Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner / Trojan.Ransom.SUGen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.12.2012, 14:16   #1
jorgaeff
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



Habe mir diesen Trojaner eingefangen und weiß langsam nicht mehr was ich noch machen kann um den zu entfernen.

Sobald die Internet-Verbindung aufgebaut ist, "bittet" mich die "GVU" doch mal schnell vor Weihnachten noch 100,-€ zu überweisen. Ich habe Windows 7 (64-bit) und bin immer mit einem eingeschränkten Konto angemeldet.

Ich habe zwar eine Möglichkeit gefunden, den Screen kurzfristig wegzubekommen, aber die vollständige Reinigung schaffe ich nicht und würde mich über Hilfe sehr freuen.

So habe ich den Screen wegbekommen:
- Windows starten (vorher Fritz-Stick abstecken)
- irgend ein Dokument, z. B. Word öffnen und bearbeiten (NICHT speichern)
- Fritz-Stick rein => Verbindung baut sich auf => Sperrscreen aktiv
- CTRL + ALT + Entfernen => PC Neustart
- wenn Meldung kommt, dass noch Dokumente offen sind: Neustart abbrechen
- voila: Sperrscreen ist weg und man kommt wieder ins Net

Doch zurück zum Thema: Was habe ich bis jetzt unternommen?
- Einen Wiederherstellungspunkt habe ich nicht (wundert mich eigentlich; kann der Trojaner die Punkte zerstören?); nur ein 3 Monate altes Systemabbild (aber da kann ich ja gleich neu installieren)

- Rechner über Kaspersky Windows unlocker entsperrt
Im Logfile steht, dass alle User geöffnet wurden und zusätzlich eine verdächtige Veränderung in der userinit.exe. (auch die wird geöffnet). Allerdings hat das keine Auswirkungen; der Trojaner ist nach wie vor aktiv.

- zusätzlich gründlicher Scan aller Platten mit Kaspersky Rescue Disk (lief über 8 Stunden), doch das Programm findet auch nichts, dass ein Fall für die Quarantäne wäre.

- Dann dieses Forum gefunden und schnellen Scan von MBAM laufen lassen: Der Trojaner "Trojan.Ransom.SUGen" wird gefunden => Quarantäne. Nach einem Neustart und erneuten Scan ist der Trojaner wieder da. Auch wenn ich ohne Inet den Trojaner gescannt und beseitig habe ist er trotzdem sofort wieder da, wenn ich on gehe. Laut MBAM ist dann wieder die gleiche Datei infiziert.

Logfile:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.18.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Florian_2 :: HOSCHIMEDES [limited]

19.12.2012 13:12:28
mbam-log-2012-12-19 (13-12-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197358
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Florian_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.

(end)


- Adwcleaner habe ich über den Link im Forum heruntergeladen, jedoch springt da mein Virenscanner an (AVG Free). Habs nicht ausgeführt.

- defogger habe ich ausgeführt

- OTL habe ich ausgeführt und gescannt

OTL.txt:
OTL logfile created on: 19.12.2012 14:46:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Florian_2\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 43,05% Memory free
7,99 Gb Paging File | 5,45 Gb Available in Paging File | 68,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,87 Gb Total Space | 2,40 Gb Free Space | 4,92% Space Free | Partition Type: NTFS
Drive F: | 48,78 Gb Total Space | 34,02 Gb Free Space | 69,74% Space Free | Partition Type: NTFS
Drive G: | 24,41 Gb Total Space | 20,32 Gb Free Space | 83,22% Space Free | Partition Type: NTFS
Drive H: | 24,41 Gb Total Space | 24,32 Gb Free Space | 99,60% Space Free | Partition Type: NTFS
Drive I: | 48,83 Gb Total Space | 1,13 Gb Free Space | 2,31% Space Free | Partition Type: NTFS
Drive J: | 97,65 Gb Total Space | 59,14 Gb Free Space | 60,56% Space Free | Partition Type: NTFS
Drive K: | 97,65 Gb Total Space | 1,69 Gb Free Space | 1,73% Space Free | Partition Type: NTFS
Drive L: | 97,65 Gb Total Space | 44,69 Gb Free Space | 45,76% Space Free | Partition Type: NTFS
Drive M: | 97,65 Gb Total Space | 12,64 Gb Free Space | 12,94% Space Free | Partition Type: NTFS
Drive N: | 195,32 Gb Total Space | 26,11 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
Drive O: | 48,82 Gb Total Space | 28,22 Gb Free Space | 57,81% Space Free | Partition Type: NTFS
Drive P: | 101,35 Gb Total Space | 10,89 Gb Free Space | 10,75% Space Free | Partition Type: NTFS

Computer Name: HOSCHIMEDES | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.19 13:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Florian_2\Downloads\OTL.exe
PRC - [2012.12.12 21:24:26 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.09.02 08:11:23 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012.07.14 01:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- F:\Mozilla Firefox\firefox.exe
PRC - [2012.05.24 16:23:45 | 000,663,360 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe
PRC - [2012.05.24 16:23:43 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
PRC - [2010.06.13 23:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.05.20 22:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 22:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.16 17:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- F:\Motherboard\ASUS EPU\EPU.exe
PRC - [2010.01.22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- F:\Motherboard\USB 3.0\Application\nusb3mon.exe
PRC - [2009.09.28 17:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.07.07 12:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- F:\Motherboard\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009.03.30 15:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2006.11.23 14:10:42 | 000,056,928 | ---- | M] (Cyberlink Corp.) -- F:\Power DVD 7\PDVDServ.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.12 21:24:26 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.07.14 01:14:07 | 002,003,424 | ---- | M] () -- F:\Mozilla Firefox\mozjs.dll
MOD - [2012.05.24 16:23:45 | 000,663,360 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe
MOD - [2010.08.05 00:25:25 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.01.08 16:17:24 | 000,565,248 | ---- | M] () -- F:\Motherboard\ASUS EPU\pngio.dll
MOD - [2010.01.08 16:17:24 | 000,053,248 | ---- | M] () -- F:\Motherboard\ASUS EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 04:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.07.30 13:54:04 | 000,170,496 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.04.22 19:20:00 | 000,179,712 | ---- | M] () -- F:\Motherboard\ASUS EPU\AsusService.dll
MOD - [2009.03.30 15:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009.02.06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.12 21:24:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.07.14 01:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.24 16:23:43 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.08.29 23:34:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.08.29 23:33:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.06.13 23:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.09.05 01:09:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- F:\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- P:\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 14:56:08 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012.01.18 14:56:06 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2011.12.12 10:07:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.10.25 01:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2010.10.25 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.03.17 04:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.03.10 02:48:28 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.01.22 11:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 11:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.29 09:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.01 13:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009.07.31 04:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 17:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.20 01:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2008.07.09 13:21:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64)
DRV:64bit: - [2007.09.11 14:20:00 | 000,132,096 | ---- | M] (e3C, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EC168x64.sys -- (EC168x64)
DRV - [2011.12.26 15:42:51 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- F:\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110917200133237&tb_oid=17-09-2011&tb_mrud=17-09-2011


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 23 D6 6D 1C 34 CB 01 [binary data]
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{19F3FB9C-FE16-4847-8361-0E5645D6E6F8}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{24F5310B-2853-4C63-9FD9-865FB8CA8A82}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{F29BAA3C-3E71-4429-82AC-F551A4EE31D8}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C EF 96 67 20 5C CB 01 [binary data]
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes,DefaultScope = {1D06B7FE-D65C-480E-9A40-6E850A29CDF5}
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{19F3FB9C-FE16-4847-8361-0E5645D6E6F8}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{1D06B7FE-D65C-480E-9A40-6E850A29CDF5}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{24F5310B-2853-4C63-9FD9-865FB8CA8A82}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{7C621DE1-34F6-48D4-8ECF-F1E06D420016}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{F29BAA3C-3E71-4429-82AC-F551A4EE31D8}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 44 F4 52 C4 51 CB 01 [binary data]
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes,DefaultScope = {24F5310B-2853-4C63-9FD9-865FB8CA8A82}
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{19F3FB9C-FE16-4847-8361-0E5645D6E6F8}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{24F5310B-2853-4C63-9FD9-865FB8CA8A82}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{F29BAA3C-3E71-4429-82AC-F551A4EE31D8}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1
IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110917200133237&tb_oid=28-10-2011&tb_mrud=28-10-2011&query="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110917200133237&tb_oid=28-10-2011&tb_mrud=28-10-2011&query="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: F:\Mozilla Firefox\components [2012.07.22 11:24:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: F:\Mozilla Firefox\plugins [2012.08.17 07:21:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: F:\Mozilla Thunderbird\components [2012.10.13 01:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: F:\Mozilla Thunderbird\plugins

[2011.10.04 14:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2010.08.04 23:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.09 22:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\yi1dja40.default\extensions
[2010.08.25 00:54:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\yi1dja40.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.28 23:15:09 | 000,002,354 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\yi1dja40.default\searchplugins\aol-web-search.xml
[2011.07.09 22:17:49 | 000,002,501 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\yi1dja40.default\searchplugins\SearchResults.xml
File not found (No name found) -- F:\AVG VIRENSCANNER\FIREFOX\DONOTTRACK
[2010.12.13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml

O1 HOSTS File: ([2011.10.04 13:15:59 | 000,437,695 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15052 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\AVG Virenscanner\avgssiea.dll File not found
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\AVG Virenscanner\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LanguageShortcut] F:\Power DVD 7\Language\Language.exe ()
O4 - HKLM..\Run: [NUSB3MON] F:\Motherboard\USB 3.0\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl] F:\Power DVD 7\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Six Engine] F:\Motherboard\ASUS EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] F:\Motherboard\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [EA Core] I:\Fussball Manager 10\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [flatster Recorder] F:\flatster Recorder\flatster Recorder.exe File not found
O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1001..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1004..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOM.lnk = C:\Program Files (x86)\Common Files\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)
O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Florian_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ACF8334-BC7C-4872-AEEB-37010EFE9435}: DhcpNameServer = 83.169.184.161 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55221738-EDAE-42FD-8A5C-E1D33C9EFE5C}: DhcpNameServer = 83.169.184.161 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE815495-85DC-4519-9584-C47BCE7795BD}: DhcpNameServer = 83.169.184.161 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\AVG Virenscanner\avgppa.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\AVG Virenscanner\avgpp.dll File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9e8b7c32-a03b-11df-a765-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9e8b7c32-a03b-11df-a765-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{e1048f9a-a156-11df-9aaa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e1048f9a-a156-11df-9aaa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.19 13:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.19 13:51:54 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012.12.19 13:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.12.19 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Programs
[2012.12.19 03:27:20 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Malwarebytes
[2012.12.19 03:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.19 03:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.19 03:27:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.19 03:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.19 03:15:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.13 03:46:17 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012.12.13 00:10:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\AVG2013
[2012.12.13 00:07:37 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\TuneUp Software
[2012.12.13 00:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.12.13 00:04:40 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\MFAData
[2012.12.13 00:04:40 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Avg2013
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Florian\AppData\Local\*.tmp files -> C:\Users\Florian\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.19 14:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.19 13:51:58 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.19 13:27:56 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable
[2012.12.19 13:12:41 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 13:12:41 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 13:10:56 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.19 13:03:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.19 13:03:07 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.19 03:27:11 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.19 02:11:46 | 000,001,153 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOM.lnk
[2012.12.17 17:03:00 | 001,528,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.17 17:03:00 | 000,666,658 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.17 17:03:00 | 000,625,504 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.17 17:03:00 | 000,135,586 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.17 17:03:00 | 000,111,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.17 17:00:41 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.12.17 17:00:41 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.12.13 03:21:14 | 000,343,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.13 00:07:38 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Florian\AppData\Local\*.tmp files -> C:\Users\Florian\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.19 13:51:58 | 000,002,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.19 13:51:58 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.19 13:27:56 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable
[2012.12.19 03:27:11 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.19 02:11:46 | 000,001,153 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOM.lnk
[2012.12.19 01:01:16 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.13 00:07:38 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.11.01 13:17:07 | 011,624,448 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Sandra.mdb
[2011.10.09 23:00:47 | 000,000,095 | ---- | C] () -- C:\Users\Florian\AppData\Local\fusioncache.dat
[2011.10.09 22:59:16 | 001,557,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.18 15:25:40 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.05.23 21:30:46 | 000,544,256 | ---- | C] () -- C:\Windows\SysWow64\janGraphics.dll
[2011.05.09 20:35:32 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.09 20:35:32 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.02.19 00:45:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011.02.03 15:52:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.02.03 15:47:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.02.03 15:45:55 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.11.10 20:20:10 | 000,011,205 | ---- | C] () -- C:\Users\Florian\firefox-2010-11-10

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.12.13 15:54:47 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\AVG2013
[2011.11.12 21:35:21 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Canon
[2011.10.10 20:58:00 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\DVDVideoSoft
[2011.02.02 21:23:58 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\FileZilla
[2011.02.15 22:34:36 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\MAGIX
[2010.08.12 11:19:31 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\OpenOffice.org
[2010.08.13 15:21:38 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Thunderbird
[2012.12.13 00:10:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\AVG2013
[2012.02.23 15:37:16 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Canon
[2010.08.06 12:21:21 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\CDZilla
[2012.09.17 00:22:25 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\DVDVideoSoft
[2011.04.02 00:36:24 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.09.01 12:01:14 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FileZilla
[2011.02.03 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\MAGIX
[2010.08.14 21:18:27 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org
[2011.01.26 15:34:15 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\REAPER
[2010.08.14 13:27:26 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird
[2012.12.13 00:07:37 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TuneUp Software
[2011.05.28 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\UDC Profiles
[2012.12.13 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\AVG2013
[2011.07.31 11:57:01 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\BayWotch4
[2011.01.21 13:58:08 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Canon
[2010.08.06 12:16:16 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\CDZilla
[2010.09.22 23:28:11 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.09.17 00:22:46 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\DVDVideoSoft
[2012.12.17 11:56:39 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\FileZilla
[2011.04.14 00:17:53 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Kalypso Media
[2011.08.08 12:06:06 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Kummert Inspektionssysteme
[2012.11.10 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Lionhead Studios
[2011.02.03 16:01:48 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\MAGIX
[2011.10.19 17:54:24 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\MudTV
[2011.05.09 23:28:39 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\My Games
[2010.08.05 23:08:51 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\OpenOffice.org
[2010.08.16 10:42:54 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Opera
[2010.08.14 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Thunderbird
[2010.11.08 22:34:29 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Tropico 3 Demo

