:02.0998 1268 Ndisuio - ok
18:58:03.0030 1268 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:58:03.0061 1268 NdisWan - ok
18:58:03.0076 1268 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:58:03.0108 1268 NDProxy - ok
18:58:03.0123 1268 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:58:03.0154 1268 NetBIOS - ok
18:58:03.0186 1268 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:58:03.0217 1268 NetBT - ok
18:58:03.0232 1268 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:58:03.0248 1268 Netlogon - ok
18:58:03.0279 1268 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:58:03.0326 1268 Netman - ok
18:58:03.0342 1268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:58:03.0357 1268 NetMsmqActivator - ok
18:58:03.0373 1268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:58:03.0388 1268 NetPipeActivator - ok
18:58:03.0404 1268 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:58:03.0451 1268 netprofm - ok
18:58:03.0451 1268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:58:03.0451 1268 NetTcpActivator - ok
18:58:03.0466 1268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:58:03.0466 1268 NetTcpPortSharing - ok
18:58:03.0513 1268 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:58:03.0529 1268 nfrd960 - ok
18:58:03.0544 1268 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:58:03.0560 1268 NlaSvc - ok
18:58:03.0607 1268 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:58:03.0638 1268 Npfs - ok
18:58:03.0669 1268 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:58:03.0700 1268 nsi - ok
18:58:03.0700 1268 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:58:03.0747 1268 nsiproxy - ok
18:58:03.0810 1268 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:58:03.0872 1268 Ntfs - ok
18:58:03.0888 1268 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:58:03.0919 1268 Null - ok
18:58:03.0950 1268 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:58:03.0966 1268 nvraid - ok
18:58:03.0981 1268 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:58:03.0997 1268 nvstor - ok
18:58:04.0012 1268 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:58:04.0028 1268 nv_agp - ok
18:58:04.0044 1268 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:58:04.0059 1268 ohci1394 - ok
18:58:04.0106 1268 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:58:04.0137 1268 p2pimsvc - ok
18:58:04.0168 1268 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:58:04.0184 1268 p2psvc - ok
18:58:04.0215 1268 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:58:04.0231 1268 Parport - ok
18:58:04.0246 1268 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:58:04.0262 1268 partmgr - ok
18:58:04.0262 1268 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:58:04.0293 1268 PcaSvc - ok
18:58:04.0309 1268 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:58:04.0324 1268 pci - ok
18:58:04.0324 1268 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:58:04.0340 1268 pciide - ok
18:58:04.0356 1268 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:58:04.0371 1268 pcmcia - ok
18:58:04.0402 1268 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:58:04.0402 1268 pcw - ok
18:58:04.0434 1268 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:58:04.0465 1268 PEAUTH - ok
18:58:04.0543 1268 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:58:04.0558 1268 PerfHost - ok
18:58:04.0605 1268 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:58:04.0683 1268 pla - ok
18:58:04.0746 1268 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:58:04.0777 1268 PlugPlay - ok
18:58:04.0777 1268 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:58:04.0792 1268 PNRPAutoReg - ok
18:58:04.0824 1268 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:58:04.0855 1268 PNRPsvc - ok
18:58:04.0886 1268 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
18:58:04.0902 1268 Point64 - ok
18:58:04.0933 1268 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:58:04.0980 1268 PolicyAgent - ok
18:58:05.0011 1268 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:58:05.0042 1268 Power - ok
18:58:05.0073 1268 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:58:05.0120 1268 PptpMiniport - ok
18:58:05.0136 1268 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:58:05.0151 1268 Processor - ok
18:58:05.0198 1268 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:58:05.0214 1268 ProfSvc - ok
18:58:05.0229 1268 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:58:05.0245 1268 ProtectedStorage - ok
18:58:05.0292 1268 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:58:05.0323 1268 Psched - ok
18:58:05.0370 1268 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:58:05.0432 1268 ql2300 - ok
18:58:05.0463 1268 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:58:05.0479 1268 ql40xx - ok
18:58:05.0494 1268 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:58:05.0510 1268 QWAVE - ok
18:58:05.0526 1268 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:58:05.0541 1268 QWAVEdrv - ok
18:58:05.0557 1268 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:58:05.0588 1268 RasAcd - ok
18:58:05.0619 1268 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:58:05.0666 1268 RasAgileVpn - ok
18:58:05.0682 1268 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:58:05.0713 1268 RasAuto - ok
18:58:05.0744 1268 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:58:05.0775 1268 Rasl2tp - ok
18:58:05.0822 1268 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:58:05.0869 1268 RasMan - ok
18:58:05.0884 1268 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:58:05.0916 1268 RasPppoe - ok
18:58:05.0947 1268 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:58:05.0978 1268 RasSstp - ok
18:58:05.0994 1268 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:58:06.0040 1268 rdbss - ok
18:58:06.0056 1268 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:58:06.0072 1268 rdpbus - ok
18:58:06.0087 1268 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:58:06.0134 1268 RDPCDD - ok
18:58:06.0150 1268 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:58:06.0181 1268 RDPENCDD - ok
18:58:06.0181 1268 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:58:06.0212 1268 RDPREFMP - ok
18:58:06.0243 1268 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:58:06.0274 1268 RDPWD - ok
18:58:06.0306 1268 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:58:06.0321 1268 rdyboost - ok
18:58:06.0352 1268 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:58:06.0384 1268 RemoteAccess - ok
18:58:06.0415 1268 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:58:06.0446 1268 RemoteRegistry - ok
18:58:06.0540 1268 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:58:06.0555 1268 RichVideo ( UnsignedFile.Multi.Generic ) - warning
18:58:06.0555 1268 RichVideo - detected UnsignedFile.Multi.Generic (1)
18:58:06.0571 1268 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:58:06.0602 1268 RpcEptMapper - ok
18:58:06.0633 1268 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:58:06.0633 1268 RpcLocator - ok
18:58:06.0664 1268 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:58:06.0711 1268 RpcSs - ok
18:58:06.0742 1268 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:58:06.0774 1268 rspndr - ok
18:58:06.0805 1268 [ 4F55BC63DCA859A6DEDC1106E0062135 ] S3XXx64 C:\Windows\system32\DRIVERS\S3XXx64.sys
18:58:06.0820 1268 S3XXx64 - ok
18:58:06.0836 1268 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:58:06.0852 1268 SamSs - ok
18:58:06.0883 1268 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:58:06.0898 1268 sbp2port - ok
18:58:06.0914 1268 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:58:06.0961 1268 SCardSvr - ok
18:58:06.0976 1268 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:58:07.0023 1268 scfilter - ok
18:58:07.0070 1268 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:58:07.0132 1268 Schedule - ok
18:58:07.0179 1268 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:58:07.0210 1268 SCPolicySvc - ok
18:58:07.0242 1268 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:58:07.0257 1268 sdbus - ok
18:58:07.0288 1268 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:58:07.0304 1268 SDRSVC - ok
18:58:07.0335 1268 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:58:07.0382 1268 secdrv - ok
18:58:07.0398 1268 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:58:07.0444 1268 seclogon - ok
18:58:07.0460 1268 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:58:07.0491 1268 SENS - ok
18:58:07.0507 1268 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:58:07.0522 1268 SensrSvc - ok
18:58:07.0554 1268 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:58:07.0569 1268 Serenum - ok
18:58:07.0569 1268 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:58:07.0585 1268 Serial - ok
18:58:07.0600 1268 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:58:07.0616 1268 sermouse - ok
18:58:07.0647 1268 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:58:07.0678 1268 SessionEnv - ok
18:58:07.0710 1268 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:58:07.0741 1268 sffdisk - ok
18:58:07.0756 1268 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:58:07.0772 1268 sffp_mmc - ok
18:58:07.0788 1268 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:58:07.0803 1268 sffp_sd - ok
18:58:07.0819 1268 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:58:07.0834 1268 sfloppy - ok
18:58:07.0897 1268 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:58:07.0928 1268 SharedAccess - ok
18:58:07.0975 1268 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:58:08.0006 1268 ShellHWDetection - ok
18:58:08.0022 1268 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
18:58:08.0037 1268 SiSGbeLH - ok
18:58:08.0068 1268 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:58:08.0084 1268 SiSRaid2 - ok
18:58:08.0100 1268 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:58:08.0115 1268 SiSRaid4 - ok
18:58:08.0162 1268 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:58:08.0162 1268 SkypeUpdate - ok
18:58:08.0193 1268 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:58:08.0224 1268 Smb - ok
18:58:08.0256 1268 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:58:08.0271 1268 SNMPTRAP - ok
18:58:08.0334 1268 [ 2114518E55B380A3ACC28B2C27FD499A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
18:58:08.0412 1268 SNP2UVC - ok
18:58:08.0443 1268 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:58:08.0443 1268 spldr - ok
18:58:08.0474 1268 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:58:08.0505 1268 Spooler - ok
18:58:08.0583 1268 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:58:08.0708 1268 sppsvc - ok
18:58:08.0739 1268 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:58:08.0786 1268 sppuinotify - ok
18:58:08.0817 1268 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:58:08.0833 1268 srv - ok
18:58:08.0880 1268 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:58:08.0895 1268 srv2 - ok
18:58:08.0926 1268 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:58:08.0942 1268 srvnet - ok
18:58:08.0973 1268 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:58:09.0020 1268 SSDPSRV - ok
18:58:09.0020 1268 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:58:09.0067 1268 SstpSvc - ok
18:58:09.0114 1268 Steam Client Service - ok
18:58:09.0145 1268 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:58:09.0145 1268 stexstor - ok
18:58:09.0192 1268 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:58:09.0223 1268 stisvc - ok
18:58:09.0254 1268 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:58:09.0270 1268 swenum - ok