========== Purity Check ==========



< End of report >




extras.txt:

OTL Extras logfile created on: 19.12.2012 14:46:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Florian_2\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 43,05% Memory free
7,99 Gb Paging File | 5,45 Gb Available in Paging File | 68,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,87 Gb Total Space | 2,40 Gb Free Space | 4,92% Space Free | Partition Type: NTFS
Drive F: | 48,78 Gb Total Space | 34,02 Gb Free Space | 69,74% Space Free | Partition Type: NTFS
Drive G: | 24,41 Gb Total Space | 20,32 Gb Free Space | 83,22% Space Free | Partition Type: NTFS
Drive H: | 24,41 Gb Total Space | 24,32 Gb Free Space | 99,60% Space Free | Partition Type: NTFS
Drive I: | 48,83 Gb Total Space | 1,13 Gb Free Space | 2,31% Space Free | Partition Type: NTFS
Drive J: | 97,65 Gb Total Space | 59,14 Gb Free Space | 60,56% Space Free | Partition Type: NTFS
Drive K: | 97,65 Gb Total Space | 1,69 Gb Free Space | 1,73% Space Free | Partition Type: NTFS
Drive L: | 97,65 Gb Total Space | 44,69 Gb Free Space | 45,76% Space Free | Partition Type: NTFS
Drive M: | 97,65 Gb Total Space | 12,64 Gb Free Space | 12,94% Space Free | Partition Type: NTFS
Drive N: | 195,32 Gb Total Space | 26,11 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
Drive O: | 48,82 Gb Total Space | 28,22 Gb Free Space | 57,81% Space Free | Partition Type: NTFS
Drive P: | 101,35 Gb Total Space | 10,89 Gb Free Space | 10,75% Space Free | Partition Type: NTFS

Computer Name: HOSCHIMEDES | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- F:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- F:\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0339D1FA-C0F8-452D-BE87-5658CAEC2817}" = lport=59070 | protocol=6 | dir=in | name=pando media booster |
"{08640131-AB6F-49EA-90F9-32F1CAAA402D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{09E13297-EC9E-4BAF-A11E-AF53581694D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B12C8C5-2E4A-4188-8E19-44D1DEF3741A}" = lport=rpc | protocol=6 | dir=in | app=f:\sisoftware sandra lite 2012.sp5c\wnt500x64\rpcsandrasrv.exe |
"{0F46B913-14E3-4684-AA84-EFB23F37F003}" = lport=137 | protocol=17 | dir=in | app=system |
"{12610BA7-8889-469A-B2BA-E68909EC0C26}" = lport=rpc | protocol=6 | dir=in | app=f:\sisoftware sandra lite 2012.sp5c\rpcagentsrv.exe |
"{1A1625E2-FEF6-4683-8794-DB11DCBDBEA6}" = lport=138 | protocol=17 | dir=in | app=system |
"{2369A42B-90D4-493D-AEFE-911C85C191C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28D52104-E55C-4D83-91E3-FDDF626C3B68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39C59B98-1DC5-4878-B49E-8855944F99EB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4826B081-F841-4D4E-93F8-31418B0B805A}" = rport=138 | protocol=17 | dir=out | app=system |
"{4C25AE7F-0E02-4966-B328-C3B8F54A0002}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52670C30-DB10-4434-9990-50A73AF01F5A}" = lport=139 | protocol=6 | dir=in | app=system |
"{5F35CD3A-BCD9-4541-8861-2FEF729FCA39}" = rport=445 | protocol=6 | dir=out | app=system |
"{6BB2B87B-8148-4DEF-A616-2F51D7CEE44F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6DFC9F3E-2C1F-483D-9391-6E719D1DE379}" = lport=59070 | protocol=6 | dir=in | name=pando media booster |
"{9776E23A-3F99-4FE3-BC22-3086D5956590}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99035FCC-4CB8-48FC-A84D-76EF1BB92F14}" = lport=59070 | protocol=17 | dir=in | name=pando media booster |
"{99D48BAF-BB84-4F1C-974B-435808014A6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9EAB74F7-E4AC-474E-AE76-278D70CBEC30}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF53DB61-166F-4B63-B47B-48EC9C8A8EF7}" = lport=rpc | protocol=6 | dir=in | app=f:\sisoftware sandra lite 2011.sp5\wnt500x64\rpcsandrasrv.exe |
"{B6FBABC1-94D8-4674-A369-389D15758F24}" = lport=59070 | protocol=17 | dir=in | name=pando media booster |
"{B875FEF0-EEB9-4DF1-951B-74DBED9E27E4}" = rport=139 | protocol=6 | dir=out | app=system |
"{B8ADC835-4ABC-45FB-AFFE-9C1A364DB18A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C03FAC8A-E7A9-46E7-8E4E-B28666628BBF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C800E41E-D9F7-4BC3-A249-E12E76A3F81C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CCF2B91A-982F-4874-9052-0E1563BD0458}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFC96469-72E4-4AEC-95A4-377DEFDCE009}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1C209D7-8980-4B27-A29A-DD3E05C1BF82}" = rport=137 | protocol=17 | dir=out | app=system |
"{F3F0FB03-D1A7-4DBB-B317-B3F21544773B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0339729D-EFB0-4264-A87C-3B3B222253BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0CA3C3D3-AE90-4169-BB7A-26BC86475B8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1693CBA3-B2B4-4459-B87B-28630021A892}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{1A989884-779A-4209-B402-B8B14AFB46AA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{20F469C4-2293-4F67-87D7-B1D4652A4D7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3521137A-F330-4042-895D-270F53D59995}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{382C9661-0022-456B-9F30-D9DD2A614445}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{56454C06-739B-4DF3-9E10-7C65A513CB66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56A8C587-9F5A-4CBF-9620-8A530A2357B2}" = protocol=6 | dir=in | app=f:\avg virenscanner\avgmfapx.exe |
"{585F64B5-2702-4C98-A459-2F88841FFA53}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{591BFC36-9BCF-49AB-8AC6-64E67A8BCBB9}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{5964F3DD-6DE9-4A80-9BEA-4E1DA90D9A86}" = protocol=6 | dir=out | app=system |
"{5D58B510-09CB-47EA-9DD4-5A732732BCB8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{601403DB-70C8-4641-BFBE-1E29C199FDA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6261302D-68AF-49C9-9A6D-BD1C5B74E6C2}" = protocol=6 | dir=in | app=f:\opera\opera.exe |
"{651A5ECB-162C-4ECE-8DC5-91301ACF8C3C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{667622A2-05E2-4039-ABFC-B80CFF20123A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{753946BC-AFFC-4A65-A26C-D5BF835C6B45}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{77973D99-818C-42EE-BE58-CFA608F51705}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{816FC1B7-83B8-48E5-9B5A-D85DA3F0B8C7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82C21768-E7C6-4D87-90E4-E4B3552B1A2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84A5E6EE-BEA4-4D0B-8E58-5D91BA77754C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{8F7B9474-133A-4D3E-B499-DD379F95AA48}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9152FA62-4289-4D09-9669-D972A35EB939}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{94C04C0F-A840-4C69-B78B-105540D5DB9B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{980FC9C9-3E15-4BD3-A69C-AAA111712A5B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{991DDB31-3F11-4F1C-B49A-25748AF4B40F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{9AC87C90-7FEC-41A8-8D83-5C1041C6C209}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{A6C33221-1EB6-47B7-A2BF-50EC25F138A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A77D6C80-AEF3-4B2C-BCEE-44BF79BBC0D7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{B02980D9-A5BE-4014-9487-4B0204BB453E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBDED519-491D-4944-9421-D3CD1C59E7B5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BEE06E38-D088-4716-AD7D-306E403A8BE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{BF81113B-2D16-485F-BB37-87E5C36513FE}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{C39D5BD7-D60A-4635-9198-72AAB1D3A3FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6E7DB6C-B964-4AEB-AE80-6E09D252D44F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CC6CA898-7364-4B8D-9D89-9E33EDB47FD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCAA45A9-8C0B-4406-96B3-ADF78471133B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D8A8691B-ABD7-4530-96E9-5A70D6DFD819}" = protocol=17 | dir=in | app=f:\opera\opera.exe |
"{D8DEAD40-F39F-4A24-AE96-DB3338D5A075}" = protocol=6 | dir=in | app=c:\users\florian\appdata\local\temp\dsoclient\dlcache\app.n3app |
"{DB0C7711-D37E-4AFF-A88A-E85EEBCFF334}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{DC1DAE65-9E8D-4CFE-A869-83453A90768B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E4296371-D727-4324-BC6B-9CD0179B7FC4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{E458BE0A-9A48-409D-BF3F-322C10C957AF}" = protocol=17 | dir=in | app=f:\avg virenscanner\avgmfapx.exe |
"{E722690C-C102-4DEB-9B93-5DB6E0970417}" = protocol=17 | dir=in | app=c:\users\florian\appdata\local\temp\dsoclient\dlcache\app.n3app |
"{E88A429F-FA5D-43B7-B535-07966D705C11}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{F0C39CF5-9FE7-453A-B611-9BEF41B49828}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F1E8908A-96BC-4872-B8B7-05859A140AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{F4027133-A2FF-41CC-BD08-D4CC1233ABFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5260E63-0DC5-45E0-98D7-CF6206D762F4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{FB667A48-B74B-42D3-9998-0D942D3EA56F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB977B33-D7E7-4A03-9963-4617136C8C99}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{FCE0AFF0-10B3-489A-8111-0990CA784D05}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{FE524118-4096-48BD-982B-A61A830ECD50}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"TCP Query User{005E40B7-3C01-4012-8C66-B3050F7813EF}I:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=i:\anno 1701\anno1701.exe |
"TCP Query User{018C7A0C-781F-4624-AF41-EE07A85B9035}F:\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\winamp\winamp.exe |
"TCP Query User{035E5FE8-ECA4-4782-89D1-5694B711BD16}I:\herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=i:\herr der ringe online\lotroclient.exe |
"TCP Query User{08697313-CDD8-42BC-802F-62CAB33A210A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{4A60202E-9165-4746-8BC4-6390BE9FF241}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6C866550-1B5C-46EC-B9BD-8CD4F18AE773}F:\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\winamp\winamp.exe |
"TCP Query User{912645AF-6AC7-4632-91A7-DC95004E02C7}I:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=i:\fussball manager 10\eadm\core.exe |
"TCP Query User{9676E4A9-C17D-4B97-8481-91A5C1642E20}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{A0CFF612-CCD4-4B69-A76A-58E7C019F92B}I:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=i:\anno 1701\anno1701.exe |
"TCP Query User{B00FBD0D-B294-4E93-B94B-A024E098BB2A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{B5EEFDC8-C5CB-437C-BAFE-11E727D67651}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=6 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe |
"TCP Query User{C598187A-F930-474F-AAB4-826F7362DF75}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{D4C3128A-3372-4399-BB8E-8771B7D8FA3D}I:\spellforce 2\spellforce2.exe" = protocol=6 | dir=in | app=i:\spellforce 2\spellforce2.exe |
"TCP Query User{D637096A-2BD1-4CB1-9897-64D2FE5FFCD4}I:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=i:\fussball manager 10\eadm\core.exe |
"TCP Query User{D8985EC2-C41B-4801-B9FF-E9C38CE34517}F:\opera\opera.exe" = protocol=6 | dir=in | app=f:\opera\opera.exe |
"TCP Query User{EB96A6A3-0E61-4BB8-9AD3-7AD71EF32FAD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{FA626FB7-5B8F-4B12-9CD6-8FD4F6582E51}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=6 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe |
"UDP Query User{0DE173D3-F7B5-4A5F-9B2D-509F34263ADF}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=17 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe |
"UDP Query User{2D90BEAC-B907-4299-8701-37E1D64EFAF9}F:\opera\opera.exe" = protocol=17 | dir=in | app=f:\opera\opera.exe |
"UDP Query User{339C96D9-48AE-442A-808D-F2F081FEF0A1}I:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=i:\fussball manager 10\eadm\core.exe |
"UDP Query User{3DD54E97-B6EF-4AE9-94FE-3EB60DBD5075}I:\spellforce 2\spellforce2.exe" = protocol=17 | dir=in | app=i:\spellforce 2\spellforce2.exe |
"UDP Query User{46AC432C-D419-4B2D-8C5D-05DC1B2443B9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4C7AC3B3-E2F8-4C50-AA5E-4A21334F8197}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{50454226-AD18-48C6-B4B2-A84422833412}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=17 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe |
"UDP Query User{6EED41AF-8719-4FFD-9935-31B19597E869}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{722C15FB-4E66-4BDA-9EF7-5763F9976318}I:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=i:\anno 1701\anno1701.exe |
"UDP Query User{7EE3B264-CD0E-44F1-BCAD-001FCA959D9B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{81AACCB3-1448-477E-9FFF-ABF3527BD837}I:\herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=i:\herr der ringe online\lotroclient.exe |
"UDP Query User{84EC56C2-9234-4309-AD42-992CF6584FB7}F:\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\winamp\winamp.exe |
"UDP Query User{9D7A590F-ADCB-40C2-87A6-2DD50A7713EF}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{B360B32B-36B1-4495-864F-A7593A54F1C4}F:\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\winamp\winamp.exe |
"UDP Query User{C454CA49-629D-46AB-A5AB-8AE765FA58FF}I:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=i:\anno 1701\anno1701.exe |
"UDP Query User{DF260977-3463-494A-AB2C-1D90B0D00EB4}I:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=i:\fussball manager 10\eadm\core.exe |
"UDP Query User{EF491720-1052-4429-9F9C-99379F009FF5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP5c
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR 4.11 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{284CF4B8-4055-4D2E-BC04-5ADD7AA10E3D}" = The Movies(TM) 1.1 Patch
"{2D428867-5883-449B-86F3-7B7187061031}" = Nero 7 Essentials
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{339E300B-AD83-4013-BABF-E5C0DDAAFE7C}" = Spellforce 2 - Dragon Storm
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{378BA9B5-DB6C-41DB-BE93-86CD198A8A9E}" = Guild 2 King's Edition
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF4CAB9-B628-4924-AD9A-1C457DD2960A}" = VirtualDJ Home FREE
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E8242F8-BD2A-44D7-BCED-9B231A02B367}" = SpellForce 2 Patch
"{818690C7-8DA5-4623-BBA8-A73CFBD44077}" = Sound Blaster X-Fi MB
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{97BD5533-8B5B-42FA-ADAE-A6F8DB997D7C}" = Ad-Aware
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A311F7E9-436E-4924-8DB5-6004325F5A43}" = MainConceptDemoCodecs
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7BF5297-3E74-11D5-B00F-00104B398D77}" = QuarkXPress Passport 5.01
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC4FC15-480C-49C1-85DA-1CFBBFC6CD08}" = DVBT
"{D3507473-2CE3-4073-A6BA-A0846B5CC687}" = Namo WebEditor 8
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.03.05.8039
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe
"Ant Renamer 2_is1" = Ant Renamer
"Audacity_is1" = Audacity 1.2.6
"AVMWLANCLI" = AVM FRITZ!WLAN
"baywotch4_is1" = BayWotch v4.2.4
"Canon MX870 series Benutzerregistrierung" = Canon MX870 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Drakensang Online" = Drakensang Online
"Drakensang_is1" = Drakensang
"EADM" = EA Download Manager
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"etope Lister_is1" = 1.36
"FileZilla Client" = FileZilla Client 3.3.3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.31.916
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"InstallShield_{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Music Maker 15 Premium D" = MAGIX Music Maker 15 Premium 15.0.1.8 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"Musik & Audio Restaurator Pro 5_is1" = Musik & Audio Restaurator Pro 5.0
"MySSID_is1" = Vtune 7.10
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Speed Dial Utility" = Canon Kurzwahlprogramm
"SpellForce 2 Update v1.02" = SpellForce 2 Update v1.02
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"Opera 11.10.2092" = Opera 11.10

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.12.2012 22:36:54 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "f:\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.

Error - 13.12.2012 22:42:19 | Computer Name = Hoschimedes | Source = System Restore | ID = 8193
Description =

Error - 13.12.2012 22:47:47 | Computer Name = Hoschimedes | Source = System Restore | ID = 8193
Description =

Error - 17.12.2012 04:30:04 | Computer Name = Hoschimedes | Source = Application Hang | ID = 1002
Description = Programm AcroRd32.exe, Version 9.5.2.295 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1ec8 Startzeit:
01cddc2f2fc549fd Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

Berichts-ID:


Error - 18.12.2012 03:51:27 | Computer Name = Hoschimedes | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avgidsagent.exe, Version: 13.0.0.2792,
Zeitstempel: 0x50993b63 Name des fehlerhaften Moduls: avgidsagent.exe, Version:
13.0.0.2792, Zeitstempel: 0x50993b63 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027610b
ID
des fehlerhaften Prozesses: 0x724 Startzeit der fehlerhaften Anwendung: 0x01cdd9a1349e109b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe Berichtskennung:
b9a00eb7-48e7-11e2-9d66-bc0543072299

Error - 18.12.2012 07:47:03 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error - 18.12.2012 07:47:15 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\Creative\audio device selection unicode\CTAudSeu.exe". Fehler in Manifest-
oder Richtliniendatei "c:\program files (x86)\Creative\audio device selection unicode\CTAudSeu.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 18.12.2012 07:47:23 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "f:\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.

Error - 18.12.2012 07:51:54 | Computer Name = Hoschimedes | Source = System Restore | ID = 8193
Description =

Error - 19.12.2012 08:08:29 | Computer Name = Hoschimedes | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xc70 Startzeit der fehlerhaften Anwendung: 0x01cddde0e1fbe547 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: cc93aa90-49d4-11e2-85dd-485b395d16ab

[ Spybot - Search and Destroy Events ]
Error - 19.12.2012 09:22:22 | Computer Name = Hoschimedes | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 18.12.2012 23:26:34 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 18.12.2012 23:26:35 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 18.12.2012 23:26:37 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 18.12.2012 23:27:35 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 18.12.2012 23:28:56 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 18.12.2012 23:28:56 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 18.12.2012 23:28:58 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 18.12.2012 23:35:30 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 19.12.2012 08:03:10 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 19.12.2012 08:03:10 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5


< End of report >

Alt 19.12.2012, 14:22   #2
markusg
/// Malware-holic
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



Hi
wenn man keine Windows updates einspielt (servicepack 1 zb fehlt) dann passiert so etwas schnell.
Starte mal bitte neu, drücke f8
wähle abgesicherter Modus mit Netzwerk, melde dich im betroffenen Konto an, stelle die Internet verbindung her.
dort solltest du arbeiten können.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 19.12.2012, 15:22   #3
jorgaeff
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



Wow, da bin ich ja echt baff. So schnelle Antwort habe ich nun wirklich nicht erwartet. Toll!!

Ja, mit dem SP1 hast du natürlich recht. Jetzt wo du es sagst fällt es mir auch wieder ein: Ich habe die Installation 2x gestartet, aber die brach dann ab mit einer Fehlermeldung. Ich hab mich dann nicht weiter drum gekümmert und letztendlich vergessen, da Windows mir auch nix mehr von dem fehlenden Update gesagt hat.

Dies ist das einzig wichtige Update das fehlt; habe gerade nachgesehen.

Ein Problem habe ich jedoch wg. dem abgesicherten Modus. Wenn ich F8 drücke (oder F5 oder den Rechner beim Booten zum Absturz bringe) dann habe ich nur die Auswahl zwischen "Windows ganz normal starten" und "Starthilfe starten".

Bei Starthilfe startet der Rechner dann die Systemstartreparatur, sucht nach Problemen und repariert diese dann so ca. 5-10 Min. bis er zu dem Ergebnis kommt, dass die Starthilfe den PC nicht automatisch reparieren kann (Fehlercode 0x0).

Anschließend kann ich mir erweiterte Optionen f. d. Systemwiederherstellung + Support anzeigen lassen. Wenn ich mich dann aber in dem betroffenen Konto anmelde, kann ich nur wieder die Sysstartrep. starten. Als Admin habe ich zwar mehr Möglichkeiten (Sysstartreparatur/Syswiederherst./Sysabbildwiderherst./Windows Speicherdiagnose/Eingabeaufforderung) aber das ist auch nicht das was du mir geantwortet hast.

Ich hatte gestern bereits versucht, den Rechner in dem abgesicherten Modus zu starten, aber trotz googeln keine Möglichkeit gefunden das zu machen. Hast du eine Idee? Ich werde auch nochmal suchen.

Macht es Sinn Combofix im normal gestarteten Windows auszuführen?
__________________

Alt 19.12.2012, 15:38   #4
markusg
/// Malware-holic
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



Hi,
ja dann mal aus dem normalen Betrieb versuchen CF zu starten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.12.2012, 16:03   #5
jorgaeff
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



Hallo, kurze Zwischenfrage noch: Beim Versuch den Rechner in den abgesicherten Modus zu bringen hab ich ihn auf "Energie sparen" gesetzt und dann am Netzteil ausgeschaltet. Normalerweise mag er das gar nicht. Aber diesmal hat er Windows gestartet, wie als ob ich ihn ganz normal aus dem Energie-Sparmodus raushole (hat nur länger gedauert).

Jedenfalls kam jetzt der Sperrscreen nicht mehr. Ich hab MBAM ausgeführt und er hat den Trojaner gefunden. Hab den wieder in die Quarantäne verschoben und erneut durchgestartet. Der Sperrscreen kam danach ebenfalls nicht und nach erneutem Scan hat MBAM NICHTS gefunden. Das ist erstmalig so; bis jetzt war der immer wieder da.

Meine Frage ist jetzt: Soll ich jetzt CF trotzdem im normalen Windows starten?


Alt 19.12.2012, 17:30   #6
markusg
/// Malware-holic
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



Hab ich irgendwas von Malwarebytes geschrieben?
entweder das machen, was hier steht, oder ich kann meine zeit sonst auch sinnvoller nutzen, und schreib keine Anleitungen, die eh nicht befolgt werden...
Öffne, wenn du hier weiterarbeiten willst,malwarebytes, Logdateien,, poste alle Logs mit funden.
dann combofix ausführen
__________________
--> GVU Trojaner / Trojan.Ransom.SUGen

Alt 19.12.2012, 20:31   #7
jorgaeff
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



Tut mir leid, ich war der Meinung dass es helfen könnte, wenn ich hier alles ausführlich schildere. Sicher möchte ich hier weiter arbeiten.

MBAM habe ich scannen lassen und hinterher cf gestartet.

MBAM hat nichts gefunden. Combofix lief bis zum Neustart gut; jetzt nach dem Neustart kann das Programm nicht starten: Sobald es öffnet, schließt es auch schon wieder. Es öffnet mehrere Programmfenster schräg untereinander und fängt dann wieder oben an.

Was kann ich tun?

Hier noch das Logfile von MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.18.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Florian_2 :: HOSCHIMEDES [limited]

19.12.2012 16:54:05
mbam-log-2012-12-19 (16-54-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187686
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Ich habe CF nochmal gestartet; diesmal hat es geklappt:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-19.02 - Florian 20.12.2012  12:02:35.2.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4094.2672 [GMT 1:00]
ausgeführt von:: c:\users\Florian_2\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\Florian_2\wgsdgsdgdsgsd.dll
c:\windows\IsUn0407.exe
c:\windows\system\msvbvm60.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\tmp1103.tmp
c:\windows\SysWow64\tmp1133.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-20 bis 2012-12-20  ))))))))))))))))))))))))))))))
.
.
2012-12-20 11:22 . 2012-12-20 11:22	--------	d-----w-	c:\users\Florian\AppData\Local\temp
2012-12-20 11:22 . 2012-12-20 11:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-20 11:22 . 2012-12-20 11:22	--------	d-----w-	c:\users\Anja\AppData\Local\temp
2012-12-20 10:50 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3631B8A0-615B-41E2-8D4D-0C75B952650F}\mpengine.dll
2012-12-19 12:51 . 2012-12-19 19:36	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2012-12-19 12:50 . 2012-12-19 12:50	--------	d-----w-	c:\users\Florian\AppData\Local\Programs
2012-12-19 03:11 . 2012-12-19 03:11	--------	d-----w-	c:\users\Florian_2\AppData\Roaming\Malwarebytes
2012-12-19 02:27 . 2012-12-19 02:27	--------	d-----w-	c:\users\Florian\AppData\Roaming\Malwarebytes
2012-12-19 02:27 . 2012-12-19 02:27	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-19 02:27 . 2012-12-19 02:27	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-19 02:27 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-19 02:15 . 2012-12-19 13:01	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-12-14 21:31 . 2012-12-14 21:31	--------	d-----w-	c:\users\Anja\.seccommerce
2012-12-13 14:54 . 2012-12-13 14:54	--------	d-----w-	c:\users\Anja\AppData\Roaming\AVG2013
2012-12-13 14:54 . 2012-12-13 14:54	--------	d-----w-	c:\users\Anja\AppData\Local\Avg2013
2012-12-13 02:46 . 2012-12-13 02:46	--------	d-----w-	c:\windows\rescache
2012-12-12 23:13 . 2012-12-12 23:13	--------	d-----w-	c:\users\Florian_2\AppData\Roaming\AVG2013
2012-12-12 23:12 . 2012-12-13 12:43	--------	d-----w-	c:\users\Florian_2\AppData\Local\Avg2013
2012-12-12 23:10 . 2012-12-12 23:10	--------	d-----w-	c:\users\Florian\AppData\Roaming\AVG2013
2012-12-12 23:07 . 2012-12-12 23:07	--------	d-----w-	c:\users\Florian\AppData\Roaming\TuneUp Software
2012-12-12 23:06 . 2012-12-19 20:26	--------	d-----w-	c:\programdata\AVG2013
2012-12-12 23:04 . 2012-12-12 23:04	--------	d-----w-	c:\users\Florian\AppData\Local\MFAData
2012-12-12 23:04 . 2012-12-12 23:04	--------	d-----w-	c:\users\Florian\AppData\Local\Avg2013
2012-12-12 08:26 . 2012-11-02 05:27	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 08:26 . 2012-11-02 04:48	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-11 08:32 . 2012-09-24 22:16	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 02:02 . 2010-08-06 12:07	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-12 20:24 . 2012-04-06 09:54	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 20:24 . 2011-05-17 07:49	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 21:20 . 2012-11-28 12:39	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 12:39	347648	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 12:39	559104	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-10 20:23 . 2012-10-10 20:23	247144	----a-w-	c:\windows\system32\nvinitx.dll
2012-10-10 20:23 . 2012-10-10 20:23	1867112	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2011-05-21 05:01	18252136	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23	1482600	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23	6127464	----a-w-	c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23	2574696	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23	25256296	----a-w-	c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23	831848	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2012-10-10 20:23 . 2012-10-10 20:23	202600	----a-w-	c:\windows\SysWow64\nvinit.dll
2012-10-10 20:23 . 2012-10-10 20:23	7414632	----a-w-	c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2010-06-18 04:00	2731880	----a-w-	c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23	973672	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-10-10 20:23 . 2011-05-21 05:01	14922600	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23	9146728	----a-w-	c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	7697768	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23	2218344	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2010-06-18 04:00	12501352	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2010-06-18 04:00	2428776	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22	26331496	----a-w-	c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-02-09 20:43	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2010-06-18 04:00	15309160	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22	2747240	----a-w-	c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22	19906920	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22	13443944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22	17559912	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-10-04 16:45 . 2012-12-12 08:27	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-09-25 22:39 . 2012-11-15 23:37	95744	----a-w-	c:\windows\system32\synceng.dll
2012-09-25 21:55 . 2012-11-15 23:37	78336	----a-w-	c:\windows\SysWow64\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-06-18 2158592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-09 3077528]
"EA Core"="i:\fussball manager 10\EADM\Core.exe" [2009-09-03 3342336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"RemoteControl"="f:\power dvd 7\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="f:\power dvd 7\Language\Language.exe" [2006-12-05 54832]
"VolPanel"="f:\motherboard\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"NUSB3MON"="f:\motherboard\USB 3.0\Application\nusb3mon.exe" [2010-01-22 106496]
"Six Engine"="f:\motherboard\ASUS EPU\EPU.exe" [2010-03-16 5309056]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
.
c:\users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOM.lnk - c:\program files (x86)\Common Files\Adobe\Web\AOM.exe [2011-11-24 618496]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Florian_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\logitech\SetPoint.exe [2010-8-29 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FreemakeVideoCapture;FreemakeVideoCapture;f:\freemake\CaptureLib\CaptureLibService.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-25 14120]
R3 cpuz130;cpuz130;c:\users\Florian\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-29 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-29 79360]
R3 EC168x64;EC168BDA service;c:\windows\system32\DRIVERS\EC168x64.sys [2007-09-11 132096]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;p:\common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2009-03-20 460800]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-25 714368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\sisoftware sandra lite 2012.sp5c\RpcAgentSrv.exe [2008-09-05 68760]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-10 1255736]
S0 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viamrx64.sys [2008-07-09 136192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-13 248936]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [2009-07-31 25600]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-03-17 401696]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 83.169.184.161 192.168.0.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110917200133237&tb_oid=28-10-2011&tb_mrud=28-10-2011&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110917200133237&tb_oid=28-10-2011&tb_mrud=28-10-2011&query=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-flatster Recorder - f:\flatster recorder\flatster Recorder.exe
BHO-{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Airline Tycoon - Deluxe - i:\airlin~2\UNWISE.EXE
AddRemove-Xfire - f:\spellforce 2\xfire\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1234284039-539375577-3249342001-1004\Software\SecuROM\License information*]
"datasecu"=hex:ef,bb,2e,f0,c3,07,80,8e,3a,23,c3,84,a6,ed,5b,01,7f,06,ef,d3,7c,
   03,91,f3,51,96,de,f4,43,a4,b9,1e,02,23,1f,93,e7,a1,17,c1,bb,86,92,70,6f,a7,\
"rkeysecu"=hex:7b,1c,0e,e8,b6,ea,63,ea,ef,c5,84,b6,40,eb,04,a1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-20  12:23:42
ComboFix-quarantined-files.txt  2012-12-20 11:23
.
Vor Suchlauf: 2.696.409.088 Bytes frei
Nach Suchlauf: 2.508.099.584 Bytes frei
.
- - End Of File - - C43BA781E774CA19B993784F9CE8DCC2
         