18:58:09.0285 1268 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:58:09.0332 1268 swprv - ok
18:58:09.0379 1268 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:58:09.0426 1268 SysMain - ok
18:58:09.0457 1268 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:58:09.0472 1268 TabletInputService - ok
18:58:09.0488 1268 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:58:09.0535 1268 TapiSrv - ok
18:58:09.0535 1268 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:58:09.0582 1268 TBS - ok
18:58:09.0660 1268 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:58:09.0722 1268 Tcpip - ok
18:58:09.0784 1268 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:58:09.0816 1268 TCPIP6 - ok
18:58:09.0831 1268 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:58:09.0847 1268 tcpipreg - ok
18:58:09.0878 1268 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:58:09.0894 1268 TDPIPE - ok
18:58:09.0925 1268 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:58:09.0925 1268 TDTCP - ok
18:58:09.0956 1268 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:58:09.0987 1268 tdx - ok
18:58:10.0018 1268 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:58:10.0034 1268 TermDD - ok
18:58:10.0065 1268 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:58:10.0128 1268 TermService - ok
18:58:10.0143 1268 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:58:10.0159 1268 Themes - ok
18:58:10.0174 1268 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:58:10.0206 1268 THREADORDER - ok
18:58:10.0237 1268 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:58:10.0268 1268 TrkWks - ok
18:58:10.0315 1268 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:58:10.0362 1268 TrustedInstaller - ok
18:58:10.0377 1268 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:58:10.0424 1268 tssecsrv - ok
18:58:10.0455 1268 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:58:10.0471 1268 TsUsbFlt - ok
18:58:10.0518 1268 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:58:10.0549 1268 tunnel - ok
18:58:10.0580 1268 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
18:58:10.0596 1268 TurboB - ok
18:58:10.0658 1268 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:58:10.0674 1268 TurboBoost - ok
18:58:10.0689 1268 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:58:10.0705 1268 uagp35 - ok
18:58:10.0736 1268 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:58:10.0783 1268 udfs - ok
18:58:10.0798 1268 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:58:10.0814 1268 UI0Detect - ok
18:58:10.0830 1268 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:58:10.0845 1268 uliagpkx - ok
18:58:10.0876 1268 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:58:10.0892 1268 umbus - ok
18:58:10.0923 1268 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:58:10.0939 1268 UmPass - ok
18:58:11.0017 1268 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:58:11.0064 1268 UNS ( UnsignedFile.Multi.Generic ) - warning
18:58:11.0064 1268 UNS - detected UnsignedFile.Multi.Generic (1)
18:58:11.0095 1268 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:58:11.0142 1268 upnphost - ok
18:58:11.0188 1268 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:58:11.0204 1268 usbaudio - ok
18:58:11.0220 1268 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:58:11.0251 1268 usbccgp - ok
18:58:11.0282 1268 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:58:11.0313 1268 usbcir - ok
18:58:11.0313 1268 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:58:11.0329 1268 usbehci - ok
18:58:11.0360 1268 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:58:11.0376 1268 usbhub - ok
18:58:11.0391 1268 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:58:11.0407 1268 usbohci - ok
18:58:11.0438 1268 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:58:11.0454 1268 usbprint - ok
18:58:11.0500 1268 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:58:11.0516 1268 usbscan - ok
18:58:11.0532 1268 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:58:11.0547 1268 USBSTOR - ok
18:58:11.0563 1268 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:58:11.0578 1268 usbuhci - ok
18:58:11.0594 1268 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:58:11.0610 1268 usbvideo - ok
18:58:11.0641 1268 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:58:11.0672 1268 UxSms - ok
18:58:11.0688 1268 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:58:11.0688 1268 VaultSvc - ok
18:58:11.0703 1268 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:58:11.0719 1268 vdrvroot - ok
18:58:11.0750 1268 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:58:11.0797 1268 vds - ok
18:58:11.0828 1268 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:58:11.0844 1268 vga - ok
18:58:11.0859 1268 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:58:11.0890 1268 VgaSave - ok
18:58:11.0922 1268 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:58:11.0937 1268 vhdmp - ok
18:58:11.0953 1268 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:58:11.0968 1268 viaide - ok
18:58:11.0984 1268 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:58:12.0000 1268 volmgr - ok
18:58:12.0015 1268 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:58:12.0031 1268 volmgrx - ok
18:58:12.0046 1268 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:58:12.0078 1268 volsnap - ok
18:58:12.0109 1268 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:58:12.0124 1268 vsmraid - ok
18:58:12.0171 1268 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:58:12.0249 1268 VSS - ok
18:58:12.0265 1268 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:58:12.0280 1268 vwifibus - ok
18:58:12.0280 1268 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:58:12.0296 1268 vwififlt - ok
18:58:12.0327 1268 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:58:12.0343 1268 vwifimp - ok
18:58:12.0374 1268 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:58:12.0421 1268 W32Time - ok
18:58:12.0421 1268 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:58:12.0436 1268 WacomPen - ok
18:58:12.0468 1268 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:58:12.0514 1268 WANARP - ok
18:58:12.0514 1268 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:58:12.0546 1268 Wanarpv6 - ok
18:58:12.0608 1268 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:58:12.0670 1268 WatAdminSvc - ok
18:58:12.0717 1268 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:58:12.0780 1268 wbengine - ok
18:58:12.0795 1268 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:58:12.0826 1268 WbioSrvc - ok
18:58:12.0842 1268 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:58:12.0873 1268 wcncsvc - ok
18:58:12.0889 1268 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:58:12.0904 1268 WcsPlugInService - ok
18:58:12.0920 1268 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:58:12.0936 1268 Wd - ok
18:58:12.0967 1268 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:58:12.0998 1268 Wdf01000 - ok
18:58:13.0014 1268 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:58:13.0045 1268 WdiServiceHost - ok
18:58:13.0045 1268 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:58:13.0076 1268 WdiSystemHost - ok
18:58:13.0107 1268 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:58:13.0123 1268 WebClient - ok
18:58:13.0138 1268 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:58:13.0185 1268 Wecsvc - ok
18:58:13.0201 1268 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:58:13.0232 1268 wercplsupport - ok
18:58:13.0248 1268 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:58:13.0279 1268 WerSvc - ok
18:58:13.0326 1268 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:58:13.0357 1268 WfpLwf - ok
18:58:13.0372 1268 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:58:13.0388 1268 WimFltr - ok
18:58:13.0404 1268 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:58:13.0404 1268 WIMMount - ok
18:58:13.0435 1268 WinDefend - ok
18:58:13.0435 1268 WinHttpAutoProxySvc - ok
18:58:13.0497 1268 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:58:13.0528 1268 Winmgmt - ok
18:58:13.0591 1268 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:58:13.0684 1268 WinRM - ok
18:58:13.0716 1268 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
18:58:13.0731 1268 WinUsb - ok
18:58:13.0778 1268 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:58:13.0809 1268 Wlansvc - ok
18:58:13.0856 1268 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:58:13.0872 1268 wlcrasvc - ok
18:58:13.0965 1268 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:58:14.0028 1268 wlidsvc - ok
18:58:14.0059 1268 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:58:14.0074 1268 WmiAcpi - ok
18:58:14.0106 1268 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:58:14.0121 1268 wmiApSrv - ok
18:58:14.0152 1268 WMPNetworkSvc - ok
18:58:14.0184 1268 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:58:14.0199 1268 WPCSvc - ok
18:58:14.0215 1268 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:58:14.0230 1268 WPDBusEnum - ok
18:58:14.0262 1268 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:58:14.0293 1268 ws2ifsl - ok
18:58:14.0308 1268 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:58:14.0324 1268 wscsvc - ok
18:58:14.0324 1268 WSearch - ok
18:58:14.0402 1268 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:58:14.0496 1268 wuauserv - ok
18:58:14.0511 1268 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:58:14.0527 1268 WudfPf - ok
18:58:14.0574 1268 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:58:14.0589 1268 WUDFRd - ok
18:58:14.0605 1268 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:58:14.0620 1268 wudfsvc - ok
18:58:14.0636 1268 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:58:14.0667 1268 WwanSvc - ok
18:58:14.0683 1268 ================ Scan global ===============================
18:58:14.0698 1268 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:58:14.0730 1268 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:58:14.0745 1268 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:58:14.0761 1268 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:58:14.0776 1268 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:58:14.0792 1268 [Global] - ok
18:58:14.0792 1268 ================ Scan MBR ==================================
18:58:14.0808 1268 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:58:15.0244 1268 \Device\Harddisk0\DR0 - ok
18:58:15.0244 1268 ================ Scan VBR ==================================
18:58:15.0244 1268 [ A6749B97A6D173820C1D6C8563B9BA65 ] \Device\Harddisk0\DR0\Partition1
18:58:15.0244 1268 \Device\Harddisk0\DR0\Partition1 - ok
18:58:15.0276 1268 [ 1618F9DF5B9DB9776827C808C5DA8208 ] \Device\Harddisk0\DR0\Partition2
18:58:15.0276 1268 \Device\Harddisk0\DR0\Partition2 - ok
18:58:15.0276 1268 ============================================================
18:58:15.0276 1268 Scan finished
18:58:15.0276 1268 ============================================================
18:58:15.0291 1492 Detected object count: 4
18:58:15.0291 1492 Actual detected object count: 4
19:07:51.0775 1492 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:51.0775 1492 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:07:51.0775 1492 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:51.0775 1492 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:07:51.0775 1492 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:51.0775 1492 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:07:51.0775 1492 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
19:07:51.0775 1492 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
Habe beides als Administrator ausgeführt und mein Virenprogramm war aus.

Hoffe ihr könnt mir helfen lg Benni

PS: und wenn mir jemand sagen könnte wie ich die logs in so kleine ausfahrbare Boxen packen kann wär ich super dankbar

Geändert von Benkhk (12.12.2012 um 19:24 Uhr)

Alt 13.12.2012, 16:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Hallo und

Zitat:
Vom anderen Konto aus hab ich Malwarebytes drüber gehaun und schwupps wars
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 13.12.2012, 18:33   #3
Benkhk
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Hallo Cosinus!
Danke für die schnelle Antwort

Hier der Log von der Malwarebytes Suche

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.11.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Caro :: CAROSPC [administrator]

11.12.2012 23:42:29
mbam-log-2012-12-11 (23-42-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231880
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Benni\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Benni\Downloads\SWTOR_setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Benni\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Delete on reboot.
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.

(end)
         
Avira hab ich laufen lassen, keine Funde. Den Log poste ich im nächsten Thread, der liegt irgendwo auf dem anderen Benutzerkonto ich muss erst suchen. Leider habe ich voreilig gehandelt und die Funde bei Malwarebytes gelöscht, ich hoffe ich habe dadurch nicht schwieriger gemacht.

Lg Benni

Lg Benni
__________________

Alt 13.12.2012, 19:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2012, 21:20   #5
Benkhk
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Ich hab noch mal Avira laufen lassen:

Code:
ATTFilter
 

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 13. Dezember 2012  18:34

Es wird nach 4556363 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Benni
Computername   : CAROSPC

Versionsinformationen:
BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00
AVSCAN.EXE     : 12.1.0.20     492496 Bytes  15.02.2012 19:11:46
AVSCAN.DLL     : 12.1.0.18      65744 Bytes  15.02.2012 19:11:45
LUKE.DLL       : 12.1.0.19      68304 Bytes  15.02.2012 19:11:46
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 19:18:17
AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 00:31:09
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 00:00:11
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 23:15:22
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 19:26:27
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 13:59:44
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 09:36:46
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 15:36:21
VBASE008.VDF   : 7.11.50.231     2048 Bytes  22.11.2012 15:36:21
VBASE009.VDF   : 7.11.50.232     2048 Bytes  22.11.2012 15:36:21
VBASE010.VDF   : 7.11.50.233     2048 Bytes  22.11.2012 15:36:21
VBASE011.VDF   : 7.11.50.234     2048 Bytes  22.11.2012 15:36:22
VBASE012.VDF   : 7.11.50.235     2048 Bytes  22.11.2012 15:36:22
VBASE013.VDF   : 7.11.50.236     2048 Bytes  22.11.2012 15:36:22
VBASE014.VDF   : 7.11.51.27    133632 Bytes  23.11.2012 15:36:24
VBASE015.VDF   : 7.11.51.95    140288 Bytes  26.11.2012 10:02:06
VBASE016.VDF   : 7.11.51.221   164352 Bytes  29.11.2012 22:21:17
VBASE017.VDF   : 7.11.52.29    158208 Bytes  01.12.2012 19:36:44
VBASE018.VDF   : 7.11.52.91    116736 Bytes  03.12.2012 22:15:33
VBASE019.VDF   : 7.11.52.151   137728 Bytes  05.12.2012 09:45:11
VBASE020.VDF   : 7.11.52.225   157696 Bytes  06.12.2012 18:56:08
VBASE021.VDF   : 7.11.53.35    126976 Bytes  08.12.2012 23:51:57
VBASE022.VDF   : 7.11.53.55    225792 Bytes  09.12.2012 17:10:47
VBASE023.VDF   : 7.11.53.93    157184 Bytes  10.12.2012 17:10:47
VBASE024.VDF   : 7.11.53.169   153088 Bytes  12.12.2012 16:21:54
VBASE025.VDF   : 7.11.53.170     2048 Bytes  12.12.2012 16:21:54
VBASE026.VDF   : 7.11.53.171     2048 Bytes  12.12.2012 16:21:54
VBASE027.VDF   : 7.11.53.172     2048 Bytes  12.12.2012 16:21:54
VBASE028.VDF   : 7.11.53.173     2048 Bytes  12.12.2012 16:21:54
VBASE029.VDF   : 7.11.53.174     2048 Bytes  12.12.2012 16:21:54
VBASE030.VDF   : 7.11.53.175     2048 Bytes  12.12.2012 16:21:54
VBASE031.VDF   : 7.11.53.190    18432 Bytes  12.12.2012 20:49:32
Engineversion  : 8.2.10.216
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 15:03:58
AESCRIPT.DLL   : 8.1.4.72      467323 Bytes  07.12.2012 18:56:10
AESCN.DLL      : 8.1.9.4       131445 Bytes  18.11.2012 14:30:52
AESBX.DLL      : 8.2.5.12      606578 Bytes  15.06.2012 00:12:12
AERDL.DLL      : 8.2.0.74      643445 Bytes  12.11.2012 19:47:42
AEPACK.DLL     : 8.3.0.40      815479 Bytes  12.11.2012 19:47:34
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  07.11.2012 04:24:10
AEHEUR.DLL     : 8.1.4.160    5624184 Bytes  07.12.2012 18:56:09
AEHELP.DLL     : 8.1.25.2      258423 Bytes  25.10.2012 22:44:13
AEGEN.DLL      : 8.1.6.10      438646 Bytes  18.11.2012 14:30:35
AEEXP.DLL      : 8.2.0.18      123253 Bytes  07.12.2012 18:56:10
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 15:03:55
AECORE.DLL     : 8.1.29.2      201079 Bytes  12.11.2012 19:46:19
AEBB.DLL       : 8.1.1.4        53619 Bytes  07.11.2012 04:23:51
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  15.12.2011 13:59:41
AVPREF.DLL     : 12.1.0.17      51920 Bytes  15.12.2011 13:59:38
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 19:18:17
AVARKT.DLL     : 12.1.0.23     209360 Bytes  15.02.2012 19:11:45
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  15.12.2011 13:59:37
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  15.12.2011 13:59:50
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  15.12.2011 13:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  15.12.2011 13:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  15.12.2011 13:59:58
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  15.12.2011 13:59:59

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Donnerstag, 13. Dezember 2012  18:34

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxdnMsdMon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CMAWatcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CMA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ezprint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxdnmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2491' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\D\91\D99C9d01
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JS.Expack.CW
Beginne mit der Suche in 'D:\' <Data>
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.

Beginne mit der Desinfektion:
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\D\91\D99C9d01
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JS.Expack.CW
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '549197ab.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 13. Dezember 2012  21:17
Benötigte Zeit:  1:18:16 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  40524 Verzeichnisse wurden überprüft
 843664 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 843663 Dateien ohne Befall
  12531 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
         
Hoffe das hilft weiter... aber die vier Logs die ich dann jetzt gepostet habe sind alle die ich gemacht habe.

Lg Benni


Alt 14.12.2012, 09:36   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...

Alt 14.12.2012, 14:18   #7
Benkhk
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



So... hab combofix laufen lassen:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-14.01 - Benni 14.12.2012  14:01:34.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3949.2412 [GMT 1:00]
ausgeführt von:: c:\users\Benni\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-14 bis 2012-12-14  ))))))))))))))))))))))))))))))
.
.
2012-12-14 13:09 . 2012-12-14 13:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-14 13:09 . 2012-12-14 13:09	--------	d-----w-	c:\users\Caro\AppData\Local\temp
2012-12-13 20:27 . 2012-12-13 20:27	--------	d-----w-	c:\users\Caro\AppData\Local\Macromedia
2012-12-13 11:46 . 2012-12-13 11:46	--------	d-----w-	c:\users\Benni\AppData\Local\Macromedia
2012-12-13 11:43 . 2012-12-13 11:43	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 15:37 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 15:36 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 15:36 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-12 15:36 . 2012-11-05 21:35	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-12 15:36 . 2012-11-05 20:41	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-12 15:36 . 2012-11-05 20:32	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-12 15:36 . 2012-11-05 20:32	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-11 22:48 . 2012-12-11 22:48	--------	d-----w-	c:\users\Caro\AppData\Roaming\CyberLink
2012-12-11 22:48 . 2012-12-11 22:48	--------	d-----w-	c:\users\Public\CyberLink
2012-12-11 22:42 . 2012-12-11 22:42	--------	d-----w-	c:\users\Caro\AppData\Roaming\Malwarebytes
2012-11-27 14:55 . 2012-11-27 14:55	--------	d-----w-	c:\users\Benni\AppData\Local\Chromium
2012-11-17 21:57 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-17 21:57 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 21:57 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 21:57 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-17 14:31 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 14:31 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 14:31 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-17 14:31 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-17 14:31 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-17 14:31 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 14:31 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-16 18:45 . 2012-09-25 22:47	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-11-16 18:45 . 2012-09-25 22:46	95744	----a-w-	c:\windows\system32\synceng.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 11:43 . 2011-07-27 01:35	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:56 . 2011-07-14 20:19	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 10:09	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 10:09	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 10:09	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-12 15:37	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-09-29 18:54 . 2011-07-15 01:29	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-07 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"lxdnmon.exe"="c:\program files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
"lxdnamon"="c:\program files (x86) (x86)\Lexmark 2600 Series\lxdnamon.exe" [2010-02-04 16040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Inhaltsmanager-Assistent für PlayStation(R).lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-7-23 2796000]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 113792]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2011-09-07 70016]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-11 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2011-09-29 27136]
S3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
"EzPrint"="c:\program files (x86)\Lexmark 2600 Series\ezprint.exe" [2010-02-04 107176]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\8xaak6hx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-14  14:13:39
ComboFix-quarantined-files.txt  2012-12-14 13:13
.
Vor Suchlauf: 14 Verzeichnis(se), 38.938.091.520 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 39.083.048.960 Bytes frei
.
- - End Of File - - C2FB7F88821F14E7006C43D679109A18
         
--- --- ---


Vielen Dank schon mal für deine Zeit Du bist ne große Hilfe!

Lg Benni

Alt 14.12.2012, 15:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.12.2012, 16:43   #9
Benkhk
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Gut, hab ich gemacht, hier das Logfile:

Code:
ATTFilter
# AdwCleaner v2.100 - Datei am 14/12/2012 um 16:41:43 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Benni - CAROSPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Benni\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin-2.xml
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Benni\AppData\LocalLow\AskToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\prefs.js

Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=");

Profilname : default 
Datei : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\8xaak6hx.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1788 octets] - [14/12/2012 16:41:43]

########## EOF - C:\AdwCleaner[R1].txt - [1848 octets] ##########
         
lg und danke Benni

Alt 16.12.2012, 14:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.12.2012, 21:34   #11
Benkhk
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Hallo nochmal
Danke das du mir so regelmäßig hilfst!