--- --- ---

Alt 20.12.2012, 12:41   #8
markusg
/// Malware-holic
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



Sieht gut aus.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.12.2012, 14:37   #9
jorgaeff
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



15:32:44.0075 4192 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:32:44.0371 4192 ============================================================
15:32:44.0371 4192 Current date / time: 2012/12/20 15:32:44.0371
15:32:44.0371 4192 SystemInfo:
15:32:44.0371 4192
15:32:44.0371 4192 OS Version: 6.1.7601 ServicePack: 1.0
15:32:44.0371 4192 Product type: Workstation
15:32:44.0371 4192 ComputerName: HOSCHIMEDES
15:32:44.0371 4192 UserName: Florian
15:32:44.0371 4192 Windows directory: C:\Windows
15:32:44.0371 4192 System windows directory: C:\Windows
15:32:44.0371 4192 Running under WOW64
15:32:44.0371 4192 Processor architecture: Intel x64
15:32:44.0371 4192 Number of processors: 4
15:32:44.0371 4192 Page size: 0x1000
15:32:44.0371 4192 Boot type: Normal boot
15:32:44.0371 4192 ============================================================
15:32:45.0572 4192 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:32:45.0588 4192 ============================================================
15:32:45.0588 4192 \Device\Harddisk0\DR0:
15:32:45.0588 4192 MBR partitions:
15:32:45.0588 4192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:32:45.0588 4192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x61BBAF8
15:32:45.0604 4192 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x61EE337, BlocksNum 0x61900A1
15:32:45.0604 4192 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xC37E417, BlocksNum 0x30D3C70
15:32:45.0619 4192 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0xF4520CA, BlocksNum 0x30D3C6F
15:32:45.0635 4192 \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x12525D7D, BlocksNum 0x61A7920
15:32:45.0666 4192 \Device\Harddisk0\DR0\Partition7: MBR, Type 0x7, StartLBA 0x186CD6E3, BlocksNum 0xC34F289
15:32:45.0666 4192 \Device\Harddisk0\DR0\Partition8: MBR, Type 0x7, StartLBA 0x24A1C9AF, BlocksNum 0xC34F289
15:32:45.0682 4192 \Device\Harddisk0\DR0\Partition9: MBR, Type 0x7, StartLBA 0x30D6BC7B, BlocksNum 0xC34F289
15:32:45.0728 4192 \Device\Harddisk0\DR0\Partition10: MBR, Type 0x7, StartLBA 0x3D0BAF47, BlocksNum 0xC34F289
15:32:45.0760 4192 \Device\Harddisk0\DR0\Partition11: MBR, Type 0x7, StartLBA 0x4940A213, BlocksNum 0x186A241A
15:32:45.0791 4192 \Device\Harddisk0\DR0\Partition12: MBR, Type 0x7, StartLBA 0x61AAC66C, BlocksNum 0x61A3A66
15:32:45.0806 4192 \Device\Harddisk0\DR0\Partition13: MBR, Type 0x7, StartLBA 0x67C50111, BlocksNum 0xCAB58A9
15:32:45.0806 4192 ============================================================
15:32:45.0900 4192 C: <-> \Device\Harddisk0\DR0\Partition2
15:32:45.0931 4192 G: <-> \Device\Harddisk0\DR0\Partition4
15:32:45.0994 4192 J: <-> \Device\Harddisk0\DR0\Partition7
15:32:46.0087 4192 K: <-> \Device\Harddisk0\DR0\Partition8
15:32:46.0103 4192 L: <-> \Device\Harddisk0\DR0\Partition9
15:32:46.0196 4192 M: <-> \Device\Harddisk0\DR0\Partition10
15:32:46.0259 4192 N: <-> \Device\Harddisk0\DR0\Partition11
15:32:46.0352 4192 P: <-> \Device\Harddisk0\DR0\Partition13
15:32:46.0384 4192 I: <-> \Device\Harddisk0\DR0\Partition6
15:32:46.0399 4192 H: <-> \Device\Harddisk0\DR0\Partition5
15:32:46.0415 4192 F: <-> \Device\Harddisk0\DR0\Partition3
15:32:46.0586 4192 O: <-> \Device\Harddisk0\DR0\Partition12
15:32:46.0586 4192 ============================================================
15:32:46.0586 4192 Initialize success
15:32:46.0586 4192 ============================================================
15:33:00.0517 3660 ============================================================
15:33:00.0517 3660 Scan started
15:33:00.0517 3660 Mode: Manual; SigCheck; TDLFS;
15:33:00.0517 3660 ============================================================
15:33:02.0202 3660 ================ Scan system memory ========================
15:33:02.0202 3660 System memory - ok
15:33:02.0218 3660 ================ Scan services =============================
15:33:02.0389 3660 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:33:02.0467 3660 1394ohci - ok
15:33:02.0498 3660 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:33:02.0514 3660 ACPI - ok
15:33:02.0514 3660 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:33:02.0810 3660 AcpiPmi - ok
15:33:02.0888 3660 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:33:02.0904 3660 AdobeFlashPlayerUpdateSvc - ok
15:33:02.0935 3660 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:33:02.0951 3660 adp94xx - ok
15:33:02.0966 3660 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:33:02.0998 3660 adpahci - ok
15:33:03.0013 3660 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:33:03.0029 3660 adpu320 - ok
15:33:03.0060 3660 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:33:03.0091 3660 AeLookupSvc - ok
15:33:03.0122 3660 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:33:03.0154 3660 AFD - ok
15:33:03.0169 3660 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:33:03.0185 3660 agp440 - ok
15:33:03.0200 3660 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:33:03.0216 3660 ALG - ok
15:33:03.0232 3660 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:33:03.0247 3660 aliide - ok
15:33:03.0247 3660 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:33:03.0263 3660 amdide - ok
15:33:03.0278 3660 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:33:03.0356 3660 AmdK8 - ok
15:33:03.0372 3660 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:33:03.0419 3660 AmdPPM - ok
15:33:03.0466 3660 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:33:03.0497 3660 amdsata - ok
15:33:03.0512 3660 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:33:03.0528 3660 amdsbs - ok
15:33:03.0544 3660 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:33:03.0544 3660 amdxata - ok
15:33:03.0575 3660 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:33:03.0606 3660 AppID - ok
15:33:03.0637 3660 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:33:03.0668 3660 AppIDSvc - ok
15:33:03.0700 3660 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:33:03.0731 3660 Appinfo - ok
15:33:03.0778 3660 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:33:03.0793 3660 AppMgmt - ok
15:33:03.0809 3660 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:33:03.0824 3660 arc - ok
15:33:03.0824 3660 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:33:03.0840 3660 arcsas - ok
15:33:03.0902 3660 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
15:33:03.0918 3660 AsIO - ok
15:33:03.0949 3660 aspnet_state - ok
15:33:03.0965 3660 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:33:03.0996 3660 AsyncMac - ok
15:33:04.0012 3660 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:33:04.0027 3660 atapi - ok
15:33:04.0058 3660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:33:04.0090 3660 AudioEndpointBuilder - ok
15:33:04.0090 3660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:33:04.0121 3660 AudioSrv - ok
15:33:04.0464 3660 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
15:33:04.0526 3660 AVGIDSAgent - ok
15:33:04.0558 3660 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:33:04.0573 3660 AVGIDSDriver - ok
15:33:04.0589 3660 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
15:33:04.0604 3660 AVGIDSHA - ok
15:33:04.0620 3660 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
15:33:04.0636 3660 Avgldx64 - ok
15:33:04.0667 3660 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
15:33:04.0682 3660 Avgloga - ok
15:33:04.0698 3660 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
15:33:04.0714 3660 Avgmfx64 - ok
15:33:04.0729 3660 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
15:33:04.0745 3660 Avgrkx64 - ok
15:33:04.0760 3660 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
15:33:04.0776 3660 Avgtdia - ok
15:33:04.0807 3660 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
15:33:04.0807 3660 avgwd - ok
15:33:04.0870 3660 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
15:33:04.0885 3660 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
15:33:04.0885 3660 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
15:33:04.0901 3660 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
15:33:04.0932 3660 avmeject - ok
15:33:04.0963 3660 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:33:05.0026 3660 AxInstSV - ok
15:33:05.0072 3660 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:33:05.0119 3660 b06bdrv - ok
15:33:05.0150 3660 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:33:05.0197 3660 b57nd60a - ok
15:33:05.0213 3660 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:33:05.0228 3660 BDESVC - ok
15:33:05.0260 3660 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:33:05.0291 3660 Beep - ok
15:33:05.0322 3660 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:33:05.0369 3660 BFE - ok
15:33:05.0400 3660 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:33:05.0447 3660 BITS - ok
15:33:05.0462 3660 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:33:05.0478 3660 blbdrive - ok
15:33:05.0509 3660 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:33:05.0525 3660 bowser - ok
15:33:05.0540 3660 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:33:05.0603 3660 BrFiltLo - ok
15:33:05.0603 3660 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:33:05.0618 3660 BrFiltUp - ok
15:33:05.0650 3660 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:33:05.0681 3660 BridgeMP - ok
15:33:05.0712 3660 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:33:05.0728 3660 Browser - ok
15:33:05.0743 3660 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:33:05.0774 3660 Brserid - ok
15:33:05.0806 3660 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:33:05.0837 3660 BrSerWdm - ok
15:33:05.0837 3660 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:33:05.0868 3660 BrUsbMdm - ok
15:33:05.0868 3660 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:33:05.0884 3660 BrUsbSer - ok
15:33:05.0899 3660 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:33:05.0930 3660 BTHMODEM - ok
15:33:05.0962 3660 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:33:06.0024 3660 BTHPORT - ok
15:33:06.0040 3660 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:33:06.0086 3660 bthserv - ok
15:33:06.0086 3660 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:33:06.0118 3660 BTHUSB - ok
15:33:06.0149 3660 catchme - ok
15:33:06.0164 3660 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:33:06.0196 3660 cdfs - ok
15:33:06.0227 3660 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:33:06.0242 3660 cdrom - ok
15:33:06.0274 3660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:33:06.0320 3660 CertPropSvc - ok
15:33:06.0336 3660 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:33:06.0352 3660 circlass - ok
15:33:06.0367 3660 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:33:06.0383 3660 CLFS - ok
15:33:06.0414 3660 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:33:06.0414 3660 clr_optimization_v2.0.50727_32 - ok
15:33:06.0539 3660 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:33:06.0554 3660 clr_optimization_v2.0.50727_64 - ok
15:33:06.0617 3660 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:33:06.0617 3660 clr_optimization_v4.0.30319_32 - ok
15:33:06.0648 3660 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:33:06.0664 3660 clr_optimization_v4.0.30319_64 - ok
15:33:06.0679 3660 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:33:06.0695 3660 CmBatt - ok
15:33:06.0726 3660 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:33:06.0742 3660 cmdide - ok
15:33:06.0757 3660 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:33:06.0788 3660 CNG - ok
15:33:06.0804 3660 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:33:06.0820 3660 Compbatt - ok
15:33:06.0835 3660 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:33:06.0851 3660 CompositeBus - ok
15:33:06.0851 3660 COMSysApp - ok
15:33:06.0960 3660 cpuz130 - ok
15:33:06.0976 3660 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:33:06.0991 3660 crcdisk - ok
15:33:07.0022 3660 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
15:33:07.0038 3660 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:33:07.0038 3660 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:33:07.0054 3660 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:33:07.0069 3660 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:33:07.0069 3660 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:33:07.0132 3660 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:33:07.0147 3660 CryptSvc - ok
15:33:07.0178 3660 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:33:07.0225 3660 CSC - ok
15:33:07.0303 3660 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:33:07.0319 3660 CscService - ok
15:33:07.0381 3660 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:33:07.0412 3660 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
15:33:07.0412 3660 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
15:33:07.0475 3660 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
15:33:07.0490 3660 dc3d - ok
15:33:07.0522 3660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:33:07.0568 3660 DcomLaunch - ok
15:33:07.0584 3660 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:33:07.0615 3660 defragsvc - ok
15:33:07.0646 3660 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:33:07.0678 3660 DfsC - ok
15:33:07.0709 3660 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:33:07.0724 3660 Dhcp - ok
15:33:07.0740 3660 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:33:07.0756 3660 discache - ok
15:33:07.0787 3660 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:33:07.0787 3660 Disk - ok
15:33:07.0818 3660 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:33:07.0834 3660 Dnscache - ok
15:33:07.0865 3660 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:33:07.0896 3660 dot3svc - ok
15:33:07.0912 3660 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:33:07.0943 3660 DPS - ok
15:33:07.0974 3660 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:33:07.0990 3660 drmkaud - ok
15:33:08.0005 3660 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:33:08.0036 3660 DXGKrnl - ok
15:33:08.0052 3660 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:33:08.0083 3660 EapHost - ok
15:33:08.0146 3660 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:33:08.0208 3660 ebdrv - ok
15:33:08.0224 3660 [ 629CE7287AFE06755F937B83D7806711 ] EC168x64 C:\Windows\system32\DRIVERS\EC168x64.sys
15:33:08.0255 3660 EC168x64 - ok
15:33:08.0270 3660 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:33:08.0302 3660 EFS - ok
15:33:08.0333 3660 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:33:08.0380 3660 ehRecvr - ok
15:33:08.0395 3660 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:33:08.0411 3660 ehSched - ok
15:33:08.0442 3660 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:33:08.0458 3660 elxstor - ok
15:33:08.0473 3660 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:33:08.0489 3660 ErrDev - ok
15:33:08.0504 3660 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:33:08.0536 3660 EventSystem - ok
15:33:08.0536 3660 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:33:08.0567 3660 exfat - ok
15:33:08.0598 3660 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:33:08.0645 3660 fastfat - ok
15:33:08.0707 3660 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:33:08.0754 3660 Fax - ok
15:33:08.0770 3660 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:33:08.0785 3660 fdc - ok
15:33:08.0801 3660 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:33:08.0832 3660 fdPHost - ok
15:33:08.0848 3660 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:33:08.0894 3660 FDResPub - ok
15:33:08.0910 3660 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:33:08.0910 3660 FileInfo - ok
15:33:08.0910 3660 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:33:08.0957 3660 Filetrace - ok
15:33:09.0222 3660 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance P:\Common\Database\bin\fbserver.exe
15:33:09.0284 3660 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
15:33:09.0284 3660 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
15:33:09.0300 3660 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:33:09.0316 3660 flpydisk - ok
15:33:09.0331 3660 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:33:09.0347 3660 FltMgr - ok
15:33:09.0440 3660 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:33:09.0472 3660 FontCache - ok
15:33:09.0518 3660 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:33:09.0534 3660 FontCache3.0.0.0 - ok
15:33:09.0550 3660 FreemakeVideoCapture - ok
15:33:09.0565 3660 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:33:09.0565 3660 FsDepends - ok
15:33:09.0581 3660 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:33:09.0596 3660 Fs_Rec - ok
15:33:09.0612 3660 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:33:09.0628 3660 fvevol - ok
15:33:09.0690 3660 [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
15:33:09.0737 3660 FWLANUSB - ok
15:33:09.0784 3660 [ 15585492E45E2F30768B2D5B57929D99 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys
15:33:09.0815 3660 fwlanusbn - ok
15:33:09.0815 3660 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:33:09.0830 3660 gagp30kx - ok
15:33:09.0862 3660 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:33:09.0893 3660 gpsvc - ok
15:33:09.0908 3660 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:33:09.0940 3660 hcw85cir - ok
15:33:09.0971 3660 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:33:10.0002 3660 HdAudAddService - ok
15:33:10.0033 3660 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:33:10.0049 3660 HDAudBus - ok
15:33:10.0064 3660 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:33:10.0080 3660 HidBatt - ok
15:33:10.0096 3660 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:33:10.0127 3660 HidBth - ok
15:33:10.0142 3660 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:33:10.0158 3660 HidIr - ok
15:33:10.0158 3660 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:33:10.0189 3660 hidserv - ok
15:33:10.0220 3660 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:33:10.0220 3660 HidUsb - ok
15:33:10.0252 3660 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:33:10.0283 3660 hkmsvc - ok
15:33:10.0298 3660 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:33:10.0330 3660 HomeGroupListener - ok
15:33:10.0345 3660 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:33:10.0376 3660 HomeGroupProvider - ok
15:33:10.0392 3660 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:33:10.0408 3660 HpSAMD - ok
15:33:10.0423 3660 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:33:10.0454 3660 HTTP - ok
15:33:10.0486 3660 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:33:10.0486 3660 hwpolicy - ok
15:33:10.0517 3660 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:33:10.0532 3660 i8042prt - ok
15:33:10.0564 3660 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:33:10.0579 3660 iaStorV - ok
15:33:10.0657 3660 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:33:10.0673 3660 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:33:10.0673 3660 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:33:10.0766 3660 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:33:10.0798 3660 idsvc - ok
15:33:10.0813 3660 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:33:10.0829 3660 iirsp - ok
15:33:10.0907 3660 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:33:10.0938 3660 IKEEXT - ok
15:33:10.0985 3660 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:33:10.0985 3660 intelide - ok
15:33:11.0000 3660 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:33:11.0032 3660 intelppm - ok
15:33:11.0063 3660 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:33:11.0094 3660 IPBusEnum - ok
15:33:11.0110 3660 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:33:11.0141 3660 IpFilterDriver - ok
15:33:11.0188 3660 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:33:11.0219 3660 iphlpsvc - ok
15:33:11.0250 3660 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:33:11.0266 3660 IPMIDRV - ok
15:33:11.0297 3660 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:33:11.0344 3660 IPNAT - ok
15:33:11.0359 3660 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:33:11.0406 3660 IRENUM - ok
15:33:11.0422 3660 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:33:11.0437 3660 isapnp - ok
15:33:11.0453 3660 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:33:11.0468 3660 iScsiPrt - ok
15:33:11.0500 3660 [ 75DDB94A2A24F9F7037D10A2DDA06D36 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
15:33:11.0515 3660 JRAID - ok
15:33:11.0531 3660 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:33:11.0546 3660 kbdclass - ok
15:33:11.0578 3660 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:33:11.0593 3660 kbdhid - ok
15:33:11.0609 3660 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:33:11.0624 3660 KeyIso - ok
15:33:11.0671 3660 [ DB449F50E5141458EB58E64FFAC4863F ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
15:33:11.0687 3660 kl1 - ok
15:33:11.0702 3660 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:33:11.0702 3660 KSecDD - ok
15:33:11.0749 3660 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:33:11.0749 3660 KSecPkg - ok
15:33:11.0780 3660 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:33:11.0827 3660 ksthunk - ok
15:33:11.0843 3660 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:33:11.0905 3660 KtmRm - ok
15:33:11.0936 3660 [ F33C5D79D3273530E1892A0922283A7B ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys
15:33:11.0952 3660 L8042Kbd - ok
15:33:11.0983 3660 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:33:12.0014 3660 LanmanServer - ok
15:33:12.0046 3660 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:33:12.0061 3660 LanmanWorkstation - ok
15:33:12.0092 3660 Lavasoft Kernexplorer - ok
15:33:12.0108 3660 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:33:12.0139 3660 lltdio - ok
15:33:12.0170 3660 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:33:12.0202 3660 lltdsvc - ok
15:33:12.0217 3660 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:33:12.0248 3660 lmhosts - ok
15:33:12.0264 3660 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:33:12.0280 3660 LSI_FC - ok
15:33:12.0295 3660 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:33:12.0311 3660 LSI_SAS - ok
15:33:12.0311 3660 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:33:12.0326 3660 LSI_SAS2 - ok
15:33:12.0326 3660 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:33:12.0342 3660 LSI_SCSI - ok
15:33:12.0358 3660 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:33:12.0389 3660 luafv - ok
15:33:12.0420 3660 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:33:12.0451 3660 Mcx2Svc - ok
15:33:12.0451 3660 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:33:12.0467 3660 megasas - ok
15:33:12.0482 3660 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:33:12.0498 3660 MegaSR - ok
15:33:12.0498 3660 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:33:12.0545 3660 MMCSS - ok
15:33:12.0560 3660 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:33:12.0592 3660 Modem - ok
15:33:12.0607 3660 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:33:12.0623 3660 monitor - ok
15:33:12.0654 3660 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:33:12.0670 3660 mouclass - ok
15:33:12.0685 3660 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:33:12.0701 3660 mouhid - ok
15:33:12.0732 3660 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:33:12.0732 3660 mountmgr - ok
15:33:12.0763 3660 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:33:12.0779 3660 MozillaMaintenance - ok
15:33:12.0810 3660 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:33:12.0826 3660 mpio - ok
15:33:12.0841 3660 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:33:12.0857 3660 mpsdrv - ok
15:33:12.0888 3660 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:33:12.0919 3660 MpsSvc - ok
15:33:12.0950 3660 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:33:12.0966 3660 MRxDAV - ok
15:33:12.0997 3660 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:33:13.0028 3660 mrxsmb - ok
15:33:13.0044 3660 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:33:13.0044 3660 mrxsmb10 - ok
15:33:13.0060 3660 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:33:13.0075 3660 mrxsmb20 - ok
15:33:13.0091 3660 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:33:13.0106 3660 msahci - ok
15:33:13.0122 3660 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:33:13.0138 3660 msdsm - ok
15:33:13.0153 3660 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:33:13.0169 3660 MSDTC - ok
15:33:13.0184 3660 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:33:13.0216 3660 Msfs - ok
15:33:13.0231 3660 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:33:13.0262 3660 mshidkmdf - ok
15:33:13.0294 3660 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:33:13.0294 3660 msisadrv - ok
15:33:13.0309 3660 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:33:13.0356 3660 MSiSCSI - ok
15:33:13.0356 3660 msiserver - ok
15:33:13.0372 3660 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:33:13.0403 3660 MSKSSRV - ok
15:33:13.0403 3660 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:33:13.0450 3660 MSPCLOCK - ok
15:33:13.0465 3660 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:33:13.0512 3660 MSPQM - ok
15:33:13.0528 3660 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:33:13.0528 3660 MsRPC - ok
15:33:13.0559 3660 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:33:13.0574 3660 mssmbios - ok
15:33:13.0574 3660 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:33:13.0606 3660 MSTEE - ok
15:33:13.0606 3660 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:33:13.0621 3660 MTConfig - ok
15:33:13.0652 3660 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
15:33:13.0652 3660 MTsensor - ok
15:33:13.0668 3660 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:33:13.0668 3660 Mup - ok
15:33:13.0715 3660 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:33:13.0746 3660 napagent - ok
15:33:13.0777 3660 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:33:13.0793 3660 NativeWifiP - ok
15:33:13.0824 3660 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:33:13.0840 3660 NDIS - ok
15:33:13.0840 3660 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:33:13.0871 3660 NdisCap - ok
15:33:13.0886 3660 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:33:13.0918 3660 NdisTapi - ok
15:33:13.0933 3660 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:33:13.0964 3660 Ndisuio - ok
15:33:13.0980 3660 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:33:14.0027 3660 NdisWan - ok
15:33:14.0042 3660 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:33:14.0074 3660 NDProxy - ok
15:33:14.0089 3660 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:33:14.0120 3660 NetBIOS - ok
15:33:14.0120 3660 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:33:14.0152 3660 NetBT - ok
15:33:14.0167 3660 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:33:14.0167 3660 Netlogon - ok
15:33:14.0198 3660 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:33:14.0245 3660 Netman - ok
15:33:14.0245 3660 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:33:14.0276 3660 netprofm - ok
15:33:14.0308 3660 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:33:14.0323 3660 NetTcpPortSharing - ok
15:33:14.0339 3660 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:33:14.0354 3660 nfrd960 - ok
15:33:14.0370 3660 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:33:14.0401 3660 NlaSvc - ok
15:33:14.0510 3660 [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
15:33:14.0542 3660 NMIndexingService - ok
15:33:14.0557 3660 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:33:14.0588 3660 Npfs - ok
15:33:14.0620 3660 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:33:14.0651 3660 nsi - ok
15:33:14.0666 3660 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:33:14.0698 3660 nsiproxy - ok
15:33:14.0729 3660 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:33:14.0760 3660 Ntfs - ok
15:33:14.0776 3660 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:33:14.0791 3660 Null - ok
15:33:14.0822 3660 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:33:14.0854 3660 nusb3hub - ok
15:33:14.0869 3660 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:33:14.0900 3660 nusb3xhc - ok
15:33:14.0932 3660 [ A842341EF3C702EF8208E610BE0FD1D9 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:33:14.0947 3660 NVHDA - ok
15:33:15.0275 3660 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:33:15.0415 3660 nvlddmkm - ok
15:33:15.0493 3660 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:33:15.0524 3660 nvraid - ok
15:33:15.0540 3660 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:33:15.0556 3660 nvstor - ok
15:33:15.0571 3660 [ 1B3524DF1C5977122D09F531ED98D0B3 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:33:15.0587 3660 nvsvc - ok
15:33:15.0618 3660 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:33:15.0634 3660 nv_agp - ok
15:33:15.0665 3660 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:33:15.0696 3660 ohci1394 - ok
15:33:15.0712 3660 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:33:15.0743 3660 p2pimsvc - ok
15:33:15.0758 3660 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:33:15.0774 3660 p2psvc - ok
15:33:15.0790 3660 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:33:15.0821 3660 Parport - ok
15:33:15.0836 3660 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:33:15.0852 3660 partmgr - ok
15:33:15.0852 3660 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:33:15.0883 3660 PcaSvc - ok
15:33:15.0899 3660 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:33:15.0899 3660 pci - ok
15:33:15.0930 3660 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:33:15.0930 3660 pciide - ok
15:33:15.0946 3660 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:33:15.0961 3660 pcmcia - ok
15:33:15.0977 3660 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:33:15.0977 3660 pcw - ok
15:33:16.0008 3660 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:33:16.0055 3660 PEAUTH - ok
15:33:16.0102 3660 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:33:16.0133 3660 PeerDistSvc - ok
15:33:16.0195 3660 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:33:16.0211 3660 PerfHost - ok
15:33:16.0258 3660 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:33:16.0289 3660 pla - ok
15:33:16.0336 3660 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:33:16.0351 3660 PlugPlay - ok
15:33:16.0367 3660 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:33:16.0382 3660 PNRPAutoReg - ok
15:33:16.0382 3660 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:33:16.0398 3660 PNRPsvc - ok
15:33:16.0429 3660 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
15:33:16.0445 3660 Point64 - ok
15:33:16.0460 3660 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:33:16.0492 3660 PolicyAgent - ok
15:33:16.0523 3660 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:33:16.0554 3660 Power - ok
15:33:16.0570 3660 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:33:16.0601 3660 PptpMiniport - ok
15:33:16.0601 3660 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:33:16.0632 3660 Processor - ok
15:33:16.0648 3660 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:33:16.0679 3660 ProfSvc - ok
15:33:16.0694 3660 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:33:16.0694 3660 ProtectedStorage - ok
15:33:16.0726 3660 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:33:16.0757 3660 Psched - ok
15:33:16.0788 3660 [ FF40216A382B30CC39372B889AE1F785 ] pwdrvio C:\Windows\system32\pwdrvio.sys
15:33:16.0804 3660 pwdrvio - ok
15:33:16.0819 3660 [ BD08A9CDF23502B1C141D52D9D6A6648 ] pwdspio C:\Windows\system32\pwdspio.sys
15:33:16.0850 3660 pwdspio - ok
15:33:16.0882 3660 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:33:16.0913 3660 ql2300 - ok
15:33:16.0944 3660 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:33:16.0960 3660 ql40xx - ok
15:33:16.0975 3660 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:33:16.0991 3660 QWAVE - ok
15:33:16.0991 3660 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:33:17.0022 3660 QWAVEdrv - ok
15:33:17.0022 3660 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:33:17.0053 3660 RasAcd - ok
15:33:17.0069 3660 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:33:17.0100 3660 RasAgileVpn - ok
15:33:17.0116 3660 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:33:17.0131 3660 RasAuto - ok
15:33:17.0147 3660 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:33:17.0178 3660 Rasl2tp - ok
15:33:17.0209 3660 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:33:17.0256 3660 RasMan - ok
15:33:17.0256 3660 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:33:17.0303 3660 RasPppoe - ok
15:33:17.0318 3660 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:33:17.0350 3660 RasSstp - ok
15:33:17.0365 3660 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:33:17.0396 3660 rdbss - ok
15:33:17.0412 3660 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:33:17.0428 3660 rdpbus - ok
15:33:17.0443 3660 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:33:17.0459 3660 RDPCDD - ok
15:33:17.0490 3660 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:33:17.0506 3660 RDPDR - ok
15:33:17.0521 3660 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:33:17.0552 3660 RDPENCDD - ok
15:33:17.0568 3660 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:33:17.0584 3660 RDPREFMP - ok
15:33:17.0599 3660 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:33:17.0646 3660 RDPWD - ok
15:33:17.0677 3660 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:33:17.0693 3660 rdyboost - ok
15:33:17.0724 3660 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:33:17.0755 3660 RemoteAccess - ok
15:33:17.0771 3660 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:33:17.0802 3660 RemoteRegistry - ok
15:33:17.0849 3660 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
15:33:17.0864 3660 RichVideo ( UnsignedFile.Multi.Generic ) - warning
15:33:17.0864 3660 RichVideo - detected UnsignedFile.Multi.Generic (1)
15:33:17.0880 3660 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:33:17.0911 3660 RpcEptMapper - ok
15:33:17.0942 3660 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:33:17.0942 3660 RpcLocator - ok
15:33:17.0974 3660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:33:18.0005 3660 RpcSs - ok
15:33:18.0005 3660 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:33:18.0036 3660 rspndr - ok
15:33:18.0052 3660 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:33:18.0083 3660 s3cap - ok
15:33:18.0098 3660 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:33:18.0098 3660 SamSs - ok
15:33:18.0239 3660 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA F:\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys
15:33:18.0254 3660 SANDRA - ok
15:33:18.0270 3660 [ 5FDF2605205C73E05316795DCC6663EC ] SandraAgentSrv F:\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe
15:33:18.0286 3660 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
15:33:18.0286 3660 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
15:33:18.0301 3660 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:33:18.0317 3660 sbp2port - ok
15:33:18.0332 3660 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:33:18.0364 3660 SCardSvr - ok
15:33:18.0395 3660 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:33:18.0426 3660 scfilter - ok
15:33:18.0457 3660 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:33:18.0488 3660 Schedule - ok
15:33:18.0520 3660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:33:18.0535 3660 SCPolicySvc - ok