Das Logfile von adwcleaner:

Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 16/12/2012 um 21:10:15 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Benni - CAROSPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Benni\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\searchplugins\icqplugin-2.xml
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Benni\AppData\LocalLow\AskToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\1lgfiyy2.default\prefs.js

Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=");

Profilname : default 
Datei : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\8xaak6hx.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1790 octets] - [16/12/2012 21:10:15]

########## EOF - C:\AdwCleaner[S1].txt - [1850 octets] ##########
         
und die zwei OTL Files:

Code:
ATTFilter
OTL logfile created on: 12/16/2012 9:13:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benni\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 66.57% Memory free
7.71 Gb Paging File | 6.29 Gb Available in Paging File | 81.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 35.30 Gb Free Space | 30.32% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 195.70 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
 
Computer Name: CAROSPC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benni\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\384ca76c4a02cf94dd8f4b2ef89d2ebf\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\474914b7c8b9b5056943488991a57edc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\391c954f32c93ef679256ecdf316f6fe\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ea10f3231995d893967a191b9d19805\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\10dca0c97b8703d895d026e645b6a1bc\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files (x86)\Lexmark 2600 Series\iptk.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (lxdn_device) -- C:\Windows\SysWOW64\lxdncoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla\components [2012/12/09 00:52:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla\plugins [2012/12/12 17:17:13 | 000,000,000 | ---D | M]
 
[2011/07/15 00:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions
[2012/10/25 23:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\8xaak6hx.default\extensions
 
O1 HOSTS File: ([2012/12/14 14:11:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [lxdnamon] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.6.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12D72C37-AC43-4CDA-9E43-FD15DEA838A2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3301EAF3-F98D-4520-BB18-7BE343A023D4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/16 21:03:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012/12/15 00:01:51 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2012/12/14 23:59:28 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncobjapi.dll
[2012/12/14 23:59:28 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncobjapi.dll
[2012/12/14 23:59:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Register-CimProvider.exe
[2012/12/14 23:59:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Register-CimProvider.exe
[2012/12/14 23:59:16 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2012/12/14 23:59:16 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2012/12/14 23:59:16 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2012/12/14 23:59:15 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2012/12/14 23:59:15 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2012/12/14 23:59:15 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2012/12/14 23:59:15 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2012/12/14 23:59:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2012/12/14 23:59:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2012/12/14 23:59:15 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2012/12/14 23:59:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2012/12/14 23:59:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2012/12/14 23:59:15 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2012/12/14 23:59:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2012/12/14 23:59:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2012/12/14 23:59:11 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prvdmofcomp.dll
[2012/12/14 23:59:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2012/12/14 23:59:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2012/12/14 23:59:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PSModuleDiscoveryProvider.dll
[2012/12/14 23:59:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAgent.dll
[2012/12/14 23:59:10 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mi.dll
[2012/12/14 23:59:10 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2012/12/14 23:59:10 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mi.dll
[2012/12/14 23:59:10 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prvdmofcomp.dll
[2012/12/14 23:59:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012/12/14 23:59:10 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2012/12/14 23:59:10 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2012/12/14 23:59:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2012/12/14 23:59:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2012/12/14 23:59:10 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAgent.dll
[2012/12/14 23:59:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2012/12/14 23:59:10 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2012/12/14 23:59:09 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2012/12/14 23:59:09 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2012/12/14 23:59:07 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmidcom.dll
[2012/12/14 23:59:07 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmitomi.dll
[2012/12/14 23:59:07 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmidcom.dll
[2012/12/14 23:59:06 | 000,309,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2012/12/14 23:59:06 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
[2012/12/14 23:59:06 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
[2012/12/14 23:59:06 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2012/12/14 23:59:06 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\miutils.dll
[2012/12/14 23:59:06 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmitomi.dll
[2012/12/14 23:59:06 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
[2012/12/14 23:59:06 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll
[2012/12/14 23:59:06 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\miutils.dll
[2012/12/14 23:59:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2012/12/14 23:59:06 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2012/12/14 23:59:05 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmGCDeps.dll
[2012/12/14 23:59:05 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmGCDeps.dll
[2012/12/14 23:59:05 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn2.dll
[2012/12/14 23:59:05 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemcomn2.dll
[2012/12/14 23:59:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2012/12/14 23:59:05 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2012/12/14 23:58:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/14 23:58:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/14 23:58:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/12/14 23:58:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/12/14 23:58:27 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/12/14 23:58:24 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/12/14 23:58:24 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/12/14 23:58:24 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/12/14 23:58:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/12/14 23:58:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/12/14 23:58:24 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/12/14 23:58:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/12/14 23:58:24 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/12/14 23:58:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/12/14 23:58:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/12/14 23:58:23 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/12/14 23:58:23 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/12/14 23:58:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/12/14 23:58:23 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/12/14 23:58:23 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/12/14 23:58:22 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/12/14 23:58:22 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/12/14 23:58:22 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/12/14 23:58:22 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/12/14 23:57:40 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/12/14 23:57:40 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/12/14 23:57:38 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/12/14 23:57:38 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/12/14 16:41:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/14 14:13:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/14 13:58:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/14 13:58:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/14 13:58:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/14 13:58:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/14 13:58:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/13 12:46:44 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\Macromedia
[2012/12/13 12:43:23 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/12 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Neuer Ordner
[2012/12/12 17:17:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/12/12 16:55:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 16:55:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 16:55:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 16:55:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 16:55:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 16:55:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 16:55:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 16:55:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 16:55:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 16:55:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 16:55:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 16:55:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 16:55:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 16:55:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 16:55:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 16:37:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 16:37:08 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 16:37:08 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 16:37:08 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 16:37:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 16:37:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 16:37:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 16:37:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 16:37:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 16:37:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 16:37:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 16:37:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 16:37:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:37:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:37:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:37:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:37:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:37:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:37:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 16:36:47 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 16:36:47 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/12 16:36:46 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/12 16:36:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/12 16:36:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/12 16:36:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/12 00:11:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Benni\Desktop\TDSSKiller.exe
[2012/12/12 00:10:44 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Benni\Desktop\aswMBR.exe
[2012/11/30 05:00:08 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Daten
[2012/11/27 15:55:41 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\Chromium
[2012/11/17 22:57:23 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/17 22:57:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/17 15:31:39 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/17 15:31:37 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/17 15:31:37 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/17 15:31:36 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/16 21:17:32 | 001,642,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/16 21:17:32 | 000,707,566 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/12/16 21:17:32 | 000,661,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/16 21:17:32 | 000,153,126 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/12/16 21:17:32 | 000,125,334 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/16 21:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/16 21:11:10 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/16 21:05:14 | 000,547,175 | ---- | M] () -- C:\Users\Benni\Desktop\adwcleaner.exe
[2012/12/16 21:03:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012/12/15 12:03:29 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/15 12:03:29 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/14 14:11:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/13 20:10:36 | 000,002,096 | ---- | M] () -- C:\Users\Benni\Desktop\Avira Free Antivirus Profil Aktive Prozesse.LNK
[2012/12/13 12:43:23 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/13 12:43:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/12 18:57:28 | 000,000,512 | ---- | M] () -- C:\Users\Benni\Desktop\MBR.dat
[2012/12/12 17:31:03 | 000,327,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/12 00:11:17 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Benni\Desktop\aswMBR.exe
[2012/11/30 04:58:15 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/12/16 21:05:14 | 000,547,175 | ---- | C] () -- C:\Users\Benni\Desktop\adwcleaner.exe
[2012/12/14 23:59:16 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012/12/14 23:59:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012/12/14 23:59:14 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012/12/14 23:59:12 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/14 23:59:07 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012/12/14 13:58:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/14 13:58:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/14 13:58:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/14 13:58:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/14 13:58:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/13 20:10:36 | 000,002,096 | ---- | C] () -- C:\Users\Benni\Desktop\Avira Free Antivirus Profil Aktive Prozesse.LNK
[2012/12/12 18:21:30 | 000,000,512 | ---- | C] () -- C:\Users\Benni\Desktop\MBR.dat
[2012/11/17 22:57:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 15:31:36 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/05/12 01:19:31 | 000,011,304 | ---- | C] () -- C:\Users\Benni\gsview64.ini
[2012/04/24 08:44:38 | 004,384,590 | ---- | C] () -- C:\Users\Benni\24.04.2012 09;44;30.BMP
[2012/04/24 08:44:30 | 004,380,654 | ---- | C] () -- C:\Users\Benni\24.04.2012 09;44;00.BMP
[2012/04/24 08:27:59 | 000,064,200 | ---- | C] () -- C:\Users\Benni\studbeschUDE.pdf
[2012/04/24 08:26:55 | 000,114,484 | ---- | C] () -- C:\Users\Benni\Dispo Julia.pdf
[2012/04/24 08:26:55 | 000,111,899 | ---- | C] () -- C:\Users\Benni\OBV Julia.pdf
[2012/04/24 08:26:55 | 000,071,373 | ---- | C] () -- C:\Users\Benni\Schufa Julia.pdf
[2012/03/21 23:22:08 | 000,000,297 | -H-- | C] () -- C:\ProgramData\wb764821reg.bin
[2012/02/04 18:21:04 | 000,150,806 | ---- | C] () -- C:\Users\Benni\charakterblatt.pdf
[2012/01/30 10:33:40 | 000,027,124 | ---- | C] () -- C:\Users\Benni\Abschlussklausuren_WiSe_11_12_Stand_20_01_2012.pdf
[2011/12/21 08:10:27 | 000,000,093 | ---- | C] () -- C:\Users\Benni\AppData\Local\fusioncache.dat
[2011/12/21 08:09:29 | 001,620,114 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/07/25 13:04:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/07/25 13:04:13 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/07/15 00:05:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/14 19:53:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/14 19:17:27 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2011/07/14 19:17:26 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2011/07/14 19:17:26 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2011/07/14 19:17:26 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2011/07/14 19:17:26 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2011/07/14 19:17:25 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2011/07/14 19:17:25 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2011/07/14 19:17:25 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2011/07/14 19:17:24 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2011/07/14 19:17:24 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2011/07/14 19:17:24 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2011/07/14 19:17:23 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2011/07/14 19:17:23 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2011/07/14 19:17:23 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2011/07/14 19:17:22 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2011/07/14 18:06:16 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/02/17 02:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/17 02:16:37 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 12/16/2012 9:13:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benni\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 66.57% Memory free
7.71 Gb Paging File | 6.29 Gb Available in Paging File | 81.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 35.30 Gb Free Space | 30.32% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 195.70 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
 
Computer Name: CAROSPC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030EDBDD-A010-4B7B-A58D-7BE1047F7495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{03267E6B-C575-4281-893B-972B7D637BEC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0A59AE65-FF01-4831-B6DD-565CC9EA5502}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1CC5FF0A-E7F4-4336-9243-23BA5DE83434}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24CC9489-2617-4DCA-A0F6-77E3985F65FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{298BBABA-E552-478C-9BB5-9317098CFB7D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29C441CE-947C-4B04-BFF9-A7E5C6390C95}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2BC21A29-F3C3-4225-BEE1-4ADF1F26C464}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E334304-5E2F-4EF2-8C32-BC7CAA90A50A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{45399A07-9F26-431D-9725-C4351D9529A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{48EE7934-9F80-4564-A748-BF6B06EE0BE1}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{4ED58E37-E8A7-4CE7-BB9F-424A2EB3EDAB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5A5DD1D1-C49A-48E0-B797-08B5A5673007}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5F7CBE69-CB86-4399-B2B1-F5F72A429E93}" = lport=6112 | protocol=6 | dir=in | name=guild wars port | 
"{61112CC9-B530-4C16-9EED-381C8310B2C3}" = lport=80 | protocol=6 | dir=in | name=guild wars port 2 | 
"{6312EFAB-FEDD-4A84-9DDB-0E4887C4CA4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{63902689-266B-4135-B33A-B87C78866230}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{84898C70-E6E1-4A7B-967B-F4DEB609A3DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8BC2417A-EA48-4264-B0D8-C2189067A9F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8CC74A26-CD8B-4D5A-8086-113FFC251ACF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{97FD8AAB-2030-45CE-B06E-7F7D478E8331}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{98675E31-E1D1-44E5-9A40-0EC599B69AF2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{98717726-4488-43F0-AF06-3F99478BC257}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{9A1ECAD6-DC3B-44FF-BBE4-9D1624B8E316}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9E755F2F-21F7-44EC-B5B7-4A459956C72C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AE1781C2-DAA6-432A-AA79-CEF8EFE1CE73}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B2A328D4-F5F5-49A9-9FB5-B839DF50D018}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BEF2D0DF-E062-46AA-9E26-209EEA46F9A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C0B57638-B45C-4A07-BF7E-8C5A9B91EF65}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CCC99F0E-6C1B-4C3D-AC03-ED0D4F19B7B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF03EFA6-DA0C-4CBB-9644-DF7B27D0EE56}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DD2D0695-01A8-4F2D-A74C-9646CA3DC5E3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F5960634-436D-4113-8436-7D910B1D02F6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F833D51F-E752-48CF-9B44-CDDDD8D9FCD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD7D2E60-F952-4509-BA18-4C2EB6360CAF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FE0CE854-29CB-4EA4-BAD0-62C23A34E716}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FE36F149-0E35-4346-9B1D-34CEE6ACEE8D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002A5155-5E01-49EB-A47D-85A501FDBA16}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{03E5EC65-B238-4F38-AC78-3493CC8A7EDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AC4A29E-05C1-4A8B-AA9F-3D33783901C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AE33BE0-94F3-4472-A2D0-11A005BEC846}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0D3FBCF1-5DA0-48E2-871B-A1DAC39A0803}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{0D7ACDFB-D873-46B2-8B49-A5918357F570}" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"{17DDB4AD-C874-4C0F-9733-A95DCEF80FB1}" = protocol=6 | dir=in | app=c:\programme\icq7.5\icq.exe | 
"{26E0EF51-CA72-4DF3-A173-A83930E47732}" = protocol=6 | dir=in | app=d:\age of conan\ageofconan.exe | 
"{29DBF4AB-1AAD-40C8-A8E4-20F231AD3586}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe | 
"{2D592F2B-F45C-4AAE-B5B7-57DD1591A4D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2F27BD88-D469-4B8F-975C-DECC937E0E94}" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"{31CA389E-E9A4-4A83-969D-C473E99F330B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{34E04FE2-FDA2-48C1-A7ED-4A094B4203BA}" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"{364046AE-FD54-4226-84E9-2DFDB63D3164}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe | 
"{3E450806-5D37-43D6-A1EF-4CBF878E96FF}" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"{3E9D8153-469A-4797-8685-50A7D9BCCB19}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"{407CC31D-7F3A-4CF4-86F7-C75F99864955}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4200286B-0617-49D5-8299-9C8A7FBEC243}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{427B3229-5B0E-4864-A920-295622C33D66}" = protocol=17 | dir=in | app=c:\programme\icq7.5\icq.exe | 
"{430D21D5-058C-47C1-900E-6A607C063A10}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | 
"{51C4AB89-BC9E-4DBD-832A-FF9D06404703}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"{51EE3C12-8A45-433A-96F6-19BEB67FC15E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{551F43D5-2145-461A-878F-48FDE37FB417}" = protocol=17 | dir=in | app=c:\programme\icq7.5\icq.exe | 
"{5941F2A3-7744-48F0-8C91-EF2AD6FCB03B}" = protocol=17 | dir=in | app=d:\age of conan\ageofconan.exe | 
"{5FA1AE5E-5291-4F5C-8907-823EDA1079AE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{618562C9-2514-4645-9C42-C6684433685B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{643885A5-24FF-4B6E-81B3-8B7516D59A1C}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\frun.exe | 
"{65AE8F89-1C2A-4B47-B841-1553538946D7}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{6745BDF1-F794-4A03-AE08-20E39B1A8AE6}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnamon.exe | 
"{68F9F02E-8B56-4FBD-875B-7D3C27BFF1F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6B9638CB-83CB-4851-8595-CFF655BF2570}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{796D9052-4DCF-4022-A281-6ACDFE5EAD36}" = protocol=6 | dir=in | app=d:\age of conan\conanpatcher.exe | 
"{804E33AF-31A0-44E3-9EB5-8AF45118A3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
"{85340105-ABBA-4CE1-944F-FD3C70E5B658}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{856978CB-D3A7-4644-A484-15A703ECA0ED}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{88CCD9B2-3D60-4B2D-8BC5-EE9094FB07EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe | 
"{8970EF0B-5A4A-4953-B456-26EFA7B72477}" = protocol=6 | dir=in | app=c:\programme\icq7.5\icq.exe | 
"{947CA469-79D7-4D36-B217-1C2BE96F0113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95100AE9-FF06-4FFA-A572-9D627B52618D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{96A807DD-126D-464A-A5DE-6F42A14FC5A0}" = protocol=17 | dir=in | app=d:\age of conan\conanpatcher.exe | 
"{9F1DA2FF-D81D-42FD-BEC5-6B28F82756D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe | 
"{A1BCD055-C431-4BA3-8BBD-F368DC03C1AE}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdntime.exe | 
"{A7CFE010-81B1-4D0A-A06B-42AA3EABF2B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A877763B-7EF3-4C6D-87EA-5D4FAF91C582}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"{B225034A-8900-4DFF-989B-CDE0B2E5AA56}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B63E16D4-848C-43D2-8623-B7372CC904BE}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnamon.exe | 
"{BE981FA8-B76B-49DA-BE28-28757817FA37}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BEBA321C-3CC2-4B5B-8FF2-8AE94EFB0678}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\frun.exe | 
"{C0AE2113-DEFD-4926-A331-1C3805CF8742}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C33F007A-5931-4AD1-9AAD-9C37D971740D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C6717B72-ECAD-452F-A1E9-2D71992C471B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | 
"{CA804F1B-3DB6-4EA2-A36E-927728D450CD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D012D7F9-0C48-49FD-9517-D6652F36DDC3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D07E34F6-33F7-4E64-AC78-1D5633F54116}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D08B299E-865C-4215-A04C-64E3552787CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D9881B96-8FBB-4E44-8800-BF99CF303624}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E4941BF1-316F-4A89-94A1-8F80B0876AC4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{E9059FBD-58BC-4D6E-9F68-D6C8498B0818}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EB18B8B7-477B-45A3-9650-5ACAAD3A83E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB6F5191-BCBA-4B7D-B640-DEC84B91CB8B}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
"{ED1B8027-E40F-4B79-9F07-CD09B73B86BF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | 
"{EE137AEE-CCA9-4380-B22F-1EE06338386C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"{F64F04E5-D3E1-4736-8E30-85B692251AC8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | 
"{F77B4C4B-472D-46F6-BB10-9BB6A1C65556}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{FA329B8D-C95F-45DA-AD13-21EC3AE1319D}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdntime.exe | 
"{FA86863F-A687-4C4D-AD8F-DA69EE98EF61}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdncoms.exe | 
"{FBC63369-6C4C-45B1-BFD9-7698B85AA3F6}" = protocol=6 | dir=out | app=system | 
"{FEB72D96-BC99-4D6C-AD98-BE6AAD195D43}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdncoms.exe | 
"TCP Query User{1E375CEB-D053-4AF6-899E-569F2B560B64}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"TCP Query User{2BADE5DC-D2F3-404C-B4E2-B3ED4E704053}C:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=6 | dir=in | app=c:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe | 
"TCP Query User{4651A64E-92C3-4663-B7B6-85E949EE8D0D}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe | 
"TCP Query User{46F99958-F380-405D-B5DE-A678CC6A1F87}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{5A3CF9A4-DCC4-4D5E-8790-11F6A257C592}C:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe | 
"TCP Query User{BEB755DC-78FF-4074-8746-C0AAB44A571C}D:\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=d:\age of conan\ageofconan.exe | 
"TCP Query User{CAB08706-B9E7-4EE6-95E1-220DEFF80D55}D:\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"TCP Query User{E4BC9E91-2806-4F30-9E31-BC6754F865C5}C:\programme\mozilla\plugin-container.exe" = protocol=6 | dir=in | app=c:\programme\mozilla\plugin-container.exe | 
"TCP Query User{EA2BAB5C-904F-45B9-889E-F22241943156}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
"TCP Query User{F31F7E03-BDA0-45E6-8C63-DF253446B061}D:\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=d:\age of conan\conanpatcher.exe | 
"TCP Query User{F7615E10-84A2-48E5-AFAA-06F6B9803511}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"UDP Query User{12C98D6F-F701-4EDC-80EB-6F62E536A976}D:\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"UDP Query User{20E357A4-EF0D-4B9D-A221-E9BC44534237}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"UDP Query User{6FE14D52-5738-4B42-9072-3F6A9F223CFE}C:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=17 | dir=in | app=c:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe | 
"UDP Query User{97E2EF08-0593-4C75-AD95-727BBE4134BF}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{97F64765-9A66-482C-A074-D76583627416}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"UDP Query User{A18BCDC5-D04A-46FF-9CBB-E7573C6B6F82}D:\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=d:\age of conan\conanpatcher.exe | 
"UDP Query User{AE32B9FC-1D73-4488-8016-99F9D7F9D37B}D:\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=d:\age of conan\ageofconan.exe | 
"UDP Query User{B5629D33-1BDC-49B3-BD75-8E0085188B8E}C:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe | 
"UDP Query User{F40E4509-980C-4396-888F-F580C7694E97}C:\programme\mozilla\plugin-container.exe" = protocol=17 | dir=in | app=c:\programme\mozilla\plugin-container.exe | 
"UDP Query User{F8B42ACE-0E88-49EC-9E42-ABBBFB09F075}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe | 
"UDP Query User{FB79F0E7-B1C2-4774-B04F-6752FF29F848}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL
"Lexmark 2600 Series" = Lexmark 2600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{438134D3-0BD4-4C52-8575-5B2B63AD01C2}" = RUBICon
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71FB874A-A992-4ED6-9522-6EFF78ADDDCB}_is1" = Das große DGS Wörterbuch Update 1.0.2.6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DC8FA1C1-BE26-4889-85F1-A98AE6E37979}" = Inhaltsmanager-Assistent für PlayStation(R)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Conan_is1" = Age of Conan: Unchained
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"ManyCam" = ManyCam 2.6.65 (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 23310" = The Last Remnant
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Vampire Editor" = Vampire Editor
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/17/2012 12:04:17 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2012 9:21:10 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/19/2012 1:54:55 AM | Computer Name = CarosPC | Source = RasClient | ID = 20227
Description = 
 