15:33:18.0582 3660 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:33:18.0598 3660 SDRSVC - ok
15:33:18.0629 3660 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:33:18.0660 3660 secdrv - ok
15:33:18.0676 3660 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:33:18.0707 3660 seclogon - ok
15:33:18.0738 3660 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:33:18.0754 3660 SENS - ok
15:33:18.0769 3660 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:33:18.0816 3660 SensrSvc - ok
15:33:18.0816 3660 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:33:18.0832 3660 Serenum - ok
15:33:18.0847 3660 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:33:18.0878 3660 Serial - ok
15:33:18.0894 3660 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:33:18.0910 3660 sermouse - ok
15:33:18.0925 3660 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:33:18.0956 3660 SessionEnv - ok
15:33:18.0988 3660 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:33:19.0019 3660 sffdisk - ok
15:33:19.0034 3660 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:33:19.0066 3660 sffp_mmc - ok
15:33:19.0066 3660 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:33:19.0081 3660 sffp_sd - ok
15:33:19.0097 3660 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:33:19.0097 3660 sfloppy - ok
15:33:19.0144 3660 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:33:19.0159 3660 SharedAccess - ok
15:33:19.0190 3660 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:33:19.0206 3660 ShellHWDetection - ok
15:33:19.0237 3660 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:33:19.0253 3660 SiSRaid2 - ok
15:33:19.0253 3660 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:33:19.0268 3660 SiSRaid4 - ok
15:33:19.0284 3660 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:33:19.0315 3660 Smb - ok
15:33:19.0331 3660 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:33:19.0331 3660 SNMPTRAP - ok
15:33:19.0378 3660 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
15:33:19.0409 3660 Sony Ericsson PCCompanion - ok
15:33:19.0424 3660 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:33:19.0440 3660 spldr - ok
15:33:19.0456 3660 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:33:19.0487 3660 Spooler - ok
15:33:19.0580 3660 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:33:19.0627 3660 sppsvc - ok
15:33:19.0643 3660 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:33:19.0674 3660 sppuinotify - ok
15:33:19.0705 3660 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:33:19.0721 3660 srv - ok
15:33:19.0736 3660 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:33:19.0752 3660 srv2 - ok
15:33:19.0768 3660 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:33:19.0783 3660 srvnet - ok
15:33:19.0814 3660 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:33:19.0830 3660 SSDPSRV - ok
15:33:19.0846 3660 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:33:19.0861 3660 SstpSvc - ok
15:33:20.0002 3660 [ 108F1BE5B024E5FA0B8801E5B9F5288B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:33:20.0002 3660 Stereo Service - ok
15:33:20.0033 3660 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:33:20.0048 3660 stexstor - ok
15:33:20.0080 3660 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:33:20.0111 3660 stisvc - ok
15:33:20.0126 3660 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:33:20.0142 3660 storflt - ok
15:33:20.0158 3660 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:33:20.0204 3660 StorSvc - ok
15:33:20.0220 3660 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:33:20.0236 3660 storvsc - ok
15:33:20.0267 3660 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:33:20.0282 3660 swenum - ok
15:33:20.0314 3660 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:33:20.0345 3660 swprv - ok
15:33:20.0423 3660 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:33:20.0454 3660 SysMain - ok
15:33:20.0470 3660 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:33:20.0501 3660 TabletInputService - ok
15:33:20.0516 3660 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:33:20.0548 3660 TapiSrv - ok
15:33:20.0548 3660 TBPanel - ok
15:33:20.0579 3660 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:33:20.0594 3660 TBS - ok
15:33:20.0641 3660 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:33:20.0672 3660 Tcpip - ok
15:33:20.0704 3660 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:33:20.0735 3660 TCPIP6 - ok
15:33:20.0750 3660 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:33:20.0782 3660 tcpipreg - ok
15:33:20.0813 3660 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:33:20.0844 3660 TDPIPE - ok
15:33:20.0875 3660 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:33:20.0891 3660 TDTCP - ok
15:33:20.0922 3660 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:33:20.0953 3660 tdx - ok
15:33:20.0984 3660 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:33:21.0000 3660 TermDD - ok
15:33:21.0031 3660 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:33:21.0062 3660 TermService - ok
15:33:21.0078 3660 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:33:21.0094 3660 Themes - ok
15:33:21.0140 3660 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:33:21.0156 3660 THREADORDER - ok
15:33:21.0172 3660 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:33:21.0218 3660 TrkWks - ok
15:33:21.0265 3660 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:33:21.0312 3660 TrustedInstaller - ok
15:33:21.0343 3660 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:33:21.0374 3660 tssecsrv - ok
15:33:21.0390 3660 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:33:21.0421 3660 TsUsbFlt - ok
15:33:21.0468 3660 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:33:21.0499 3660 tunnel - ok
15:33:21.0499 3660 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:33:21.0515 3660 uagp35 - ok
15:33:21.0546 3660 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:33:21.0593 3660 udfs - ok
15:33:21.0624 3660 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:33:21.0624 3660 UI0Detect - ok
15:33:21.0655 3660 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:33:21.0671 3660 uliagpkx - ok
15:33:21.0702 3660 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:33:21.0718 3660 umbus - ok
15:33:21.0718 3660 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:33:21.0733 3660 UmPass - ok
15:33:21.0749 3660 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:33:21.0780 3660 UmRdpService - ok
15:33:21.0796 3660 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:33:21.0827 3660 upnphost - ok
15:33:21.0889 3660 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
15:33:21.0936 3660 UPnPService ( UnsignedFile.Multi.Generic ) - warning
15:33:21.0936 3660 UPnPService - detected UnsignedFile.Multi.Generic (1)
15:33:21.0952 3660 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:33:21.0967 3660 usbaudio - ok
15:33:21.0983 3660 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
15:33:22.0014 3660 usbccgp - ok
15:33:22.0030 3660 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:33:22.0045 3660 usbcir - ok
15:33:22.0061 3660 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:33:22.0092 3660 usbehci - ok
15:33:22.0139 3660 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:33:22.0154 3660 usbhub - ok
15:33:22.0170 3660 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:33:22.0201 3660 usbohci - ok
15:33:22.0232 3660 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:33:22.0248 3660 usbprint - ok
15:33:22.0264 3660 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
15:33:22.0295 3660 USBSTOR - ok
15:33:22.0310 3660 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:33:22.0326 3660 usbuhci - ok
15:33:22.0342 3660 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:33:22.0373 3660 UxSms - ok
15:33:22.0388 3660 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:33:22.0388 3660 VaultSvc - ok
15:33:22.0404 3660 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:33:22.0404 3660 vdrvroot - ok
15:33:22.0435 3660 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:33:22.0482 3660 vds - ok
15:33:22.0498 3660 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:33:22.0513 3660 vga - ok
15:33:22.0529 3660 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:33:22.0560 3660 VgaSave - ok
15:33:22.0622 3660 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:33:22.0654 3660 vhdmp - ok
15:33:22.0685 3660 [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
15:33:22.0732 3660 VIAHdAudAddService - ok
15:33:22.0747 3660 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:33:22.0763 3660 viaide - ok
15:33:22.0794 3660 [ D0F2587ACA932D5C1BC0F949CB76EBB1 ] viamrx64 C:\Windows\system32\DRIVERS\viamrx64.sys
15:33:22.0825 3660 viamrx64 - ok
15:33:22.0856 3660 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:33:22.0872 3660 vmbus - ok
15:33:22.0888 3660 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:33:22.0903 3660 VMBusHID - ok
15:33:22.0919 3660 [ 754C8BF43F0DD4B54865F174A62761E9 ] VMfilt C:\Windows\system32\drivers\VMfilt64.sys
15:33:22.0934 3660 VMfilt - ok
15:33:22.0966 3660 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:33:22.0966 3660 volmgr - ok
15:33:22.0997 3660 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:33:23.0012 3660 volmgrx - ok
15:33:23.0044 3660 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:33:23.0059 3660 volsnap - ok
15:33:23.0106 3660 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
15:33:23.0122 3660 vpcbus - ok
15:33:23.0153 3660 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:33:23.0168 3660 vpcnfltr - ok
15:33:23.0200 3660 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
15:33:23.0231 3660 vpcusb - ok
15:33:23.0246 3660 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
15:33:23.0262 3660 vpcvmm - ok
15:33:23.0293 3660 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:33:23.0293 3660 vsmraid - ok
15:33:23.0340 3660 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:33:23.0371 3660 VSS - ok
15:33:23.0387 3660 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:33:23.0402 3660 vwifibus - ok
15:33:23.0434 3660 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:33:23.0465 3660 W32Time - ok
15:33:23.0465 3660 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:33:23.0496 3660 WacomPen - ok
15:33:23.0527 3660 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:33:23.0558 3660 WANARP - ok
15:33:23.0558 3660 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:33:23.0590 3660 Wanarpv6 - ok
15:33:23.0621 3660 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:33:23.0761 3660 WatAdminSvc - ok
15:33:23.0777 3660 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:33:23.0808 3660 wbengine - ok
15:33:23.0824 3660 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:33:23.0839 3660 WbioSrvc - ok
15:33:23.0933 3660 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:33:23.0948 3660 wcncsvc - ok
15:33:23.0964 3660 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:33:23.0980 3660 WcsPlugInService - ok
15:33:23.0980 3660 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:33:23.0995 3660 Wd - ok
15:33:24.0026 3660 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:33:24.0042 3660 Wdf01000 - ok
15:33:24.0073 3660 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:33:24.0151 3660 WdiServiceHost - ok
15:33:24.0151 3660 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:33:24.0167 3660 WdiSystemHost - ok
15:33:24.0182 3660 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:33:24.0214 3660 WebClient - ok
15:33:24.0229 3660 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:33:24.0260 3660 Wecsvc - ok
15:33:24.0276 3660 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:33:24.0307 3660 wercplsupport - ok
15:33:24.0338 3660 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:33:24.0370 3660 WerSvc - ok
15:33:24.0370 3660 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:33:24.0401 3660 WfpLwf - ok
15:33:24.0401 3660 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:33:24.0416 3660 WIMMount - ok
15:33:24.0432 3660 WinDefend - ok
15:33:24.0448 3660 WinHttpAutoProxySvc - ok
15:33:24.0557 3660 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:33:24.0588 3660 Winmgmt - ok
15:33:24.0775 3660 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:33:24.0806 3660 WinRM - ok
15:33:24.0900 3660 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:33:24.0916 3660 WinUsb - ok
15:33:24.0978 3660 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:33:25.0009 3660 Wlansvc - ok
15:33:25.0025 3660 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:33:25.0040 3660 WmiAcpi - ok
15:33:25.0056 3660 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:33:25.0072 3660 wmiApSrv - ok
15:33:25.0087 3660 WMPNetworkSvc - ok
15:33:25.0103 3660 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:33:25.0118 3660 WPCSvc - ok
15:33:25.0134 3660 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:33:25.0150 3660 WPDBusEnum - ok
15:33:25.0165 3660 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:33:25.0196 3660 ws2ifsl - ok
15:33:25.0196 3660 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:33:25.0228 3660 wscsvc - ok
15:33:25.0243 3660 WSearch - ok
15:33:25.0290 3660 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:33:25.0321 3660 wuauserv - ok
15:33:25.0337 3660 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:33:25.0368 3660 WudfPf - ok
15:33:25.0399 3660 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:33:25.0415 3660 WUDFRd - ok
15:33:25.0446 3660 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:33:25.0462 3660 wudfsvc - ok
15:33:25.0477 3660 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:33:25.0508 3660 WwanSvc - ok
15:33:25.0540 3660 [ B2818BFAB7817F7E7EE886F58B15B35C ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:33:25.0555 3660 yukonw7 - ok
15:33:25.0586 3660 ================ Scan global ===============================
15:33:25.0602 3660 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:33:25.0618 3660 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:33:25.0633 3660 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:33:25.0649 3660 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:33:25.0664 3660 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:33:25.0664 3660 [Global] - ok
15:33:25.0664 3660 ================ Scan MBR ==================================
15:33:25.0680 3660 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:33:26.0351 3660 \Device\Harddisk0\DR0 - ok
15:33:26.0351 3660 ================ Scan VBR ==================================
15:33:26.0351 3660 [ E7E89D2A50F1F6ACEF18A87BC4F577C1 ] \Device\Harddisk0\DR0\Partition1
15:33:26.0351 3660 \Device\Harddisk0\DR0\Partition1 - ok
15:33:26.0366 3660 [ CDEF80CB8B38FF13989F4CC5932A1E86 ] \Device\Harddisk0\DR0\Partition2
15:33:26.0413 3660 \Device\Harddisk0\DR0\Partition2 - ok
15:33:26.0413 3660 [ A74E2E55B2E1FF25D7C64C607F0E0293 ] \Device\Harddisk0\DR0\Partition3
15:33:26.0413 3660 \Device\Harddisk0\DR0\Partition3 - ok
15:33:26.0429 3660 [ 889EFDC2C5C4EC00FAB7426E45AEB593 ] \Device\Harddisk0\DR0\Partition4
15:33:26.0429 3660 \Device\Harddisk0\DR0\Partition4 - ok
15:33:26.0429 3660 [ A73D637513E9652EE921D1CBABF61E97 ] \Device\Harddisk0\DR0\Partition5
15:33:26.0429 3660 \Device\Harddisk0\DR0\Partition5 - ok
15:33:26.0444 3660 [ 2886C362BCE53B3032060B4A1E20080C ] \Device\Harddisk0\DR0\Partition6
15:33:26.0444 3660 \Device\Harddisk0\DR0\Partition6 - ok
15:33:26.0460 3660 [ D3826172DB18351CCBB772558FA916EB ] \Device\Harddisk0\DR0\Partition7
15:33:26.0460 3660 \Device\Harddisk0\DR0\Partition7 - ok
15:33:26.0476 3660 [ 0DDA0434830F25233731320D7881BBF5 ] \Device\Harddisk0\DR0\Partition8
15:33:26.0491 3660 \Device\Harddisk0\DR0\Partition8 - ok
15:33:26.0507 3660 [ 18D225BCF9B8981F8772B3CF4636C0D0 ] \Device\Harddisk0\DR0\Partition9
15:33:26.0507 3660 \Device\Harddisk0\DR0\Partition9 - ok
15:33:26.0522 3660 [ 203E3BD0E80F61B823628712BB96E955 ] \Device\Harddisk0\DR0\Partition10
15:33:26.0522 3660 \Device\Harddisk0\DR0\Partition10 - ok
15:33:26.0538 3660 [ CECEE868FC7B0AF211A82434B434257B ] \Device\Harddisk0\DR0\Partition11
15:33:26.0538 3660 \Device\Harddisk0\DR0\Partition11 - ok
15:33:26.0554 3660 [ FF873654AE1D8561DACE605029443F49 ] \Device\Harddisk0\DR0\Partition12
15:33:26.0585 3660 \Device\Harddisk0\DR0\Partition12 - ok
15:33:26.0616 3660 [ DD10F9B4FB7D7616EC5DE627B92AB2A0 ] \Device\Harddisk0\DR0\Partition13
15:33:26.0632 3660 \Device\Harddisk0\DR0\Partition13 - ok
15:33:26.0632 3660 ============================================================
15:33:26.0632 3660 Scan finished
15:33:26.0632 3660 ============================================================
15:33:26.0632 1192 Detected object count: 9
15:33:26.0632 1192 Actual detected object count: 9
15:33:45.0554 1192 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:45.0554 1192 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:45.0554 1192 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:45.0554 1192 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:45.0554 1192 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:45.0554 1192 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:45.0554 1192 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:45.0554 1192 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:45.0554 1192 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:45.0554 1192 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:45.0554 1192 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:45.0554 1192 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:45.0554 1192 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:45.0554 1192 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:45.0554 1192 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:45.0554 1192 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:45.0570 1192 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:45.0570 1192 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 20.12.2012, 15:16   #10
markusg
/// Malware-holic
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



Hi,
lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.12.2012, 19:41   #11
jorgaeff
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



Den Menü-Punkt "Extras" finde ich nicht, aber unter Tools > Uninstall stehen alle installierten Programme:

1.36 Freshworx GmbH & Co.KG 05.04.2011 NOTWENDIG
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.12.2012 6,00 MB 11.5.502.135 NOTWENDIG
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.12.2012 6,00 MB 11.5.502.135 NOTWENDIG
Adobe Photoshop 6.0 Adobe Systems, Inc. 24.11.2011 6.0 NOTWENDIG
Adobe Reader 9.5.2 - Deutsch Adobe Systems Incorporated 17.08.2012 148 MB 9.5.2 NOTWENDIG
Adobe SVG Viewer Adobe Systems, Inc. 24.11.2011 1.0 UNBEKANNT
Airline Tycoon - Deluxe Spellbound Entertainment AG 19.10.2011 NOTWENDIG
Ant Renamer Ant Software 27.08.2010 2.10.0 NOTWENDIG
Audacity 1.2.6 17.04.2011 NOTWENDIG
AVG 2013 AVG Technologies 20.12.2012 2013.0.2805 NOTWENDIG
AVM FRITZ!WLAN AVM Berlin 04.08.2010 NOTWENDIG
BayWotch v4.2.4 Elmar Denkmann 11.02.2011 17,7 MB NOTWENDIG
Canon Easy-WebPrint EX 22.12.2010 NOTWENDIG
Canon IJ Network Scan Utility 22.12.2010 NOTWENDIG
Canon IJ Network Tool 22.12.2010 NOTWENDIG
Canon Inkjet Printer Driver Add-On Module 06.08.2010 NOTWENDIG
Canon Kurzwahlprogramm 22.12.2010 UNBEKANNT
Canon MP Navigator EX 3.1 22.12.2010 UNBEKANNT
Canon MX870 series Benutzerregistrierung 22.12.2010 NOTWENDIG
Canon MX870 series MP Drivers 22.12.2010 NOTWENDIG
Canon Utilities My Printer 22.12.2010 UNNÖTIG
Canon Utilities Solution Menu 22.12.2010 UNNÖTIG
CCleaner Piriform 25.11.2012 3.25 NOTWENDIG
Command & Conquer 3 Ihr Firmenname 22.09.2010 13,1 GB 1.00.0000 NOTWENDIG
Der Herr der Ringe Online v03.03.05.8039 Turbine, Inc. 09.10.2011 03.03.05.8039 NOTWENDIG
DHTML Editing Component Microsoft Corporation 06.08.2010 554 KB 6.02.0001 UNBEKANNT
Download Updater (AOL LLC) 17.09.2011 UNBEKANNT
Drakensang dtp 01.01.2012 NOTWENDIG
Drakensang Online 22.07.2012 NOTWENDIG
DVBT Lestina 21.01.2011 v1.0.0 UNNÖTIG
DVBT Driver 21.01.2011 572 KB 1.1.3.1 UNNÖTIG
EA Download Manager Electronic Arts, Inc. 09.08.2012 5.1.0.4 NOTWENDIG
EPU 29.08.2010 1.02.20 UNBEKANNT
FileZilla Client 3.3.3 04.08.2010 3.3.3 NOTWENDIG
Firebird SQL Server - MAGIX Edition MAGIX AG 03.02.2011 2.0.1.13 UNNÖTIG
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 02.04.2011 10,6 MB NOTWENDIG
Free YouTube to MP3 Converter version 3.11.31.916 DVDVideoSoft Ltd. 17.09.2012 60,8 MB 3.11.31.916 NOTWENDIG
FUSSBALL MANAGER 10 Electronic Arts 09.08.2012 2.0.0.7 NOTWENDIG
Futuremark SystemInfo Futuremark Corporation 11.08.2010 3.21.2.1 UNBEKANNT
Java 7 Update 9 Oracle 20.09.2012 128 MB 7.0.90 NOTWENDIG
JavaFX 2.1.1 Oracle Corporation 22.07.2012 20,8 MB 2.1.1 NOTWENDIG
JMicron JMB36X Driver JMicron Technology Corp. 30.08.2010 1.00.0000 NOTWENDIG
Logitech SetPoint Logitech 30.08.2010 17,0 KB 4.80 NOTWENDIG
MAGIX Goya burnR 1.3.1.3 (D) MAGIX AG 03.02.2011 1.3.1.3 UNNÖTIG
MAGIX Music Maker 15 Premium 15.0.1.8 (D) MAGIX AG 03.02.2011 15.0.1.8 NOTWENDIG
MAGIX Screenshare 4.3.6.1987 (D) MAGIX AG 03.02.2011 4.3.6.1987 UNNÖTIG
MainConceptDemoCodecs Kummert GmbH 08.08.2011 3,96 MB 1.00.0000 UNBEKANNT
Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 19.12.2012 19,4 MB 1.65.1.1000 NOTWENDIG
Microsoft .NET Framework 1.1 09.10.2011 NOTWENDIG
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.09.2010 38,8 MB 4.0.30319 NOTWENDIG
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.09.2010 2,93 MB 4.0.30319 NOTWENDIG
Microsoft IntelliPoint 8.2 Microsoft Corporation 09.02.2012 8.20.468.0 NOTWENDIG
Microsoft Silverlight Microsoft Corporation 13.05.2012 60,4 MB 4.1.10329.0 UNBEKANNT
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 05.08.2010 1,72 MB 3.1.0000 UNBEKANNT
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 31.08.2010 260 KB 8.0.50727.4053 UNBEKANNT
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 25.01.2012 252 KB 8.0.50727.4053 UNBEKANNT
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300 KB 8.0.56336 UNBEKANNT
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 30.08.2010 708 KB 8.0.61000 UNBEKANNT
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 14.04.2011 580 KB 8.0.51011 UNBEKANNT
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 05.08.2010 212 KB 9.0.30729.4148 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 14.04.2011 790 KB 9.0.30729.5570 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 14.04.2011 598 KB 9.0.30729.5570 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 05.08.2010 2,52 MB 9.0.21022 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 25.09.2010 786 KB 9.0.30729 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 788 KB 9.0.30729.6161 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.11.2010 590 KB 9.0.30729.4148 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600 KB 9.0.30729.6161 UNBEKANNT
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.12.2012 16,5 MB 10.0.40219 UNBEKANNT
MiniTool Partition Wizard Home Edition 7.1 MiniTool Solution Ltd. 14.05.2012 24,2 MB NOTWENDIG
Mozilla Firefox 14.0.1 (x86 de) Mozilla 22.07.2012 36,8 MB 14.0.1 NOTWENDIG
Mozilla Maintenance Service Mozilla 22.07.2012 199 KB 14.0.1 UNBEKANNT
Mozilla Thunderbird (3.1.2) Mozilla 11.08.2010 3.1.2 (de) NOTWENDIG
Mozilla Thunderbird 17.0 (x86 de) Mozilla 22.11.2012 6,55 GB 17.0 NOTWENDIG
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 06.08.2010 1,27 MB 4.20.9870.0 UNBEKANNT
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 06.08.2010 1,33 MB 4.20.9876.0 UNBEKANNT
Mufin MusicFinder Base 1.5.3.255 (D) MAGIX AG 03.02.2011 1.5.3.255 UNNÖTIG
Musik & Audio Restaurator Pro 5.0 Softfeld 28.12.2010 5.0 NOTWENDIG
Namo WebEditor 8 Namo Interactive, Inc. 01.09.2010 8.00.000 NOTWENDIG
NEC Electronics USB 3.0 Host Controller Driver NEC Electronics Corporation 30.08.2010 993 KB 1.0.19.0 NOTWENDIG
Nero 7 Essentials Nero AG 06.08.2010 521 MB 7.02.7903 NOTWENDIG
NVIDIA Display Control Panel NVIDIA Corporation 05.08.2010 135 MB 6.14.12.5856 NOTWENDIG
NVIDIA Drivers NVIDIA Corporation 05.08.2010 65,1 MB 1.10.61.39 NOTWENDIG
NVIDIA PhysX NVIDIA Corporation 05.08.2010 80,0 MB 9.10.0223 NOTWENDIG
NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 05.08.2010 7.17.12.5812 NOTWENDIG
OpenOffice.org 3.2 OpenOffice.org 05.08.2010 356 MB 3.2.9502 NOTWENDIG
Opera 11.10 Opera Software ASA 27.04.2011 11.10.2092 NOTWENDIG
Pando Media Booster Pando Networks Inc. 09.10.2011 5,46 MB 2.3.6.0 UNBEKANNT
PowerDVD CyberLink Corporation 06.08.2010 7.0.2414.0 NOTWENDIG
QuarkXPress Passport 5.01 Quark Inc. 06.08.2010 104 MB 5.01.0000 NOTWENDIG
RedMon - Redirection Port Monitor 28.05.2011 UNBEKANNT
Sid Meier's Civilization 4 Firaxis Games 09.05.2011 1.00.0000 UNNÖTIG
SimCity 4 06.08.2010 NOTWENDIG
SiSoftware Sandra Lite 2012.SP5c SiSoftware 01.11.2012 97,1 MB 18.74.2012.10 NOTWENDIG
Sony Ericsson PC Companion 2.01.217 Sony Ericsson 25.08.2011 17,1 MB 2.01.217 NOTWENDIG
Sound Blaster X-Fi MB Creative Technology Limited 29.08.2010 1.0 NOTWENDIG
Spellforce 2 - Dragon Storm JoWooD Productions Software AG 28.02.2011 1.00.0000 NOTWENDIG
SpellForce 2 - Shadow Wars Ihr Firmenname 10.12.2010 3,29 GB 1.00.0000 NOTWENDIG
SpellForce 2 Update v1.02 10.12.2010 NOTWENDIG
Text-To-Speech-Runtime Magix Development GmbH 03.02.2011 260 KB 1.0.0.0 UNBEKANNT
The Movies(TM) Activision 10.11.2012 1,93 GB 1.1 NOTWENDIG
Turbo Lister 2 eBay Inc. 06.08.2010 77,1 MB 2.00.0000 NOTWENDIG
Uninstall 1.0.0.1 02.04.2011 10,9 MB UNBEKANNT
VIA Plattform-Geräte-Manager VIA Technologies, Inc. 30.08.2010 2,61 MB 1.34 UNBEKANNT
Visual C++ 8.0 Runtime Setup Package (x64) AVG Technologies CZ, s.r.o. 05.08.2010 2,23 MB 9.0.0.623 UNBEKANNT
Visual Studio 2008 x64 Redistributables AVG Technologies 11.11.2010 11,5 MB 10.0.0.2 UNBEKANNT
Visual Studio 2010 x64 Redistributables AVG Technologies 13.12.2012 12,4 MB 13.0.0.1 UNBEKANNT
VLC media player 1.1.4 VideoLAN 20.11.2010 1.1.4 NOTWENDIG
Vtune 7.10 05.08.2010 11,1 MB UNBEKANNT
Windows Live Anmelde-Assistent Microsoft Corporation 05.08.2010 1,93 MB 5.000.818.5 UNBEKANNT
Windows Live Essentials Microsoft Corporation 05.08.2010 14.0.8117.0416 UNBEKANNT
Windows Live Sync Microsoft Corporation 05.08.2010 2,79 MB 14.0.8117.416 UNBEKANNT
Windows Live-Uploadtool Microsoft Corporation 05.08.2010 224 KB 14.0.8014.1029 UNBEKANNT
Windows XP Mode Microsoft Corporation 10.08.2010 1,13 GB 1.3.7600.16422 UNBEKANNT
WinPcap 4.1.2 CACE Technologies 13.11.2012 4.1.0.2001 UNBEKANNT
WinRAR 4.11 (64-Bit) win.rar GmbH 13.05.2012 4.11.0 NOTWENDIG
Xfire (remove only) 10.12.2010 UNNÖTIG