Error - 10/24/2012 10:32:30 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/24/2012 7:02:59 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/25/2012 8:34:48 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/28/2012 1:57:24 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/29/2012 4:46:53 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/29/2012 7:31:11 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11/3/2012 6:51:43 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11/3/2012 11:01:16 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 12/12/2012 12:00:36 PM | Computer Name = CarosPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2779030)
 
Error - 12/12/2012 12:00:36 PM | Computer Name = CarosPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0902 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 12/14/2012 4:26:16 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7034
Description = Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 12/14/2012 9:05:18 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 12/14/2012 9:08:34 AM | Computer Name = CarosPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 12/14/2012 9:11:05 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >
         
Ich hoffe, das stimmt alles so

lg Benni

Alt 17.12.2012, 18:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:Files
C:\ProgramData\wb764821reg.bin
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2012, 21:45   #13
Benkhk
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Hi! Während OTL lief, hat sich der Rechner aufgehängt, ich hab dann irgendwann über den Taskmanager OTL beendet, dann hat der Rechner sofort neu gestartet. Als er wieder hoch gefahren war, hat OTL aber was ausgespuckt:

Code:
ATTFilter
All processes killed
========== FILES ==========
C:\ProgramData\wb764821reg.bin moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Benni\Desktop\cmd.bat deleted successfully.
C:\Users\Benni\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Benni
->Temp folder emptied: 40137 bytes
->Temporary Internet Files folder emptied: 11485846 bytes
->Java cache emptied: 19748256 bytes
->FireFox cache emptied: 818398171 bytes
->Flash cache emptied: 5238 bytes
 
User: Caro
->Temp folder emptied: 300716 bytes
->Temporary Internet Files folder emptied: 6839191 bytes
->Java cache emptied: 4358 bytes
->FireFox cache emptied: 243798995 bytes
->Flash cache emptied: 58269 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7032 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,050.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 12172012_213123

Files\Folders moved on Reboot...
C:\Users\Benni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Benni\AppData\Local\Mozilla\Firefox\Profiles\8xaak6hx.default\_CACHE_CLEAN_ moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Ich hoffe ich war nicht zu vorschnell und hab damit irgendwas angestellt... lg Benni

Alt 17.12.2012, 23:41   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Scheint ok zu sein...Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.12.2012, 15:38   #15
Benkhk
 
GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Standard

GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...



Ok, da bin ich schon Mal ein wenig beruhigt

Die Logs von OTL:

Code:
ATTFilter
OTL logfile created on: 12/18/2012 2:38:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benni\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 69.03% Memory free
7.71 Gb Paging File | 6.21 Gb Available in Paging File | 80.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 35.24 Gb Free Space | 30.26% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 195.70 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
 
Computer Name: CAROSPC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benni\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\384ca76c4a02cf94dd8f4b2ef89d2ebf\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\474914b7c8b9b5056943488991a57edc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\391c954f32c93ef679256ecdf316f6fe\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ea10f3231995d893967a191b9d19805\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\10dca0c97b8703d895d026e645b6a1bc\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmsdmon.exe ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Program Files (x86) (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files (x86)\Lexmark 2600 Series\iptk.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (lxdn_device) -- C:\Windows\SysWOW64\lxdncoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla\components [2012/12/09 00:52:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla\plugins [2012/12/12 17:17:13 | 000,000,000 | ---D | M]
 
[2011/07/15 00:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions
[2012/10/25 23:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\8xaak6hx.default\extensions
 
O1 HOSTS File: ([2012/12/17 21:34:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [lxdnamon] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.6.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12D72C37-AC43-4CDA-9E43-FD15DEA838A2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3301EAF3-F98D-4520-BB18-7BE343A023D4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/17 21:31:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/17 21:29:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012/12/16 21:38:12 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Logfiles Suche
[2012/12/15 00:01:51 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2012/12/14 23:59:28 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncobjapi.dll
[2012/12/14 23:59:28 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncobjapi.dll
[2012/12/14 23:59:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Register-CimProvider.exe
[2012/12/14 23:59:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Register-CimProvider.exe
[2012/12/14 23:59:16 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2012/12/14 23:59:16 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2012/12/14 23:59:16 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2012/12/14 23:59:15 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2012/12/14 23:59:15 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2012/12/14 23:59:15 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2012/12/14 23:59:15 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2012/12/14 23:59:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2012/12/14 23:59:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2012/12/14 23:59:15 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2012/12/14 23:59:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2012/12/14 23:59:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2012/12/14 23:59:15 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2012/12/14 23:59:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2012/12/14 23:59:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2012/12/14 23:59:11 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prvdmofcomp.dll
[2012/12/14 23:59:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2012/12/14 23:59:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2012/12/14 23:59:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PSModuleDiscoveryProvider.dll
[2012/12/14 23:59:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAgent.dll
[2012/12/14 23:59:10 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mi.dll
[2012/12/14 23:59:10 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2012/12/14 23:59:10 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mi.dll
[2012/12/14 23:59:10 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prvdmofcomp.dll
[2012/12/14 23:59:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012/12/14 23:59:10 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2012/12/14 23:59:10 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2012/12/14 23:59:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2012/12/14 23:59:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2012/12/14 23:59:10 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAgent.dll
[2012/12/14 23:59:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2012/12/14 23:59:10 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2012/12/14 23:59:09 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2012/12/14 23:59:09 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2012/12/14 23:59:07 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmidcom.dll
[2012/12/14 23:59:07 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmitomi.dll
[2012/12/14 23:59:07 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmidcom.dll
[2012/12/14 23:59:06 | 000,309,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2012/12/14 23:59:06 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
[2012/12/14 23:59:06 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
[2012/12/14 23:59:06 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2012/12/14 23:59:06 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\miutils.dll
[2012/12/14 23:59:06 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmitomi.dll
[2012/12/14 23:59:06 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
[2012/12/14 23:59:06 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll
[2012/12/14 23:59:06 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\miutils.dll
[2012/12/14 23:59:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2012/12/14 23:59:06 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2012/12/14 23:59:05 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmGCDeps.dll
[2012/12/14 23:59:05 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmGCDeps.dll
[2012/12/14 23:59:05 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn2.dll
[2012/12/14 23:59:05 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemcomn2.dll
[2012/12/14 23:59:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2012/12/14 23:59:05 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2012/12/14 23:58:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/14 23:58:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/14 23:58:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/12/14 23:58:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/12/14 23:58:27 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/12/14 23:58:24 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/12/14 23:58:24 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/12/14 23:58:24 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/12/14 23:58:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/12/14 23:58:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/12/14 23:58:24 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/12/14 23:58:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/12/14 23:58:24 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/12/14 23:58:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/12/14 23:58:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/12/14 23:58:23 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/12/14 23:58:23 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/12/14 23:58:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/12/14 23:58:23 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/12/14 23:58:23 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/12/14 23:58:22 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/12/14 23:58:22 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/12/14 23:58:22 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/12/14 23:58:22 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/12/14 23:57:40 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/12/14 23:57:40 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/12/14 23:57:38 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/12/14 23:57:38 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/12/14 16:41:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/14 14:13:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/14 13:58:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/14 13:58:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/14 13:58:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/14 13:58:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/14 13:58:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/13 12:46:44 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\Macromedia
[2012/12/13 12:43:23 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/12 17:17:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/12/12 16:55:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 16:55:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 16:55:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 16:55:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 16:55:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 16:55:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 16:55:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 16:55:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 16:55:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 16:55:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 16:55:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 16:55:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 16:55:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 16:55:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 16:55:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 16:37:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 16:37:08 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 16:37:08 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 16:37:08 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 16:37:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 16:37:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 16:37:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 16:37:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 16:37:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 16:37:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 16:37:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 16:37:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 16:37:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:37:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:37:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:37:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:37:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:37:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:37:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:37:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:37:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:37:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:37:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 16:36:47 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 16:36:47 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/12 16:36:46 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/12 16:36:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/12 16:36:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/12 16:36:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/11/30 05:00:08 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Daten
[2012/11/27 15:55:41 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\Chromium
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/18 14:35:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/17 21:42:47 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/17 21:42:47 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/17 21:39:50 | 001,642,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/17 21:39:50 | 000,707,566 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/12/17 21:39:50 | 000,661,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/17 21:39:50 | 000,153,126 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/12/17 21:39:50 | 000,125,334 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/17 21:35:14 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/17 21:34:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/12/17 21:29:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012/12/13 12:43:23 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/13 12:43:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/12 17:31:03 | 000,327,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/30 04:58:15 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/12/14 23:59:16 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012/12/14 23:59:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012/12/14 23:59:14 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012/12/14 23:59:12 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/14 23:59:07 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012/12/14 13:58:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/14 13:58:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/14 13:58:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/14 13:58:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/14 13:58:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/12 01:19:31 | 000,011,304 | ---- | C] () -- C:\Users\Benni\gsview64.ini
[2012/04/24 08:44:38 | 004,384,590 | ---- | C] () -- C:\Users\Benni\24.04.2012 09;44;30.BMP
[2012/04/24 08:44:30 | 004,380,654 | ---- | C] () -- C:\Users\Benni\24.04.2012 09;44;00.BMP
[2012/04/24 08:27:59 | 000,064,200 | ---- | C] () -- C:\Users\Benni\studbeschUDE.pdf
[2012/04/24 08:26:55 | 000,114,484 | ---- | C] () -- C:\Users\Benni\Dispo Julia.pdf
[2012/04/24 08:26:55 | 000,111,899 | ---- | C] () -- C:\Users\Benni\OBV Julia.pdf
[2012/04/24 08:26:55 | 000,071,373 | ---- | C] () -- C:\Users\Benni\Schufa Julia.pdf
[2012/02/04 18:21:04 | 000,150,806 | ---- | C] () -- C:\Users\Benni\charakterblatt.pdf
[2012/01/30 10:33:40 | 000,027,124 | ---- | C] () -- C:\Users\Benni\Abschlussklausuren_WiSe_11_12_Stand_20_01_2012.pdf
[2011/12/21 08:10:27 | 000,000,093 | ---- | C] () -- C:\Users\Benni\AppData\Local\fusioncache.dat
[2011/12/21 08:09:29 | 001,620,114 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/07/25 13:04:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/07/25 13:04:13 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/07/15 00:05:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/14 19:53:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/14 19:17:27 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2011/07/14 19:17:26 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2011/07/14 19:17:26 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2011/07/14 19:17:26 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2011/07/14 19:17:26 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2011/07/14 19:17:25 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2011/07/14 19:17:25 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2011/07/14 19:17:25 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2011/07/14 19:17:24 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2011/07/14 19:17:24 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2011/07/14 19:17:24 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2011/07/14 19:17:23 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2011/07/14 19:17:23 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2011/07/14 19:17:23 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2011/07/14 19:17:22 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2011/07/14 18:06:16 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/02/17 02:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/17 02:16:37 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
und