Alt 21.12.2012, 13:11   #12
markusg
/// Malware-holic
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Download Updater
DVBT : beide
Firebird
Futuremark
Java : beide
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
MAGIX : die unnötigen

Mozilla Thunderbird : öffnen, hilfe, update, version 17 drauf.
das Selbe mit dem FF.

Deinstaliere:
Mufin

Opera : vollkommen veraltet.
Opera Webbrowser | Schneller & Sicherer | Kostenloser Download der neuen Internetbrowser
Version 12 drauf.

deinstaliere:
Sid
Text-To-Speech
Windows Live : alle von dir nicht Verwendeten

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2012, 15:40   #13
jorgaeff
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



# AdwCleaner v2.101 - Datei am 21/12/2012 um 16:39:02 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Florian - HOSCHIMEDES
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Florian_2\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\searchplugins\aol-web-search.xml
Datei Gefunden : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\searchplugins\SearchResults.xml
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\Anja\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Anja\AppData\LocalLow\facemoods.com
Ordner Gefunden : C:\Users\Anja\AppData\LocalLow\searchquband
Ordner Gefunden : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gefunden : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\Searchqutoolbar
Ordner Gefunden : C:\Users\Florian\AppData\LocalLow\facemoods.com
Ordner Gefunden : C:\Users\Florian\AppData\LocalLow\searchquband
Ordner Gefunden : C:\Users\Florian\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\Searchqutoolbar
Ordner Gefunden : C:\Users\Florian_2\AppData\LocalLow\facemoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKLM\Software\Bandoo
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gefunden : HKU\S-1-5-21-1234284039-539375577-3249342001-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default
Datei : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\prefs.js

Gefunden : user_pref("aol_toolbar.surf.date", "25");
Gefunden : user_pref("aol_toolbar.surf.lastDate", "9");
Gefunden : user_pref("aol_toolbar.surf.lastMonth", "1");
Gefunden : user_pref("aol_toolbar.surf.lastYear", "2012");
Gefunden : user_pref("aol_toolbar.surf.month", "25");
Gefunden : user_pref("aol_toolbar.surf.prevMonth", "2");
Gefunden : user_pref("aol_toolbar.surf.total", "27");
Gefunden : user_pref("aol_toolbar.surf.week", "25");
Gefunden : user_pref("aol_toolbar.surf.year", "25");
Gefunden : user_pref("browser.search.defaultenginename", "AOL Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&i[...]
Gefunden : user_pref("browser.search.order.1", "Search Results");
Gefunden : user_pref("extensions.facemoods.aflt", "_#ddr");
Gefunden : user_pref("extensions.facemoods.firstRun", false);
Gefunden : user_pref("extensions.facemoods.lastActv", "18");
Gefunden : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocati[...]

Profilname : default
Datei : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default
Datei : C:\Users\Florian_2\AppData\Roaming\Mozilla\Firefox\Profiles\yzc1e76t.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [8243 octets] - [21/12/2012 16:39:02]

########## EOF - \AdwCleaner[R1].txt - [8303 octets] ##########

Alt 21.12.2012, 15:41   #14
markusg
/// Malware-holic
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



Hi,

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige
    jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die
    Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Starte dann neu, teste, wie der PC läuft + Programme, wie Browser (firefox, Internet explorer) etc.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2012, 19:09   #15
jorgaeff
 
GVU Trojaner / Trojan.Ransom.SUGen - Standard

GVU Trojaner / Trojan.Ransom.SUGen



# AdwCleaner v2.101 - Datei am 21/12/2012 um 20:03:24 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Florian - HOSCHIMEDES
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Florian_2\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\searchplugins\aol-web-search.xml
Datei Gelöscht : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\searchplugins\SearchResults.xml
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Anja\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Anja\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Anja\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\Florian\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Florian\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Florian\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\Florian_2\AppData\LocalLow\facemoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default
Datei : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\prefs.js

Gelöscht : user_pref("aol_toolbar.surf.date", "25");
Gelöscht : user_pref("aol_toolbar.surf.lastDate", "9");
Gelöscht : user_pref("aol_toolbar.surf.lastMonth", "1");
Gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012");
Gelöscht : user_pref("aol_toolbar.surf.month", "25");
Gelöscht : user_pref("aol_toolbar.surf.prevMonth", "2");
Gelöscht : user_pref("aol_toolbar.surf.total", "27");
Gelöscht : user_pref("aol_toolbar.surf.week", "25");
Gelöscht : user_pref("aol_toolbar.surf.year", "25");
Gelöscht : user_pref("browser.search.defaultenginename", "AOL Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&i[...]
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddr");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "18");
Gelöscht : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocati[...]

Profilname : default
Datei : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default
Datei : C:\Users\Florian_2\AppData\Roaming\Mozilla\Firefox\Profiles\yzc1e76t.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [8348 octets] - [21/12/2012 16:39:02]
AdwCleaner[S1].txt - [8144 octets] - [21/12/2012 20:03:24]

########## EOF - \AdwCleaner[S1].txt - [8204 octets] ##########

War jetzt ein wenig im Internet unterwegs und hab auch ein paar Programme gestartet. Läuft alles sehr gut; ich bilde mir ein dass der Rechner teilweise sogar ein wenig schneller ist.

Anderes Thema: Kannst du mir einen guten Werbe- bzw. Popup-Blocker empfehlen? Ich suche speziell etwas gegen Werbung, die beim wegklicken ein neues Fenster öffnet. Ich meine dass ich mir den Trojaner von so einem sich neu öffnenden Fenster eingefangen habe.

Antwort

Themen zu GVU Trojaner / Trojan.Ransom.SUGen
ad-aware, audacity, bho, converter, error, fehler, firefox, flash player, iexplore.exe, install.exe, kaspersky, langsam, logfile, mozilla, mp3, pando media booster, programm, registry, richtlinie, runctf.lnk, safer networking, scan, security, software, starten, svchost.exe, trojaner, usb, usb 3.0, visual studio, windows, windows xp



Ähnliche Themen: GVU Trojaner / Trojan.Ransom.SUGen


  1. Trojan.Ransom.SUGen/PUM.Hijack.StartMenu/und Trojan Ransom
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (2)
  2. Mehrere Trojaner im Temp Ordner (Trojan.Citadel.IE, Trojan.Ransom.CT, Trojan.Zlob)
    Log-Analyse und Auswertung - 14.04.2013 (7)
  3. Malwarebytes hat Trojan.Ransom.SUGen gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (22)
  4. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  5. GVU Trojaner-Problem!(Exploit.Drop.GS;Exploit.drop.GSA;trojan.ransom.SUGen;--->Malwarebytes-Funde)
    Plagegeister aller Art und deren Bekämpfung - 02.03.2013 (6)
  6. Polizeitrojaner ...Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen)
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (11)
  7. GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes
    Log-Analyse und Auswertung - 01.03.2013 (19)
  8. GVU Trojaner, trojan.ransom.aix
    Log-Analyse und Auswertung - 19.02.2013 (11)
  9. AVG Rescue cd-Trojan.Ransom.SUGen gelöscht-Desktop bleibt schwarz-nur mit Taskmanager zugänglich
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (31)
  10. Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (18)
  11. Bundespolizei-Trojaner, Trojan.Ransom.SUGen und Exploit.Drop.GS
    Log-Analyse und Auswertung - 07.01.2013 (10)
  12. Polizei Österreich Trojaner (Trojan.Reveton und Trojan.Ransom)
    Log-Analyse und Auswertung - 22.12.2012 (13)
  13. Trojan.Ransom.SUGen
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (7)
  14. Trojan.Downloader, Riskware.tool.ck, exploit.drop.gs & Trojan.Ransom.SUGen in different locations!
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (1)
  15. 2 Funde Trojan.Ransom.SUGen Trojan.Ransom
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (15)
  16. GVU-Trojaner: Trojan.Ransom.Gen
    Log-Analyse und Auswertung - 01.10.2012 (9)
  17. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)

Zum Thema GVU Trojaner / Trojan.Ransom.SUGen - Habe mir diesen Trojaner eingefangen und weiß langsam nicht mehr was ich noch machen kann um den zu entfernen. Sobald die Internet-Verbindung aufgebaut ist, "bittet" mich die "GVU" doch mal - GVU Trojaner / Trojan.Ransom.SUGen...
Archiv
Du betrachtest: GVU Trojaner / Trojan.Ransom.SUGen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.