Code:
ATTFilter
OTL Extras logfile created on: 12/18/2012 2:38:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benni\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 69.03% Memory free
7.71 Gb Paging File | 6.21 Gb Available in Paging File | 80.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 35.24 Gb Free Space | 30.26% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 195.70 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
 
Computer Name: CAROSPC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030EDBDD-A010-4B7B-A58D-7BE1047F7495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{03267E6B-C575-4281-893B-972B7D637BEC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0A59AE65-FF01-4831-B6DD-565CC9EA5502}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1CC5FF0A-E7F4-4336-9243-23BA5DE83434}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24CC9489-2617-4DCA-A0F6-77E3985F65FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{298BBABA-E552-478C-9BB5-9317098CFB7D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29C441CE-947C-4B04-BFF9-A7E5C6390C95}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2BC21A29-F3C3-4225-BEE1-4ADF1F26C464}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E334304-5E2F-4EF2-8C32-BC7CAA90A50A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{45399A07-9F26-431D-9725-C4351D9529A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{48EE7934-9F80-4564-A748-BF6B06EE0BE1}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{4ED58E37-E8A7-4CE7-BB9F-424A2EB3EDAB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5A5DD1D1-C49A-48E0-B797-08B5A5673007}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5F7CBE69-CB86-4399-B2B1-F5F72A429E93}" = lport=6112 | protocol=6 | dir=in | name=guild wars port | 
"{61112CC9-B530-4C16-9EED-381C8310B2C3}" = lport=80 | protocol=6 | dir=in | name=guild wars port 2 | 
"{6312EFAB-FEDD-4A84-9DDB-0E4887C4CA4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{63902689-266B-4135-B33A-B87C78866230}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{84898C70-E6E1-4A7B-967B-F4DEB609A3DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8BC2417A-EA48-4264-B0D8-C2189067A9F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8CC74A26-CD8B-4D5A-8086-113FFC251ACF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{97FD8AAB-2030-45CE-B06E-7F7D478E8331}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{98675E31-E1D1-44E5-9A40-0EC599B69AF2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{98717726-4488-43F0-AF06-3F99478BC257}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{9A1ECAD6-DC3B-44FF-BBE4-9D1624B8E316}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9E755F2F-21F7-44EC-B5B7-4A459956C72C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AE1781C2-DAA6-432A-AA79-CEF8EFE1CE73}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B2A328D4-F5F5-49A9-9FB5-B839DF50D018}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BEF2D0DF-E062-46AA-9E26-209EEA46F9A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C0B57638-B45C-4A07-BF7E-8C5A9B91EF65}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CCC99F0E-6C1B-4C3D-AC03-ED0D4F19B7B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF03EFA6-DA0C-4CBB-9644-DF7B27D0EE56}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DD2D0695-01A8-4F2D-A74C-9646CA3DC5E3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F5960634-436D-4113-8436-7D910B1D02F6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F833D51F-E752-48CF-9B44-CDDDD8D9FCD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD7D2E60-F952-4509-BA18-4C2EB6360CAF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FE0CE854-29CB-4EA4-BAD0-62C23A34E716}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FE36F149-0E35-4346-9B1D-34CEE6ACEE8D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002A5155-5E01-49EB-A47D-85A501FDBA16}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{03E5EC65-B238-4F38-AC78-3493CC8A7EDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AC4A29E-05C1-4A8B-AA9F-3D33783901C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AE33BE0-94F3-4472-A2D0-11A005BEC846}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0D3FBCF1-5DA0-48E2-871B-A1DAC39A0803}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{0D7ACDFB-D873-46B2-8B49-A5918357F570}" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"{17DDB4AD-C874-4C0F-9733-A95DCEF80FB1}" = protocol=6 | dir=in | app=c:\programme\icq7.5\icq.exe | 
"{26E0EF51-CA72-4DF3-A173-A83930E47732}" = protocol=6 | dir=in | app=d:\age of conan\ageofconan.exe | 
"{29DBF4AB-1AAD-40C8-A8E4-20F231AD3586}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe | 
"{2D592F2B-F45C-4AAE-B5B7-57DD1591A4D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2F27BD88-D469-4B8F-975C-DECC937E0E94}" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"{31CA389E-E9A4-4A83-969D-C473E99F330B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{34E04FE2-FDA2-48C1-A7ED-4A094B4203BA}" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"{364046AE-FD54-4226-84E9-2DFDB63D3164}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe | 
"{3E450806-5D37-43D6-A1EF-4CBF878E96FF}" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"{3E9D8153-469A-4797-8685-50A7D9BCCB19}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"{407CC31D-7F3A-4CF4-86F7-C75F99864955}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4200286B-0617-49D5-8299-9C8A7FBEC243}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{427B3229-5B0E-4864-A920-295622C33D66}" = protocol=17 | dir=in | app=c:\programme\icq7.5\icq.exe | 
"{430D21D5-058C-47C1-900E-6A607C063A10}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | 
"{51C4AB89-BC9E-4DBD-832A-FF9D06404703}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"{51EE3C12-8A45-433A-96F6-19BEB67FC15E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{551F43D5-2145-461A-878F-48FDE37FB417}" = protocol=17 | dir=in | app=c:\programme\icq7.5\icq.exe | 
"{5941F2A3-7744-48F0-8C91-EF2AD6FCB03B}" = protocol=17 | dir=in | app=d:\age of conan\ageofconan.exe | 
"{5FA1AE5E-5291-4F5C-8907-823EDA1079AE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{618562C9-2514-4645-9C42-C6684433685B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{643885A5-24FF-4B6E-81B3-8B7516D59A1C}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\frun.exe | 
"{65AE8F89-1C2A-4B47-B841-1553538946D7}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{6745BDF1-F794-4A03-AE08-20E39B1A8AE6}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnamon.exe | 
"{68F9F02E-8B56-4FBD-875B-7D3C27BFF1F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6B9638CB-83CB-4851-8595-CFF655BF2570}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{796D9052-4DCF-4022-A281-6ACDFE5EAD36}" = protocol=6 | dir=in | app=d:\age of conan\conanpatcher.exe | 
"{804E33AF-31A0-44E3-9EB5-8AF45118A3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
"{85340105-ABBA-4CE1-944F-FD3C70E5B658}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{856978CB-D3A7-4644-A484-15A703ECA0ED}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{88CCD9B2-3D60-4B2D-8BC5-EE9094FB07EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe | 
"{8970EF0B-5A4A-4953-B456-26EFA7B72477}" = protocol=6 | dir=in | app=c:\programme\icq7.5\icq.exe | 
"{947CA469-79D7-4D36-B217-1C2BE96F0113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95100AE9-FF06-4FFA-A572-9D627B52618D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{96A807DD-126D-464A-A5DE-6F42A14FC5A0}" = protocol=17 | dir=in | app=d:\age of conan\conanpatcher.exe | 
"{9F1DA2FF-D81D-42FD-BEC5-6B28F82756D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe | 
"{A1BCD055-C431-4BA3-8BBD-F368DC03C1AE}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdntime.exe | 
"{A7CFE010-81B1-4D0A-A06B-42AA3EABF2B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A877763B-7EF3-4C6D-87EA-5D4FAF91C582}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"{B225034A-8900-4DFF-989B-CDE0B2E5AA56}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B63E16D4-848C-43D2-8623-B7372CC904BE}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnamon.exe | 
"{BE981FA8-B76B-49DA-BE28-28757817FA37}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BEBA321C-3CC2-4B5B-8FF2-8AE94EFB0678}" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\frun.exe | 
"{C0AE2113-DEFD-4926-A331-1C3805CF8742}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C33F007A-5931-4AD1-9AAD-9C37D971740D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C6717B72-ECAD-452F-A1E9-2D71992C471B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | 
"{CA804F1B-3DB6-4EA2-A36E-927728D450CD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D012D7F9-0C48-49FD-9517-D6652F36DDC3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D07E34F6-33F7-4E64-AC78-1D5633F54116}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D08B299E-865C-4215-A04C-64E3552787CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D9881B96-8FBB-4E44-8800-BF99CF303624}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E4941BF1-316F-4A89-94A1-8F80B0876AC4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{E9059FBD-58BC-4D6E-9F68-D6C8498B0818}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EB18B8B7-477B-45A3-9650-5ACAAD3A83E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB6F5191-BCBA-4B7D-B640-DEC84B91CB8B}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
"{ED1B8027-E40F-4B79-9F07-CD09B73B86BF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | 
"{EE137AEE-CCA9-4380-B22F-1EE06338386C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"{F64F04E5-D3E1-4736-8E30-85B692251AC8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | 
"{F77B4C4B-472D-46F6-BB10-9BB6A1C65556}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{FA329B8D-C95F-45DA-AD13-21EC3AE1319D}" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdntime.exe | 
"{FA86863F-A687-4C4D-AD8F-DA69EE98EF61}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdncoms.exe | 
"{FBC63369-6C4C-45B1-BFD9-7698B85AA3F6}" = protocol=6 | dir=out | app=system | 
"{FEB72D96-BC99-4D6C-AD98-BE6AAD195D43}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdncoms.exe | 
"TCP Query User{1E375CEB-D053-4AF6-899E-569F2B560B64}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"TCP Query User{2BADE5DC-D2F3-404C-B4E2-B3ED4E704053}C:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=6 | dir=in | app=c:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe | 
"TCP Query User{4651A64E-92C3-4663-B7B6-85E949EE8D0D}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe | 
"TCP Query User{46F99958-F380-405D-B5DE-A678CC6A1F87}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{5A3CF9A4-DCC4-4D5E-8790-11F6A257C592}C:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe | 
"TCP Query User{BEB755DC-78FF-4074-8746-C0AAB44A571C}D:\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=d:\age of conan\ageofconan.exe | 
"TCP Query User{CAB08706-B9E7-4EE6-95E1-220DEFF80D55}D:\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"TCP Query User{E4BC9E91-2806-4F30-9E31-BC6754F865C5}C:\programme\mozilla\plugin-container.exe" = protocol=6 | dir=in | app=c:\programme\mozilla\plugin-container.exe | 
"TCP Query User{EA2BAB5C-904F-45B9-889E-F22241943156}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
"TCP Query User{F31F7E03-BDA0-45E6-8C63-DF253446B061}D:\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=d:\age of conan\conanpatcher.exe | 
"TCP Query User{F7615E10-84A2-48E5-AFAA-06F6B9803511}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"UDP Query User{12C98D6F-F701-4EDC-80EB-6F62E536A976}D:\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=d:\star wars - the old republic\launcher.exe | 
"UDP Query User{20E357A4-EF0D-4B9D-A221-E9BC44534237}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"UDP Query User{6FE14D52-5738-4B42-9072-3F6A9F223CFE}C:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=17 | dir=in | app=c:\users\benni\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe | 
"UDP Query User{97E2EF08-0593-4C75-AD95-727BBE4134BF}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{97F64765-9A66-482C-A074-D76583627416}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"UDP Query User{A18BCDC5-D04A-46FF-9CBB-E7573C6B6F82}D:\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=d:\age of conan\conanpatcher.exe | 
"UDP Query User{AE32B9FC-1D73-4488-8016-99F9D7F9D37B}D:\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=d:\age of conan\ageofconan.exe | 
"UDP Query User{B5629D33-1BDC-49B3-BD75-8E0085188B8E}C:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files (x86) (x86)\lexmark 2600 series\lxdnmon.exe | 
"UDP Query User{F40E4509-980C-4396-888F-F580C7694E97}C:\programme\mozilla\plugin-container.exe" = protocol=17 | dir=in | app=c:\programme\mozilla\plugin-container.exe | 
"UDP Query User{F8B42ACE-0E88-49EC-9E42-ABBBFB09F075}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe | 
"UDP Query User{FB79F0E7-B1C2-4774-B04F-6752FF29F848}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL
"Lexmark 2600 Series" = Lexmark 2600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{438134D3-0BD4-4C52-8575-5B2B63AD01C2}" = RUBICon
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71FB874A-A992-4ED6-9522-6EFF78ADDDCB}_is1" = Das große DGS Wörterbuch Update 1.0.2.6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DC8FA1C1-BE26-4889-85F1-A98AE6E37979}" = Inhaltsmanager-Assistent für PlayStation(R)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Conan_is1" = Age of Conan: Unchained
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"ManyCam" = ManyCam 2.6.65 (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 23310" = The Last Remnant
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Vampire Editor" = Vampire Editor
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3600211331-2581445504-1401801803-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/17/2012 12:04:17 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2012 9:21:10 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/19/2012 1:54:55 AM | Computer Name = CarosPC | Source = RasClient | ID = 20227
Description = 
 
Error - 10/24/2012 10:32:30 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/24/2012 7:02:59 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/25/2012 8:34:48 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/28/2012 1:57:24 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/29/2012 4:46:53 AM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/29/2012 7:31:11 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11/3/2012 6:51:43 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11/3/2012 11:01:16 PM | Computer Name = CarosPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 12/7/2012 2:04:13 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 12/12/2012 12:00:36 PM | Computer Name = CarosPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2779030)
 
Error - 12/12/2012 12:00:36 PM | Computer Name = CarosPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0902 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 12/14/2012 4:26:16 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7034
Description = Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 12/14/2012 9:05:18 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 12/14/2012 9:08:34 AM | Computer Name = CarosPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 12/14/2012 9:11:05 AM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 12/17/2012 4:31:23 PM | Computer Name = CarosPC | Source = Service Control Manager | ID = 7034
Description = Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits 
1 Mal passiert.
 
 
< End of report >
         
lg Benni

Antwort

Themen zu GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...
administrator, asus, aswmbr, avast, avira, browser, classpnp.sys, computer, desktop, detected, dxgkrnl, file, fontcache, gesperrt, hal.dll, harddisk, hotkey, lanmanworkstation, log, log file, malwarebytes, monitor, neu, object, policyagent, programm, rootkit, security, server, super, system, trojaner-board, trustedinstaller, tunnel, unsignedfile.multi.generic, windows, wlansvc, wmp, wsearch



Ähnliche Themen: GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab...


  1. Windows 8.1: Trojaner im Anhang, nicht geöffnet, Rechner sicher?
    Plagegeister aller Art und deren Bekämpfung - 11.11.2015 (1)
  2. Win8.1: Trojaner gefunden, nicht sicher ob entfernt
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (17)
  3. Nicht sicher ob ich einen gvu trojaner habe
    Plagegeister aller Art und deren Bekämpfung - 20.03.2014 (32)
  4. Windows XP ist nicht mehr sicher...
    Plagegeister aller Art und deren Bekämpfung - 19.02.2014 (23)
  5. Laptop sicher nach BDS/TDSS.95846427.9 ?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (9)
  6. GVU Trojaner unter Windows 8 am Laptop. komme nicht ins Bootmenü
    Alles rund um Windows - 24.05.2013 (2)
  7. GVU-Trojaner auf IBM-Laptop /Windows XP Safemode nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 14.01.2013 (33)
  8. Trojaner gefunden und angeblich entfernt aber ist mein Laptop nun sicher?
    Log-Analyse und Auswertung - 24.03.2012 (5)
  9. "Windows nicht mehr sicher" Trojaner/Virus entfernt?
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (1)
  10. Nicht sicher, ob Trojaner erfogreich gelöscht
    Plagegeister aller Art und deren Bekämpfung - 23.06.2011 (22)
  11. jwgkvsq.vmx - so hab ich es weg gekriegt
    Plagegeister aller Art und deren Bekämpfung - 19.06.2011 (5)
  12. Laptop neu gemacht, Malwarebytes, OTL und g data laufengelassen.. sicher?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (4)
  13. malware defense gekriegt HJT log
    Log-Analyse und Auswertung - 02.01.2010 (2)
  14. Bin mir nicht sicher, ob das Trojaner Problem gelöst ist...
    Plagegeister aller Art und deren Bekämpfung - 28.02.2009 (0)
  15. Trojaner? Nicht sicher...
    Log-Analyse und Auswertung - 22.11.2008 (4)
  16. Trojaner? - bin nicht sicher!
    Mülltonne - 09.10.2008 (0)
  17. Trojaner ?! Bin mir nicht sicher
    Plagegeister aller Art und deren Bekämpfung - 01.06.2008 (1)

Zum Thema GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... - Hi liebes Trojaner-Board! Ich bin neu hier aber ich werd mir Mühe geben ein angenehmer Neuling zu sein Ich hab auf meinem Rechner gestern so einen GVU-Trojaner gefunden. Hat mir - GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab......
Archiv
Du betrachtest: GVU-Trojaner auf Windows 7 - Laptop, bin nicht sicher ob ich ihn weg gekriegt hab... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.